[jboss-user] [JBossWS] - WS-Security on POJO Endpoint

dhanushgopinath do-not-reply at jboss.com
Thu Feb 12 00:49:49 EST 2009 

Hi,

I am trying to implement WS-Security on a POJO Endpoint using JBOSS WS. I want to use the UserName token authentication. This is already a Jira Issue with 3.0.5 (https://jira.jboss.org/jira/browse/JBWS-1999) and since I saw the Jira Issue as resolved, I got the latest code from the site and built the Web Service stack and tried to implement it. I am implementing based on this

http://www.jboss.org/index.html?module=bb&op=viewtopic&t=131719&postdays=0&postorder=asc&start=0

But while deploying the Web Service the endpoint configuration is shown as Standard Endpoint in the logs . Shouldn't it be Standard WSSecurity Endpoint. Given below is the excerpt from log.



  | ServerEndpointMetaData:
  |  type=JAXWS
  |  qname={http://www.test.com/WF/Framework/AWFUtilityService}AWFUtilityServicePortTypePort
  |  id=jboss.ws:context=TestUtility,endpoint=AWFUtilityService
  |  address=http://127.0.0.1:8180/TestUtility/AWFUtilityService
  |  binding=http://schemas.xmlsoap.org/wsdl/soap/http
  |  linkName=AWFUtilityService
  |  implName=com.test.wf.framework.awfutilityservice.AWFUtilityServiceImpl
  |  seiName=com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType
  |  serviceMode=null
  |  portComponentName=null
  |  contextRoot=/TestUtility
  |  urlPattern=/AWFUtilityService
  |  configFile=META-INF/standard-jaxws-endpoint-config.xml
  |  configName=Standard Endpoint
  |  authMethod=null
  |  transportGuarantee=null
  |  secureWSDLAccess=false
  |  properties={}
  | 

Now I run the client and the SOAP Message is properly built using the wsse:security headers, but at the server side its throwing  a class cast exception

2009-02-11 20:12:52,153 DEBUG [org.jboss.ws.core.soap.MessageFactoryImpl] createMessage: [contentType=text/xml; charset=UTF-8]
  | 2009-02-11 20:12:52,247 DEBUG [org.jboss.ws.metadata.umdm.EndpointMetaData] Configure SOAPBinding
  | 2009-02-11 20:12:52,247 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
  | java.lang.ClassCastException: org.jboss.ws.core.soap.EnvelopeBuilderDOM
  | 	at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:278)
  | 	at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:193)
  | 	at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:455)
  | 	at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)
  | 	at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
  | 	at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
  | 	at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
  | 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  | 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
  | 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  | 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  | 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  | 	

Here is my Web Service and the server side config files.


  | @WebService(name="AWFUtilityServicePortType", serviceName = "AWFUtilityService", targetNamespace = "http://www.test.com/WF/Framework/AWFUtilityService", 
  | 		endpointInterface = "com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType"
  | 		)
  | @EndpointConfig(configFile="META-INF/standard-jaxws-endpoint-config.xml", configName = "Standard WSSecurity Endpoint")
  | 
  | public class AWFUtilityServiceImpl implements AWFUtilityServicePortType {
  | 
  | 	public String getCorrelationID(String CorrelationID)
  | 			throws GetCorrelationIDFault 
  | 	{
  | 		String strCorrValue = Calendar.getInstance().getTime().toString();
  | 		return CorrelationID + "_" + strCorrValue;
  | 	}
  | 
  | }
  | 

Server config file jboss-wsse-server.xml
<?xml version="1.0" encoding="UTF-8"?>
  | 
  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
  | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  | 	xsi:schemaLocation="http://www.jboss.com/ws-security/config
  |                    http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  | 
  | 	<config>
  | 		<authorize>
  | 			<unchecked />
  | 		</authorize>
  | 	</config>
  | 
  | 	<port name="AWFUtilityServicePort">
  | 		<operation
  | 			name="{http://www.test.com/WF/Framework/AWFUtilityService}getCorrelationID">
  | 			<config>
  | 				<authorize>
  | 					<unchecked />
  | 				</authorize>
  | 			</config>
  | 		</operation>
  | 	</port>
  | </jboss-ws-security>
  | 

jboss-web.xml 

<?xml version="1.0" encoding="UTF-8"?>
  | <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
  | 
  | 
  | <jboss-web>
  | 
  | 	<security-domain>java:/jaas/JBossWS</security-domain>
  | 	<context-root>/TestUtility</context-root>
  | 
  | </jboss-web>
  | 

Please help why this service is not getting deployed as a WS Security Endpoint. Do I need to enable it some where ? Or is it that the latest code doesn't contain the fix?

Thanks in Advance.
Dhanush

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4209342#4209342

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4209342

More information about the jboss-user mailing list