[JBossWS] - Re: MTOM + WS Security = problem
by mrostan
Hi all.
We've continued testing MTOM+WS-Security Signature, we need interoperation with Microsoft clients, so swaRef is not an option and we need MTOM and signatures working well.
We have found the following problems:
1) On the server side:
1.a) The WS-Security handlers are not invoked, to solve this change the protocol-bindings in the endpoint-config:
| <endpoint-config>
| <config-name>MTOM WSSecurity Endpoint</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
| </endpoint-config>
|
and change the endpoint config on the service implementation:
| @BindingType(value = javax.xml.ws.soap.SOAPBinding.SOAP11HTTP_MTOM_BINDING)
| @EndpointConfig(configName = "MTOM WSSecurity Endpoint")
|
1.b) We always receive "Signature is invalid" error, we've found that the replacement of the xop:Include elements to the base64 representation was not made in deep.
We've modifed SOAPFactoryImpl.createElement to invoke XOPContext.inlineXOPData when an xop:Include element is found.
1.c) When the replacement of xop:Include with the base64 representation occurs (see XOPContext.replaceXOPInclude) a content-type attribute is added to the parent element.
This addition breaks the signature, that attribute was not present on the client side, so the signature is still invalid.
We have modified the usage of an attribute with the usage of userData in the node.
The problem here is that NodeImpl does not support the user data, so he have added that support.
Right now, after 1.a 1.b and 1.c we have the signature verification working (testing with a message generated and signed manually, with some help of soapUI).
The next problem:
2) On the client side
2.a) First of all, on the client side the endpoint config must be modified also (to get the ws-security handlers running):
| <client-config>
| <config-name>MTOM WSSecurity Client</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
|
and referenced from the client code:
| ((StubExt)port).setConfigName("MTOM WSSecurity Client");
|
2.b) The message is sent with the binary data inline, and not as an attachment, we need attachments and not base64 encoding.
We have a solution to this problem, but I believe it should be reviewed carefully.
The solution is to invoke
| XOPContext.visitAndRestoreXOPData();
|
after the handlers execution (this is done on the JAXRPC client but not in JAXWS). I have modified CommonClient and DispatchImpl to make this invocation.
Finally, we have a patch with the modifications on 1.b, 1.c and 2.b to the current trunk.
I will upload it to a JIRA issue if the JBossWS team accepts this solution.
Regards,
Martin
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4132257#4132257
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4132257
16 years, 8 months
[Javassist user questions] - Re: adding annotations
by cat4hire
I've made another try: I've tried to get the classfile from a CtClass object instantied with the class name of the base class:
| // make a new class and prepare the annotation
| CtClass newProxyClass = pool.makeClass(subProxyClassName);
| ClassFile classFile = newProxyClass.getClassFile(); //new ClassFile( false, subProxyClassName, baseProxyClass.getName() );
| ConstPool constantPool = classFile.getConstPool();
| AnnotationsAttribute attribute = new AnnotationsAttribute( constantPool, AnnotationsAttribute.visibleTag );
| javassist.bytecode.annotation.Annotation annotation = new javassist.bytecode.annotation.Annotation( this.annotationClassName, constantPool );
| attribute.setAnnotation( annotation );
| classFile.addAttribute( attribute );
| classFile.setVersionToJava5();
| classFile.setName(subProxyClassName);
| classFile.setSuperclass( baseProxyClass.getName() );
| ByteArrayOutputStream bos = new ByteArrayOutputStream();
| DataOutputStream os = new DataOutputStream( bos );
| classFile.write( os );
| bytecode = bos.toByteArray();
|
but again, when I try to instantiate this class, that is of kind "proxy", I got an instantiation error:
| Class clazz = this.defineClass(subProxyClassName, bytecode, 0, bytecode.length);
| AgentProxy aProxy = (AgentProxy) clazz.newInstance();
|
I got the same instantiation exception of the previous post.
Any idea?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4132254#4132254
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4132254
16 years, 8 months