1. 技术文章
  2. How to set up WebLogic 10.3.3. security for JAX_WS web services?

How to set up WebLogic 10.3.3. security for JAX_WS web services?

余生长醉 提交于 2019-12-21 06:46:35

问题


I have quite simple task to accomplish - I have to set up the security for web services ( basic authentication with hardcoded in WLES user id and password). I set the web.xml (see code fragment below) but I have tough time configuring WebLogic. I added IdentityAssertionAuthenticator Authentication Provider, set it as Required, modified DefaultAuthenticator as Optional and I went to deployed application's security and set the role to "thisIsUser" and at some point it worked, but not anymore (I redeployed war file and set web service security the same way but no avail.) I'd greatly appreciate for all your help. web.xml

    <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="PC3-WS" version="2.5">
    <display-name>PC3-WS</display-name>
     <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
    <security-constraint>
        <display-name>SecurityConstraint</display-name>
        <web-resource-collection>
             <web-resource-name>PC3-WS</web-resource-name>
            <url-pattern>/PC3-WS</url-pattern>

        </web-resource-collection>

        <auth-constraint>
            <role-name>basicGroup</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>

    </security-constraint>

    <security-role>
        <role-name>basicGroup</role-name>
    </security-role>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myrealm</realm-name>
    </login-config>
</web-app>

weblogic.xml:

    <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="PC3-WS" version="2.5">
    <display-name>PC3-WS</display-name>
     <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
    <security-constraint>
        <display-name>SecurityConstraint</display-name>
        <web-resource-collection>
             <web-resource-name>PC3-WS</web-resource-name>
            <url-pattern>/PC3-WS</url-pattern>

        </web-resource-collection>

        <auth-constraint>
            <role-name>basicGroup</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>

    </security-constraint>

    <security-role>
        <role-name>basicGroup</role-name>
    </security-role>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myrealm</realm-name>
    </login-config>
</web-app>

The list of authenticators:

  • DefaultAuthenticator
  • DefaultIdentityAssert

Now I have exception:

WS spec-version:2.5], request: weblogic.servlet.internal.ServletRequestImpl@23e1aca[
GET /PC3-WS/MetadataService?WSDL HTTP/1.1
User-Agent: Java1.6.0_22
Accept: text/html, image/gif, image/jpeg, */*; q=.2
Connection: Keep-Alive

]] Root cause of ServletException.
java.lang.NullPointerException
    at weblogic.wsee.jaxws.JAXWSDeployedServlet.init(JAXWSDeployedServlet.java:45)
    at javax.servlet.GenericServlet.init(GenericServlet.java:241)
    at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    Truncated. see log file for complete stacktrace
> 
java.lang.RuntimeException: weblogic.testclient.WsdlParseFailedException: Unable to parse WSDl at: http://192.168.1.3:7001/PC3-WS/MetadataService?WSDL
    at weblogic.testclient.ConnectionState.createWsdl(ConnectionState.java:69)
    at Controller.refreshWsdl(Controller.java:641)
    at Controller.begin(Controller.java:451)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:879)
    at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
    at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
    at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
    at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
    at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
    at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
    at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
    at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3683)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: weblogic.testclient.WsdlParseFailedException: Unable to parse WSDl at: http://192.168.1.3:7001/PC3-WS/MetadataService?WSDL
    at weblogic.testclient.ConnectionState.createWsdlFromHttpUrl(ConnectionState.java:199)
    at weblogic.

testclient.ConnectionState.createWsdl(ConnectionState.java:60) ... 38 more


回答1:


  1. Can you provide the complete web.xml & weblogic.xml files?
  2. Why do you have to configure IdentityAssertionAuthenticator if you just doing BASIC authentication?
  3. Also can you provide what authenticator's you have in the Summary of Servers >myrealm >Providers (from console)

Finally you can enable the debugs to trace if authentication is getting trigged

On the console navigate to

Summary of Servers > %your_server% > Debug

expand weblogic > security and enable

  • DebugSecurity
  • atn > DebugSecurityAtn

Just ensure you have the logs in DEBUG mode. Test the app and have look at server log it should provide details on what's happening.




回答2:


This is the way to secure a Web Service with basic HTTP Auth, in WLES 10.3.3.

In WLES Admin Console go to Security Realm --> MyRealm and create:

New user: user/12345678 New group: basicGroup Add the user to the group

In web.xml add the security settings (path, basic type):

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="PC3-WS" version="2.5">
    <display-name>PC3-WS</display-name>
     <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
    <security-constraint>
        <display-name>SecurityConstraint</display-name>
        <web-resource-collection>
             <web-resource-name>PC3-WS</web-resource-name>
            <url-pattern>/PC3-WS</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>basicGroup</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <security-role>
        <role-name>Authenticated</role-name>
    </security-role>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myrealm</realm-name>
    </login-config>
</web-app>

In weblogic.xml map the application role with server role (it is mandatory):

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app
    xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.1/weblogic-web-app.xsd">
    <wls:weblogic-version>10.3.3</wls:weblogic-version>
    <wls:context-root>PC3-WS</wls:context-root>
    <wls:security-role-assignment>
        <wls:role-name>Authenticated</wls:role-name>
        <wls:principal-name>users</wls:principal-name>
    </wls:security-role-assignment>
</wls:weblogic-web-app>

Build and deploy application. Restart WLES. You can test with SoapUI, passing userId and password in lower section called "Authentication and Security-related settings" Go to File-->Preferences and in "HTTP Settings" check "Authenticate Preemptively" Now you can run your web services from soapUI.



来源:https://stackoverflow.com/questions/4621155/how-to-set-up-weblogic-10-3-3-security-for-jax-ws-web-services

标签
web-services
security
weblogic
weblogic-10.x
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!