Himaja Thovi [
http://community.jboss.org/people/t.himaja] created the discussion
"missing <wsse:Security> tag in WS-Security"
To view the discussion, visit:
http://community.jboss.org/message/580223#580223
--------------------------------------------------------------
Hi,
I made ejb module as web service. And i want to encrypt SOAP message based on WS-Security
for that web service.
I followed Jboss in Action to configure WS-Security in Jboss server.
At Server side:
Server.java
import javax.jws.WebService;
import javax.ejb.Stateless;
import org.jboss.ws.annotation.EndpointConfig;
@WebService()
@EndpointConfig(configName="Standard WSSecurity Endpoint")
@Stateless()
public class Server {
public String message(){
return "hello";
}
}
I added jboss-wsse-server.xml, wsse.keystore, wsse.truststore in META-INF folder.
jboss-wsse-server.xml
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/wsse.keystore</key-store-file>
<key-store-type>jks</key-store-type>
<key-store-password>wsseServer</key-store-password>
<trust-store-file>META-INF/wsse.truststore</trust-store-file>
<trust-store-type>jks</trust-store-type>
<trust-store-password>wsseServer</trust-store-password>
<config>
<encrypt type="x509v3" alias="wsseClient"/>
<requires>
<encryption />
</requires>
</config>
</jboss-ws-security>
wsse.keystore
Your keystore contains 2 entries
Alias name: wsseserver
Creation date: 5 Jan, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in
Issuer: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in
Serial number: 4d23ffdf
Valid from: Wed Jan 05 10:51:35 IST 2011 until: Tue Apr 05 10:51:35 IST 2011
Certificate fingerprints:
MD5: 8D:6A:3E:C2:5C:B4:70:E1:18:E6:FB:97:4A:9B:74:A1
SHA1: FE:7A:8A:EF:29:18:C4:42:75:E4:1E:18:C5:94:92:FE:D3:FC:41:3F
Signature algorithm name: SHA1withRSA
Version: 3
Alias name: wsseclient
Creation date: 5 Jan, 2011
Entry type: trustedCertEntry
Owner: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in
Issuer: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in
Serial number: 4d2403fc
Valid from: Wed Jan 05 11:09:08 IST 2011 until: Tue Apr 05 11:09:08 IST 2011
Certificate fingerprints:
MD5: 82:09:26:68:DC:AE:FC:47:1E:C8:C5:A8:61:5A:EA:87
SHA1: 0C:02:AE:FA:66:64:38:8F:39:6F:B9:C6:F4:E4:12:7F:AF:78:EF:EE
Signature algorithm name: SHA1withRSA
Version: 3
in wsse.truststore
Your keystore contains 1 entry
Alias name: wsseserver
Creation date: 5 Jan, 2011
Entry type: trustedCertEntry
Owner: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in
Issuer: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in
Serial number: 4d23ffdf
Valid from: Wed Jan 05 10:51:35 IST 2011 until: Tue Apr 05 10:51:35 IST 2011
Certificate fingerprints:
MD5: 8D:6A:3E:C2:5C:B4:70:E1:18:E6:FB:97:4A:9B:74:A1
SHA1: FE:7A:8A:EF:29:18:C4:42:75:E4:1E:18:C5:94:92:FE:D3:FC:41:3F
Signature algorithm name: SHA1withRSA
Version: 3
i added jbossws-core.jar
At Client side:
My client is a stand-alone application and i didnot include any jars at this side
public class Main {
public static void main(String[] args) {
try { // Call Web Service Operation
com.ServerService service = new com.ServerService();
com.Server port = service.getServerPort();
java.lang.String result = port.message();
System.out.println("Result = "+result);
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
jboss-wsse-client.xml
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>
META-INF/wsseClient.keystore</key-store-file>
<key-store-type>jks</key-store-type>
<key-store-password>wsseClient</key-store-password>
<trust-store-file>
META-INF/wsseClient.truststore</trust-store-file>
<trust-store-type>jks</trust-store-type>
<trust-store-password>wsseClient</trust-store-password>
<config>
<encrypt type="x509v3" alias="wsseServer"/>
<requires>
<encryption/>
</requires>
</config>
</jboss-ws-security>
standard-jaxws-client-config.xml(copied this file from jboss server
deployers/jbossws.deployer/META-INF/standard-jaxws-client-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
<client-config>
<config-name>Standard WSSecurity Client</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP
##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</client-config>
</jaxws-config>
wsseClient.keystore
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: wsseserver
Creation date: 5 Jan, 2011
Entry type: trustedCertEntry
Owner: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in
Issuer: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in
Serial number: 4d23ffdf
Valid from: Wed Jan 05 10:51:35 IST 2011 until: Tue Apr 05 10:51:35 IST 2011
Certificate fingerprints:
MD5: 8D:6A:3E:C2:5C:B4:70:E1:18:E6:FB:97:4A:9B:74:A1
SHA1: FE:7A:8A:EF:29:18:C4:42:75:E4:1E:18:C5:94:92:FE:D3:FC:41:3F
Signature algorithm name: SHA1withRSA
Version: 3
Alias name: wsseclient
Creation date: 5 Jan, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in
Issuer: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in
Serial number: 4d2403fc
Valid from: Wed Jan 05 11:09:08 IST 2011 until: Tue Apr 05 11:09:08 IST 2011
Certificate fingerprints:
MD5: 82:09:26:68:DC:AE:FC:47:1E:C8:C5:A8:61:5A:EA:87
SHA1: 0C:02:AE:FA:66:64:38:8F:39:6F:B9:C6:F4:E4:12:7F:AF:78:EF:EE
Signature algorithm name: SHA1withRSA
Version: 3
wsseClient.truststore
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: wsseclient
Creation date: 5 Jan, 2011
Entry type: trustedCertEntry
Owner: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in
Issuer: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in
Serial number: 4d2403fc
Valid from: Wed Jan 05 11:09:08 IST 2011 until: Tue Apr 05 11:09:08 IST 2011
Certificate fingerprints:
MD5: 82:09:26:68:DC:AE:FC:47:1E:C8:C5:A8:61:5A:EA:87
SHA1: 0C:02:AE:FA:66:64:38:8F:39:6F:B9:C6:F4:E4:12:7F:AF:78:EF:EE
Signature algorithm name: SHA1withRSA
Version: 3
i included all these configuration files in META-INF folder.
but i am getting error as
at client-side
javax.xml.ws.soap.SOAPFaultException: This service requires <wsse:Security>, which
is missing.
at
com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at
com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at server-side
Exception during handler processing
org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>,
which is missing.
at
org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:264)
at
org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:94)
at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)
when i checked server.log, either incoming soap message or outgoing soap message not
encrypted.
please help me in solving out this issue.
I need to solve it as soon as possible.
Thanks in advance.
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/580223#580223]
Start a new discussion in JBoss Web Services at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]