401 unauthorized error thrown when accessing resteasy service methods in Jboss Wildfly

1
votes

i'm trying to expose some REST web services through Resteasy and secure them. But when accessing the methods i'm constantly getting 401 error. Please help me to fix this issue.

My configuration is given below.

web.xml 

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">


    <context-param>
        <param-name>resteasy.scan</param-name>
        <param-value>true</param-value>
    </context-param>

    <context-param>
        <param-name>resteasy.role.based.security</param-name>
        <param-value>true</param-value>
    </context-param>

    <!-- this need same with resteasy servlet url-pattern -->
    <context-param>
        <param-name>resteasy.servlet.mapping.prefix</param-name>
        <param-value>/api/v1/</param-value>
    </context-param>

    <listener>
        <listener-class>
            org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
        </listener-class>
    </listener>

    <servlet>
        <servlet-name>resteasy-servlet</servlet-name>
        <servlet-class>
            org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
        </servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>resteasy-servlet</servlet-name>
        <url-pattern>/api/v1/*</url-pattern>
    </servlet-mapping>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>resteasy-servlet</web-resource-name>
            <url-pattern>/api/v1/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>JBossRS</realm-name>
    </login-config>

    <security-role>
        <role-name>admin</role-name>
    </security-role>


    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
</web-app>

in my web service method, 

@Path("/services")
public class TestService {

    @RolesAllowed("admin")
    @GET
    @Path("/testService")
    public Response testResponse(){
        String stg = "Hello";
        return Response.status(200).entity(stg).build();
    }

}

In Jboss widlfly standalone.xml i've added the security domain, 

<security-domain name="JBossRS">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/jbossrs-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/jbossrs-roles.properties"/>
                        </login-module>
                    </authentication>
                </security-domain>

In jbossrs-roles.properties, 

admin=admin

In jbossrs-users.properties, 

admin=test123

when trying to access the REST method i'm prompted for my username and password. when i use admin and test123 as credentials it keeps giving me 401 error.

And when i'm trying access them without security it works fine as well.

what am i doing wrong here.

Thanks in advance.

1
javajboss7.xresteasy

1 Answers

0
votes

I found the issue. It was not specifying the security realm in jboss-web.xml.

created jboss-web.xml under WEB-INF and added the following configuration. 

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>JBossRS</security-domain>
</jboss-web>