Hi,
I've created a J2EE 1.4 project with a JAX-RPC web service for a
customer who can only communicate with JAX-RPC. I need to secure it
with HTTPS/SSL, and basic authentication.
I've already got JAX-WS services secured with HTTP BASIC authentication
and SSL using information on this page:
http://www.ryandelaplante.com/rdelaplante/entry/ssl_and_http_basic_authentication
When I add the following to my web.xml then request the WSDL using
https, the soap:address at the bottom of WSDL says to use http://
instead of https:// What am I missing??
<security-constraint>
<display-name>SSL Constraint</display-name>
<web-resource-collection>
<web-resource-name>WSServlet_MyService</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>IJWAPPS</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>centralData</realm-name>
</login-config>
<security-role>
<role-name>IJWAPPS</role-name>
</security-role>
I left GET out because when securing JAX-WS services, the @WebServiceRef
would fail because it seems to try to get the real WSDL! Removing GET
solved the problem. When I put GET in with my JAX-RPC service then
try to access the WSDL with my browser and https, it asks me for a
username/password. Once I enter the correct information it tells me
HTTP 403 access denied! This is the same realm/username/password used
by my JAX-WS service, so it should work.
Thanks,
Ryan