Posted by: peteinman | December 8, 2009

WebLogic 8.1 Web Service Migration

Whilst in the process of migrating our application from WebLogic 8.1 to 11g, I hit a problem with web service authentication.

We have two web services running which are generated by using servicegen up against a pojo.

Security for the web service is defined in the web.xml deployment descriptors as follows

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
   <security-constraint>
      <web-resource-collection>
      <web-resource-name>MyWebService</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>         
         <role-name>BasicTestUser</role-name>
      </auth-constraint>
   </security-constraint>
   
   <security-role>
      <description>Test User</description>
      <role-name>BasicTestUser</role-name>
   </security-role>
</web-app>

 

That’s all you need – allegedly for it to work on WLS 8.1, and this works for us quite nicely.

When I migrated this application to WLS 11g, Oracle state that everything should function in 11g as it does in 8.1, but we had a huge problem with authorisation and were getting a 403 – Forbidden error as below.

javax.xml.rpc.JAXRPCException: weblogic.webservice.util.AccessException: The server at http://127.0.0.1:7001/MyWebService/MyWebService returned a 403 error code (Forbidden). Please ensure that your URL is correct and that the correct protocol is in use..

After lots of investigation using security debug flags, removing some of my web service code in case my JMX code was causing it to fail, I found that I needed to add another entry into weblogic.xml as well as web.xml.

Now, this is documented and shouldn’t be a surprise, but as it was working quite happily in WLS 8.1 and have no compatibility errors when deploying on 11g, I didn’t expect it.

I had to make my weblogic.xml like this and map the role into an actual principal.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd">
<weblogic-web-app>
    <security-role-assignment>
        <role-name>BasicTestUser</role-name>
        <principal-name>TestUser</principal-name>
    </security-role-assignment>
</weblogic-web-app>

Sorted.

Advertisements

Responses

  1. Hello, I am getting Soap Fault Exception when i WS processed… and getter 403 error code..
    My application is running in WL8.1

    what is the solution for it ?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: