[JBossWS] - Re: WS-Security: keystores and truststores
by cavani
Hi,
I am using the follow approach based on JBossWS 2.0.1:
1. I didn't change distribution code
2. Copy to my project (EJB where WS is configured):
org.jboss.ws.extensions.security.jaxws.WSSecurityHandler
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer
org.jboss.ws.extensions.security.WSSecurityDispatcher
3. Merge WSSecurityHandler and WSSecurityHandlerServer in a single source (WSSecurityHandler no more abstract and delete Server) and change invocation to my WSSecurityDispatcher copy.
4. Create my own SecurityStore extending org.jboss.ws.extensions.security.SecurityStore:
| public class SecurityStore extends org.jboss.ws.extensions.security.SecurityStore
| {
|
| private KeyStore keyStore;
|
| private KeyStore trustStore;
|
| private char[] keyStorePassword;
|
| public SecurityStore() throws WSSecurityException
| {
| loadKeyStore();
|
| SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
| SecurityAdaptorFactory secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
| SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
|
| String username = securityAdaptor.getPrincipal().toString();
|
| loadSessionKey(username);
| }
|
| public SecurityStore(Element element) throws WSSecurityException
| {
| loadKeyStore();
|
| Element child = Util.getFirstChildElement(element);
|
| String username = null;
|
| while (child != null)
| {
| String tag = child.getLocalName();
|
| if (tag.equals("UsernameToken"))
| {
| UsernameToken token = new UsernameToken(child);
| username = token.getUsername();
| break;
| }
|
| child = Util.getNextSiblingElement(child);
| }
|
| loadSessionKey(username);
| }
|
| // copy of public methods from SecurityStore
|
|
where:
* loadKeyStore() load server key/certificate
* loadSessionKey(String username); load user certificate (all certificate has the same alias)
4. Change WSSecurityDispatcher to instantiate my SecurityStore copy:
* Element parameter Constructor at handleInbound
* Default Constructor at handleOutbound
5. use my WSSecurityHandler at standard-jaxws-endpoint-config.xml
6. configure client with username tag at jboss-wsse-client.xml and:
| BindingProvider bindingProvider = (BindingProvider) port;
| Map<String, Object> reqContext = bindingProvider.getRequestContext();
| reqContext.put(BindingProvider.USERNAME_PROPERTY, (String) USERNAME_HERE);
| reqContext.put(BindingProvider.PASSWORD_PROPERTY, "");
|
just it!
it is working fine to me (user certs are in LDAP acounts accessed with JNDI - InitialDirContext).
Any changes to improve security code to implement something like this out-of-box (like pluggable SecurityStore with username information)? for 2.0.2?
Thanks,
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4092995#4092995
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4092995
18Â years, 7Â months
[JBoss Seam] - FR: Make all Seam-originated internal FacesMessages optional
by przemjaskier
Is it possible to make Seam to not produce any FacesMessages with it's internal informations? I've hit some topics on this and AFAIR only way was to "override" default message etc.
C'mon - most of our applications are focused on a common user's that don't want to see strange message that "Conversation has expired OR was processing another request OR ..."... Seam even produces a generic "Welcome" message after logging in... What for? Most of these cases are handled by us anyway, with proper redirect or message and the way that Seam tries to put it's low-level, not-meaningful-for-a-common-user messages in every <h:messages/> found on a random page is strange. These things should be simply handled by producing a log error on a debug/info level, not jumping into the face of a user... This brings no value at all anyway...
Maybe generic configuration parameter that would disable Seam's oververbose h:messaging?
Should I fill a FR for this? What do you think?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4092991#4092991
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4092991
18Â years, 7Â months
[Installation, Configuration & DEPLOYMENT] - Re: Want to change the default page as my webapp's page
by jaikiran
"vmayakri" wrote : Hi,
| Instead of removing the ROOT.war, is it possiblt to make this as default?
|
OK, i get what you are saying. I guess, you are worried about deleting the ROOT.war. Fair enough. I just tried the following on my setup and got it working:
1) Rename ROOT.war (present in server/xxx/deploy/jbossweb-tomcat55.sar/ or server/xxx/deploy/jboss-web.deployer depending on the JBoss version you are using) to some other name (Let's rename it to jboss-webconsole.war for simplicity).
2) Create a jboss-web.xml file in *your web-application's WEB-INF folder* containing the following:
<?xml version="1.0" encoding="UTF-8"?>
| <jboss-web>
| <context-root>/</context-root>
| </jboss-web>
This should get the desired result. Now, whenever you access http://localhost:8080, your application will be considered the default application. Also, your concern that the ROOT.war web-application (which actually is the JBoss web console) will be lost, is addressed by this approach, as you can now access it using http://localhost:8080/jboss-webconsole (or whatever you renamed ROOT.war to).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4092984#4092984
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4092984
18Â years, 7Â months