I have trouble with implementing the authorization of a JAX-WS Web Service. I'm developing a Swing application that can be connected to a Java EE application via a JAX-WS web service. Users can log in to the server with the Swing application, and can download user specific data from the server. It is important that a logged user couldn't download data that belongs to other users.
My problem is that jaxwsContext.getUserPrincipal().getName()
returns with "ANONYMOUS". I read similar questions on this portal, but unfortunately it didn't help.
Actually I have this:
server side:
@Stateless
@TransactionManagement(TransactionManagementType.CONTAINER)
@SOAPBinding(style = SOAPBinding.Style.RPC)
@WebService
public class SampleWSEJB extends AbstractSampleEJB implements ISampleWSLocal, ISampleWSRemote {
@Resource
private WebServiceContext jaxwsContext;
public String getUsername() {
return username = jaxwsContext.getUserPrincipal().getName();
}
@Override
@WebMethod
public UserDataVO logInUser() {
return SampleServerServices.getInstance().logInUser(getEm(), this.getUsername());
}
...
...
}
Client side:
Some classes I generated with the wsimport tool (ImportedSampleWSEJB, UserDataVO etc...)
relevant client code:
private static ImportedSampleWSEJB importedEJB;
public UserDataVO logInUser(String username, String password) {
Map<String, Object> requestContext = ((BindingProvider)ImportedSampleWSEJB.importedEJB).getRequestContext();
requestContext.put(BindingProvider.USERNAME_PROPERTY, username);
requestContext.put(BindingProvider.PASSWORD_PROPERTY, password);
return importedEJB.logInUser();
}
I use "file" as security realm, and I created some test user in glassfish 3.1.
Anybody any idea how to fix it?