[jbossws-users] [JBossWS] - Need help : JBossWS Security!
xinhua
do-not-reply at jboss.com
Wed Apr 30 05:13:58 EDT 2008
Hi all,
i want to use ssl and signature to protect my WS on Jboss4.2.2GA , ssl works perfectly but when i use client to send a request with signature, i always got an error. My codes, configurations and evn listed as followed:
JBoss4.2.2GA
jdk1.5
SSL keyStore&trustStore file: ksbws.keystore
Signature keyStore&trustStore file: ksbws_security.keystore
Server Side:
| @Stateless
| @SecurityDomain("JBossWS")
| @RolesAllowed("friend")
| @WebService(endpointInterface="de.xxx.xxx.KSBService")
| @WebContext(contextRoot="/KSBService",
| urlPattern="/*",
| authMethod="BASIC",
| transportGuarantee="CONFIDENTIAL",
| secureWSDLAccess=false)
| @EndpointConfig(configName = "Standard WSSecurity Endpoint")
| public class KSBServiceBean implements KSBService,KSBServiceRemote,KSBServiceLocal{
|
| private static final Logger log = Logger.getLogger(KSBServiceBean.class);
|
| @EJB
| KSBManagerLocal ksb;
|
| public sting validateLogin(Long userNo, String password) {
| // doSomething
| }
|
| }
in META-INF/ i putted ksbws_security.keystore and jboss-wsse-server.xml
here is my jboss-wsse-server.xml:
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config
| http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <key-store-file>META-INF/ksbws_security.keystore</key-store-file>
| <key-store-password>test</key-store-password>
| <trust-store-file>META-INF/ksbws_security.keystore</trust-store-file>
| <trust-store-password>test</trust-store-password>
| <config>
| <sign type="x509v3" alias="KSBWS_SECURITY" />
| <requires>
| <signature />
| </requires>
| </config>
| </jboss-ws-security>
|
Server side jar deployed without exception
Client:
codes
| public static void main(String[] args) {
| KSBService ksb = null;
| try {
| //SSL keystore
| System.setProperty("javax.net.ssl.keyStore", "c:\\ksbws.keystore");
| System.setProperty("javax.net.ssl.trustStore", "c:\\ksbws.keystore");
| System.setProperty("javax.net.ssl.keyStorePassword", "test");
| System.setProperty("javax.net.ssl.trustStorePassword", "test");
| System.setProperty("javax.net.ssl.keyStoreType", "jks");
| System.setProperty("javax.net.ssl.trustStoreType", "jks");
| System.setProperty("org.jboss.security.ignoreHttpsHost","true");
|
| //Signature keystore
| System.setProperty("org.jboss.ws.wsse.keyStore","c:\\ksbws_security.keystore");
| System.setProperty("org.jboss.ws.wsse.trustStore","c:\\ksbws_security.keystore");
| System.setProperty("org.jboss.ws.wsse.keyStorePassword", "test");
| System.setProperty("org.jboss.ws.wsse.trustStorePassword", "test");
| System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks");
| System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks");
|
| Service service = Service.create(new URL("http://localhost:8180/KSBService/KSBServiceBean?wsdl"),
| new QName("http://xxx.xxx.de/","KSBServiceBeanService") );
|
|
|
|
| ksb= service.getPort(KSBService.class);
|
| ((StubExt) ksb).setConfigName("Standard WSSecurity Client");
|
| BindingProvider bp = (BindingProvider)ksb;
| bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
| bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
|
|
| } catch (Exception e) {
| ....
| ...
|
|
|
also, i putted jboss-wsse-client.xml in META-INF/
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config
| http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <config>
| <sign type="x509v3" alias="KSBWS_SECURITY"/>
| <requires>
| <signature/>
| </requires>
| </config>
| </jboss-ws-security>
|
But when i run client , an Exception like this:
| java.lang.ClassCastException: $Proxy23 cannot be cast to org.jboss.ws.core.StubExt
| at dexxxxx.xxxx.xxxx.MultiThreadsTest.main(MultiThreadsTest.java:43)
| Exception in thread "Thread-1" com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized
| at com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197)
| at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137)
| at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
| at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
| at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
| at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
| at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
| at com.sun.xml.ws.client.Stub.process(Stub.java:235)
| at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
| at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
| at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
| at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
| at $Proxy23.validateLogin(Unknown Source)
|
It seems that jboss-wsse-client.xml was not readed by client.
If i remove codes and configs for signature, SSL works fine.
can anyone help me???
thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147754#4147754
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147754
More information about the jbossws-users
mailing list