Web Service Adapter / wsa / deploy problem

[polar_action]

Hi Progress Talkers,

I recently managed to follow through John Sadd's excellent video tutorials on PSDN for Rich Internet Applications.



One thing that threw me off track however was a problem in OE Explorer where my Web Service Adapter (wsa) was not started and therefore I couldn't deploy any Web services.



To fix it I searched around here on ProgressTalk and sussed it was maybe a security problem... and this jogged my memory of a web service crash course I once attended.



When we install Tomcat there is an OpenEdge batch file (OE_TC) we can run to setup all the files we need to get the Web Service Adapter up and running. This copies the $DLC\servlets\webbapps folder into the Tomcat working folder as our first web service.



Within the webapps\wsa\WEB-INF folder there is a configuration XML file called web.xml.



Around about line 100 I added the lines...



<!-- Added as a fix -->
<security-role>
<role-name>PSCAdmin</role-name>
<role-name>PSCOper</role-name>
</security-role>



... stopped and restarted Tomcat and the Adminserver and hey presto. One running wsa.




My question is can anyone explain exactly what's going on here. Is it just a bug or are there other security issues here?

Many thanks,

Dave Walker

 

[RealHeavyDude]

The more generic answer:

You can implement security ( namely authentication ) almost on each layer of your architecture. Whether that does make sense in your case or not is not on me to decide. The point is, IMHO, you should be clear what kind of authentication is implemented where.

The more specific answer:
When you install OpenEdge right about the end of the installation process you get asked whether you want to enable group checking for the AdminServer. If you answer yes and security is enabled on the WSA ( which is enabled by default IIRC ), whatever JSE you use must authenticate itself ( running under an account ) against the WSA being part of one of that groups.

My advice always is to have the it running in the first place before you secure everything. That way it's easier to find out why something is not working.

Heavy Regards, RealHeavyDude.

 

[polar_action]

thanks for the reply RealHeavyDude.

For my testing I managed to remove the <security constraint> section and that now works, but I'll need to look into the security issues in detail.

Regards,
Dave

 

[sachin4gl]

hi really heavy dude |
i tried to check the authentication of my client |
i have done the following steps to do this
1) uncomment web service security constraint in web.xml located in wsa directory in apache tomcat

<security-constraint>
<web-resource-collection>
<web-resource-name>wsa1 WSDL Access</web-resource-name>
<url-pattern>/wsa1/wsdl/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

2) pass user name and password in connect string
like

http://serverip:8080/wsa/wsa1/wsdl?targetURI=urn:simple'
-WSDLUserid 'tomcat'
-WSDLPassword 'tomcat'
")

then it styart giving me some soap error

will you please suggest me whats going wrong .


regards,
Sachin Gaur