users@glassfish.java.net

jdbc realm with web service security not working

From: <glassfish_at_javadesktop.org>
Date: Fri, 21 Mar 2008 05:31:36 PST

Hello!

I have set up a jdbc realm and want to secure a web service, but for some reason the users cannot log in. Here are the steps I have done:

1. Created the jdbc realm in the fallowing way:
Users table: (users) id serial NOT NULL, name varchar(50), birthdate date, username varchar(50), "password" varchar(50),
Group table: (roles) id serial NOT NULL, rolename varchar(50), username varchar(50) with username foregin key to users.username. (forgive the confusion I made by naming the group table "roles")
In the jdbc realm configuration: User table: users; User name column: username; Password column: password; Group table: roles, Group Name Column: rolename, JNDI: jdbc/huddi (I have previosuly set up a JDBC resource with this name), JAAS Context: jdbcRealm (what is this for?), Digest Algorithm: SHA , Name: uddirealm

2. In sun-ejb-jar, mapped rolename "superuser" to groupname ("superuser"), <login-config><realm>uddirealm</realm></login-config> for the web service endpoint.

3. Set the @RolesAllowed({"superuser"}) for the method i am calling from the client.

4. When I save a user, I use the fallowing procedure to make a SHA from the password :http://blogs.sun.com/swchan/resource/CreateJDBCRealmUser.java
(not: I have changed the MD5 to SHA from the example above)

5. Configured security of the web service with NetBeans and of the client in the same way, and I do the fallowing to set the username and password:
            tester.UserPersonalSettingsService service = new tester.UserPersonalSettingsService();
            tester.UserPersonalSettings _port = service.getUserPersonalSettingsPort();
            
            ((BindingProvider)_port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "c1n3v@");
            ((BindingProvider)_port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "c1n3v@");

6. I get the WSS1408: UsernameToken Authentication Failed

Thanks for reading. Sorry if the code is not readable, I see this forum has no code formatter.
[Message sent by forum member 'powerhouse_b' (powerhouse_b)]

http://forums.java.net/jive/thread.jspa?messageID=265161