9:12 a.m.
Dimitris Keramidas [https://community.jboss.org/people/varkon] created the discussion
"Problem implementing ws-security service (and client) in AS7.1.1"
To view the discussion, visit: https://community.jboss.org/message/735080#735080
--------------------------------------------------------------
Hello,
I have been trying to migrate a secure web service deployed in JBoss AS 5.1 to AS7.1.
Having realized that the process is quite different now, I decided to start small and
follow the https://docs.jboss.org/author/display/AS71/WS-Security WS-Security for AS7.1
documentation.Unfortunately, I did not manage to get the service working as expected (sign
& encrypt). I keep getting errors like this:
WARNING: WSP0075: Policy assertion
"{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding"
was evaluated as "UNKNOWN".
WARNING: WSP0075: Policy assertion
"{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss10" was evaluated
as "UNKNOWN".
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness
"UNKNOWN".
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These policy
alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token
does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
at
com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at
com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:129)
at $Proxy22.sayHello(Unknown Source)
at Test.main(Test.java:22)
or this (with a slightly altered WSDL):
WARNING: WSP0075: Policy assertion
"{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding"
was evaluated as "UNKNOWN".
WARNING: WSP0075: Policy assertion
"{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Wss10" was evaluated
as "UNKNOWN".
WARNING: WSP0019: Suboptimal policy alternative selected on the client side with fitness
"UNKNOWN".
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These policy
alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received
Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token
does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received
Timestamp does not match the requirements
at
com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
at
com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:129)
at $Proxy22.sayHello(Unknown Source)
at Test.main(Test.java:22)
I have tried changing the ws-securitypolicy configuration in my WSDL - as described in the
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-securitypolicy...
WS-SecurityPolicy standard - but to no avail.
Are the sample web services described in the above
https://docs.jboss.org/author/display/AS71/WS-Security WS-Security link located anywhere?
I would very much like to download them, and try to deploy them as they are. Perhaps I
might get a better idea of what I might be doing wrong.
Regards,
Dimitris
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/735080#735080]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
9:24 a.m.
New subject: [JBoss Web Services] - Re: Problem implementing ws-security service (and client) in AS7.1.1
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion
"Re: Problem implementing ws-security service (and client) in AS7.1.1"
To view the discussion, visit: https://community.jboss.org/message/735082#735082
--------------------------------------------------------------
You can download jbossws-cxf-4.0.2.GA from http://www.jboss.org/jbossws/downloads
http://www.jboss.org/jbossws/downloads
Then have a look at the testcases in
/jbossws-cxf-bin-dist/tests/java/org/jboss/test/ws/jaxws/samples/wsse/policy/ folder.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/735082#735082]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
2:53 a.m.
New subject: [JBoss Web Services] - Re: Problem implementing ws-security service (and client) in AS7.1.1
Dimitris Keramidas [https://community.jboss.org/people/varkon] created the discussion
"Re: Problem implementing ws-security service (and client) in AS7.1.1"
To view the discussion, visit: https://community.jboss.org/message/735298#735298
--------------------------------------------------------------
Thanks, will look into it!
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/735298#735298]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
4:49 a.m.
New subject: [JBoss Web Services] - Re: Problem implementing ws-security service (and client) in AS7.1.1
Dimitris Keramidas [https://community.jboss.org/people/varkon] created the discussion
"Re: Problem implementing ws-security service (and client) in AS7.1.1"
To view the discussion, visit: https://community.jboss.org/message/735333#735333
--------------------------------------------------------------
I've found the relevant resources in the archive/path you mentioned, and attempted to
incorporate the sample service in my deployment.
I'm still getting the following error:
12:40:05,397 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-3)
Interceptor for
{http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService#{http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}sayHello
has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: These policy
alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received
Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token
does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received
Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts:
{http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts:
{http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
at
org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
at
org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
[jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
[jbossws-spi-2.0.3.GA.jar:2.0.3.GA]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
[jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
[jbossweb-7.0.13.Final.jar:]
at
org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
[jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
[jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
[jbossweb-7.0.13.Final.jar:]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
[jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
[jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_04]
Caused by: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be
satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received
Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token
does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received
Timestamp does not match the requirements
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts:
{http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts:
{http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
at
org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:162)
at
org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:99)
at
org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45)
... 26 more
I should mention that I'm packaging the services as WAR inside an EAR. All relevant
service resources (wsdls, keystores, etc) are include like this: EAR -> WAR ->
WEB-INF. Furthermore, I'm trying to test the "sign and encrypt" case.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/735333#735333]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
5:57 p.m.
New subject: [JBoss Web Services] - Re: Problem implementing ws-security service (and client) in AS7.1.1
Juan Sepulveda [https://community.jboss.org/people/ju-sepul] created the discussion
"Re: Problem implementing ws-security service (and client) in AS7.1.1"
To view the discussion, visit: https://community.jboss.org/message/762796#762796
--------------------------------------------------------------
I have the same problem, Signing and Encrypting Example won work, I already installed JCE
6 ober JDK 6.23 for JBoss and BouncyCastle provider (editing java.security) and made the
dynamic call for the provider in the client.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/762796#762796]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
2:43 a.m.
New subject: [JBoss Web Services] - Re: Problem implementing ws-security service (and client) in AS7.1.1
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion
"Re: Problem implementing ws-security service (and client) in AS7.1.1"
To view the discussion, visit: https://community.jboss.org/message/762864#762864
--------------------------------------------------------------
The client side exception shows that the JAXWS RI is being used, not the jbossws-cxf jaxws
implementation. Are you properly enabling ws-security policy support in your client? The
exception on server side basically means that the received message does not satifsy the
ws-security policy in the endpoint wsdl contract.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/762864#762864]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
2:43 a.m.
New subject: [JBoss Web Services] - Re: Problem implementing ws-security service (and client) in AS7.1.1
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion
"Re: Problem implementing ws-security service (and client) in AS7.1.1"
To view the discussion, visit: https://community.jboss.org/message/762865#762865
--------------------------------------------------------------
For the records, also see https://community.jboss.org/message/762862#762862
https://community.jboss.org/message/762862
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/762865#762865]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
4441
days inactive
4586
days old
6 comments
3 participants
participants (3)
-
Alessio Soldano -
Dimitris Keramidas
-
Juan Sepulveda