[JAX-WS] Basic Authnetication example (Glassfish) and the client

This example will demonstrate how to configure and use Container provided BASIC authentication for a JAX-WS web service. To note that this is the real 🙂 BASIC authentication.

There are 3 parts:

I. Configure Glassfish realms
II. Implement the actual web service class and configure the deployment descriptor
III. Test authentication from SoapUI
IV. Java Client

I. Configure Glassfish realms
In order to define the realms in Glassfish, it is necessary to do 2 things:
I.1. Enable Default Principal To Role Mapping
Go to the glassfish console: localhost:4848 And open:
Configurations->Server Config -> Security and set enabled for Default Principal To Role Mapping as shown in the picture


I.2. Define the file based realm user
Go to Security -> Realms -> file and click on Manage Users as shown in the picture

Then define your user name and password. And most importantly type into Group List the value USER. See picture


Now you have your user acv with password acv and who is in the Group USER.

II. Implement the actual web service class and configure the deployment descriptor
II.1. Create a new Dynamic web project in Eclipse and set Glassfish as the target runtime. Don’t forget to select create web.xml on the last step of the wizard

II.2. Create a new java class inside a package. Note the user of the @RolesAllowed annotation which should have the value of USER, the very one that you have just defined in the server configuration:

package com.vvirlan;
import javax.annotation.security.RolesAllowed;
import javax.jws.WebMethod;
import javax.jws.WebService;
public class Main {
	public String sayHello() {
		return "Hello";
	public String sayNothing() {
		return "";

II.3 Edit web.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
	id="WebApp_ID" version="3.1">

So what we do here. First we define a servlet and point it to our class: Main. Next we map this servlet called Main to a url pattern. From now on our web service will be available not at the usual MainService, but at the url /user. Now we define the security constraint and instruct the container to require authentication for GET and POST request for the path /user. Next we define the role name USER again and set auth-method to BASIC. Finally we again use the name USER to declare the security role.

III. Run the application and ideally you should be able to open it in the browser and see a BASIC authentication form requiring username and password. Type acv and acv and you should see the endpoint. Somewhere here:

To test in SoapUI:
III.1 Create a new SOAP project
III.2 Paste in the WSDL URL: http://localhost:8080/JaxWsBasicSecurity/user?wsdl
III.3 You will be required to type username and password put twice acv and acv (in 2 forms)
III.4 Now trying to run a request you need to define Auth as in the picture
Clicking on play should give you the response.

IV. Java Client
IV.1. The first step is of course wsimport. But you have authentication enabled so you need to do this: Create a file called myXauthFile.txt in tmp folder (anywhere you like). Set the content to:


IV.2 Run wsimport from the tmp folder:

C:\tmp\wsbasic>wsimport -keep -Xauthfile myXauthFile.txt http://localhost:8080/JaxWsBasicSecurity/user?wsdl

You should get the client artifacts.
IV.2 Copy your newly generated artifacts into eclipse in your client project
IV.3 Implement the Client class:

package com.vvirlan;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
public class TheClient {
	public static void main(String[] args) {
		TheClient cl = new TheClient();
	public void run() {
		Authenticator myAuth = new Authenticator() {
			protected PasswordAuthentication getPasswordAuthentication() {
				return new PasswordAuthentication("acv", "acv".toCharArray());
		MainService service = new MainService();
		Main port = service.getMainPort();
		// This would work, but you will get a 401 error on MainService service
		// = new MainService();
		// BindingProvider bp = (BindingProvider) port;
		// bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "acv");
		// bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "acv");
		String result = port.sayHello();

In case you get 403, try setting the server realms for both default-config and server-config. Also try to set the password again in glassfish. After this you need to restart the server and redeploy the app.


One thought on “[JAX-WS] Basic Authnetication example (Glassfish) and the client

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s