[jboss-user] [JBoss Web Services] - Problem with securing web service with ws security ( username token )
Łukasz Marczuk
do-not-reply at jboss.com
Thu Sep 9 11:53:28 EDT 2010
Łukasz Marczuk [http://community.jboss.org/people/lmarczuk] created the discussion
"Problem with securing web service with ws security ( username token )"
To view the discussion, visit: http://community.jboss.org/message/560597#560597
--------------------------------------------------------------
Hello,
I'am trying to secure web service ( from ejb 3.0 stateless bean) and it is not working.
here is my code :
Bean :
@Stateless
@SOAPBinding(style=SOAPBinding.Style.RPC)
@SecurityDomain("JBossWS")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@WebService(name="Hello",targetNamespace = " http://test http://test",serviceName = "HelloWSSService")
public class HelloBean implements IHello {
@WebMethod
public String sayHello(String aName) {
return "siemanko " + aName;
}
}
// ... some imports
@Stateless
@SOAPBinding(style=SOAPBinding.Style.RPC)
@SecurityDomain("JBossWS")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
public class HelloBean implements IHello {
@WebMethod
public String sayHello(String aName) {
return "siemanko " + aName;
}
}
interface :
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
public interface IHello {
String sayHello( String name);
}
In my META-INF folder i put jboss-wsse-server.xml file :
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<timestamp ttl="300"/>
<requires/>
</config>
</jboss-ws-security>
Now i deploy my app on server and i test it from SoapUI.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test">
<soapenv:Header/>
<soapenv:Body>
<test:sayHello>
<arg0>?</arg0>
</test:sayHello>
</soapenv:Body>
</soapenv:Envelope>
And anser :
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header>
<wsse:Security env:mustUnderstand="1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="timestamp">
<wsu:Created>2010-09-06T11:41:38.621Z</wsu:Created>
<wsu:Expires>2010-09-06T11:46:38.621Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</env:Header>
<env:Body>
<test:sayHelloResponse xmlns:test="http://test">
<return>siemanko ?</return>
</test:sayHelloResponse>
</env:Body>
</env:Envelope>
Got any idea why i can't secure my web service like that? i tryid it on jboss 4.2.3 , 5.01, 5.1, and 6 actually i work on 5.0.1 with JBoss Web Services - Native Server 3.3.1.GA.
Mayby i'm skipping some step or jboss-wsse-server.xml is incorect ?
when i put to jboss-wsse-server.xml this :
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<username/>
<authenticate>
<usernameAuth/>
</authenticate>
</config>
</jboss-ws-security>
Also nothing happend and i'am albe to get response without puting principals in header.
JBossWS is good configured in login-config.xml
Please help.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/560597#560597]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100909/d1545d3d/attachment.html
More information about the jboss-user
mailing list