Topic
8 replies Latest Post - ‏2011-03-01T21:15:02Z by SystemAdmin
FlorianP.
FlorianP.
9 Posts
ACCEPTED ANSWER

Pinned topic SCA Web Service binding and authentication

‏2011-02-28T23:08:17Z |
RSA 8, WAS 7, SCA feature pack
I have an SCA component with a Java implementation and a web service binding.
1) I'd like to have clients to use basic authentication when calling the web service.
2) In my component implementation, I want to have access to the user id that was used during authentication.
I'm using the Web Services Explorer to test the web service.
I've been playing with the SCA intents and WAS policy sets, but I can't get it to work. Thanks for your help!
Updated on 2011-03-01T21:15:02Z at 2011-03-01T21:15:02Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    126 Posts
    ACCEPTED ANSWER

    Re: SCA Web Service binding and authentication

    ‏2011-03-01T01:15:18Z  in response to FlorianP.
    This might give you a lead

    http://www.ibm.com/developerworks/forums/thread.jspa?messageID=14586506&tstart=0#14586506
  • kvijai
    kvijai
    2 Posts
    ACCEPTED ANSWER

    Re: SCA Web Service binding and authentication

    ‏2011-03-01T16:07:06Z  in response to FlorianP.
    Hello,

    On the SCA service you will need to specify the authentication.transport intent in the composite file to require the service to perform basic auth.
    This article talks about configuring that intent:
    http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=twbs_sca_wsbind_tran_auth

    Then in the component implementation you can do something like this to get the username:

    import org.osoa.sca.annotations.Context;
    import org.osoa.sca.RequestContext;
    import javax.security.auth.Subject;
    import java.security.Principal;
    import java.util.Iterator;
    import com.ibm.websphere.security.cred.WSCredential;

    @Service(EchoService.class)
    public class EchoServiceWithIdentityComponentImpl implements EchoService
    {
    @Context
    protected RequestContext requestContext;

    public String echo_String(String input)
    {
    try {
    Subject subject = null;
    String securityName = null;

    if (requestContext != null) {
    subject = requestContext.getSecuritySubject();
    }

    if (subject != null) {
    java.util.Set principalSet = subject.getPrincipals();
    if (principalSet != null && principalSet.size() > 0) {
    Iterator principalIterator = principalSet.iterator();
    if (principalIterator.hasNext()) {
    Principal principal = (java.security.Principal) principalIterator.next();
    securityName = principal.getName();
    }
    }
    }
    . . .

    There is more info about this in the Infocenter article below. There is a small bug in the sample code on that page which is addressed in the code snippet above.
    http://publib.boulder.ibm.com/infocenter/wasinfo/fep/index.jsp?topic=/com.ibm.websphere.soafep.multiplatform.doc/info/ae/ae/tsec_authsoa_requestapi.html

    If you are just trying to authorize the user, you could also consider attaching a SCA policy set to the component.
    This article talks about authorization policy:
    http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=tsec_authsoa_policy

    Please make sure you have admin and application security enabled to get these functions to work.

    Hope this helps!
    Vijai
    • FlorianP.
      FlorianP.
      9 Posts
      ACCEPTED ANSWER

      Re: SCA Web Service binding and authentication

      ‏2011-03-01T19:24:08Z  in response to kvijai
      Thanks Vijai, that helped. I had selected the wrong intent on the service binding in RSA. Now I'm stuck a bit further, getting the following error when invoking the service:
      org.osoa.sca.ServiceRuntimeException: CWSOA1020E: This service is available on secure channels only.
      Any clue?
      • SystemAdmin
        SystemAdmin
        126 Posts
        ACCEPTED ANSWER

        Re: SCA Web Service binding and authentication

        ‏2011-03-01T19:29:48Z  in response to FlorianP.
        Hello Florian.

        Are you runnning against a secure channel, like https, or something like that? Or are you using an unsecured chanel, like http?

        "Software development has been, is, and will remain fundamentally hard"
        - Grady Booch
        • FlorianP.
          FlorianP.
          9 Posts
          ACCEPTED ANSWER

          Re: SCA Web Service binding and authentication

          ‏2011-03-01T19:31:33Z  in response to SystemAdmin
          I'm using http.
          • FlorianP.
            FlorianP.
            9 Posts
            ACCEPTED ANSWER

            Re: SCA Web Service binding and authentication

            ‏2011-03-01T20:49:50Z  in response to FlorianP.
            I got some more help from Victor and my problem is now solved.
            I updated the port SOAP address in my WSDL file to use https and the correct server port (9443 in my case).
            Thanks!
            • SystemAdmin
              SystemAdmin
              126 Posts
              ACCEPTED ANSWER

              Re: SCA Web Service binding and authentication

              ‏2011-03-01T21:15:02Z  in response to FlorianP.
              To complement Florian's comment:

              The exception org.osoa.sca.ServiceRuntimeException: CWSOA1020E: This service is available on secure channels only was thrown because the runtime needed a secure channel, https in this case. So, the solution is point the endpoint address of the WSDL file to https://<hostname>:<secure port> (in WAS the default port for https is 9443)

              "Software development has been, is, and will remain fundamentally hard"
              - Grady Booch
      • kvijai
        kvijai
        2 Posts
        ACCEPTED ANSWER

        Re: SCA Web Service binding and authentication

        ‏2011-03-01T19:46:31Z  in response to FlorianP.
        Would you be able to paste the service definition that you have in the composite file? Do you have any intents specified or policy sets attached on the service or reference side that would require the request to be made over https?

        Thanks.

        Vijai