This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes Web Service SOAP exception when security access denied. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Web Service SOAP exception when security access denied. " Watch "Web Service SOAP exception when security access denied. " New topic
Author

Web Service SOAP exception when security access denied.

Rob Kennedy
Greenhorn

Joined: Sep 29, 2008
Posts: 1
Hi,

I'm using CXF webservices generated from a WSDL with SOAP document style. Under normal conditions, the client and server work fine, and can I read info back from the the server (SOAP http messages passed between both)

However, for some servers, I am using SUNs Policy Agent, which checks for an authentication token in the http header cookie before allowing access to the web service. I set up the cxf service port as follow:

Service service = Service.create(serviceName);
service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, address);
servicePort = (IMyService)service.getPort(portName, IMyService.class);

I also add the authentication token to the http header cookie in the service's request context.
If the token is correct, everything works fine. However, if the token is incorrect, and access is denied, the policy agent does not return a SOAP http message. In this case, the web service method throws a low-level XMLStreamReader exception i.e. it can't read the SOAP message response - so I can't get the actual response from the policy agent.

Would anyone have an idea on this? Should I configure the CXF port differently, or should I try to get the policy agent to return a SOAP message even if access is denied.
Any help would be greatly appreciated!
Rob
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Web Service SOAP exception when security access denied.
 
Similar Threads
Using servlets outside of browsers
How to access byte array web method
Web service handler could not registered/called in client web service
Help regarding web service security
web service tokens