Re: [jboss-user] [JBoss Remoting] - Disable Weak Ciphers for PCI-DSS
by Ron Sigal
Ron Sigal [http://community.jboss.org/people/ron.sigal%40jboss.com] replied to the discussion
"Disable Weak Ciphers for PCI-DSS"
To view the discussion, visit: http://community.jboss.org/message/539915#539915
--------------------------------------------------------------
Hi Sunil
> 1. Update the Remoting.jar to to 2.4.x version but I did not find any document to do this( I was also worried about it's impact on my swing clients and webservice).
Updating is just a matter of replacing jboss-remoting.jar. In the context of the Application Server (4.2.x), you want to replace it in $JBOSS_HOME/server/$CONFIG/lib and $JBOSS_HOME/client. Note, also, that client/jbossall-client.jar contains the Remoting files, so you would want to put jboss-remoting.jar in front of jbossall-client.jar on the classpath.
In principle, it should be possible to just drop in a new jboss-remoting.jar. I've heard of people using Remoting 2.4/2.5 with AS 4.2.x, and I'm not aware of any problems. No warranty, of course.
There's another alternative, though. You can configure Remoting to use a custom ServerSocketFactory, so you could write a ServerSocketFactory which sets the enabledCipherSuites property before returning the ServerSocket. See Section 5.7.3. "Server side configuration in the JBoss Application Server" in the Remoting Guide: http://docs.jboss.org/jbossremoting/2.2.3.SP2/html/ http://docs.jboss.org/jbossremoting/2.2.3.SP2/html/
-Ron
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/539915#539915]
Start a new discussion in JBoss Remoting at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
15 years, 8 months
[JBoss Web Services] - Debugging WS-Security decryption
by Sidney Zurch
Sidney Zurch [http://community.jboss.org/people/zurchman1] created the discussion
"Debugging WS-Security decryption"
To view the discussion, visit: http://community.jboss.org/message/539899#539899
--------------------------------------------------------------
Is there any way to "get under the hood" and get some clues as to why WS-Security certificate decryption is failing?
I'm trying to get the example in Section 9.5 of the "JBoss In Action" book working (jboss-4.2.3.GA/jbossws-native-3.1.1.GA).
I've been through all the "classpath", "endorsed.dirs", and "TRACE" discussions and am relatively convinced that all the keystores are in the right place, but I'm getting some cryptic message from the service, followed by a wsse:FailedCheck SOAP fault.
I've taken some liberties with the Client but this code seems to work.
URL securityURL = new File("resources/security/jboss-wsse-client.xml").toURL();
((StubExt)default_webservice).setSecurityConfig(securityURL.toExternalForm());
((StubExt)default_webservice).setConfigName("Standard WSSecurity Client");
As opposed as I am to posting long stack traces...
2010-04-27 17:18:10,245 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callRequestHandlerChain: POST
2010-04-27 17:18:10,245 DEBUG ...
2010-04-27 17:18:10,245 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Create a handler executor: [WSSecurity Handler, Recording Handler]
2010-04-27 17:18:10,245 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Enter: handleIn BoundMessage
2010-04-27 17:18:10,246 DEBUG [org.jboss.ws.core.soap.SOAPMessageDispatcher] getDispatchDestination: null
2010-04-27 17:18:10,246 DEBUG [org.jboss.ws.extensions.security.SecurityStore] loadStore: real_directory/server.keystore
2010-04-27 17:18:10,246 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypt password: jboss
2010-04-27 17:18:10,246 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypted password: jboss
2010-04-27 17:18:10,317 DEBUG [org.jboss.ws.extensions.security.SecurityStore] loadStore: real_directory/serrver.truststore
2010-04-27 17:18:10,320 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypt password: jboss
2010-04-27 17:18:10,320 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypted password: jboss
2010-04-27 17:18:10,322 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------
2010-04-27 17:18:10,322 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] Transitioning from XML_VALID to DOM_VALID
2010-04-27 17:18:10,324 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------
2010-04-27 17:18:10,326 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypt password: jboss
2010-04-27 17:18:10,326 TRACE [org.jboss.ws.extensions.security.SecurityStore] decrypted password: jboss
2010-04-27 17:18:10,328 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------
2010-04-27 17:18:10,328 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] Transitioning from XML_VALID to DOM_VALID
2010-04-27 17:18:10,329 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] -----------------------------------
2010-04-27 17:18:10,487 ERROR [STDERR] [*Fatal Error*] :1:437: The prefix "ns2" for element "ns2:MyDocument" is not bound.
2010-04-27 17:18:10,488 ERROR [org.jboss.ws.extensions.security.WSSecurityDispatcher] Internal error occured handling inbound message:
org.jboss.ws.extensions.security.exception.FailedCheckException: *Decryption was invalid.*
at org.jboss.ws.extensions.security.operation.DecryptionOperation.decryptElement(DecryptionOperation.java:110)
at org.jboss.ws.extensions.security.operation.DecryptionOperation.process(DecryptionOperation.java:146)
at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:156)
at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:195)
at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeHeader(WSSecurityDispatcher.java:133)
at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:101)
at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)
at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:39)
at org.jboss.wsf.common.handler.GenericHandler.handleMessage(GenericHandler.java:53)
at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:305)
at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:142)
at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:97)
at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:125)
at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:613)
2010-04-27 17:18:10,489 ERROR [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exception during handler processing
org.jboss.ws.core.CommonSOAPFaultException: Decryption was invalid.
at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:264)
at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:113)
at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)
at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:39)
at org.jboss.wsf.common.handler.GenericHandler.handleMessage(GenericHandler.java:53)
at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:305)
at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:142)
at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:97)
at...
<env:Envelope xmlns:env=' http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/'>
<env:Header/>
<env:Body>
<env:Fault xmlns:env=' http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/'>
<faultcode xmlns:wsse=' http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext... http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext...'>*wsse:FailedCheck*</faultcode>
<faultstring>Decryption was invalid.</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/539899#539899]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
15 years, 8 months
Re: [jboss-user] [JBoss Microcontainer Development] - JBREFLECT-5 - Implementing generics in JavassistClassInfo
by Kabir Khan
Kabir Khan [http://community.jboss.org/people/kabir.khan%40jboss.com] replied to the discussion
"JBREFLECT-5 - Implementing generics in JavassistClassInfo"
To view the discussion, visit: http://community.jboss.org/message/539885#539885
--------------------------------------------------------------
> I have tried turning off caching for these parameterized ClassInfos, which causes some of the tests to fail. From what I can see fixing them means having to adjust some of the tests to use assertEquals() instead of assertSame() for parameterized ClassInfos. I think this is necessary, and that the idea of enforcing object equality for parameterized ClassInfos is a misunderstanding :-)
Apart from this local fix in BeanInfoCacheTestCase, all the other places that test object equality for parameterized class infos are in tests written by me as part of JBREFLECT-5, so I think I am safe to readjust the tests
[kabir ~/sourcecontrol/jboss-reflect/trunk/jboss-reflect]
$svn diff src/test/
Index: src/test/java/org/jboss/test/beaninfo/test/BeanInfoCacheTestCase.java
===================================================================
--- src/test/java/org/jboss/test/beaninfo/test/BeanInfoCacheTestCase.java (revision 104118)
+++ src/test/java/org/jboss/test/beaninfo/test/BeanInfoCacheTestCase.java (working copy)
@@ -125,16 +125,45 @@
{
BeanInfo beanInfo = getConfiguration().getBeanInfo(typeInfo);
ClassInfo typeInfo2 = beanInfo.getClassInfo();
- assertSame(typeInfo, typeInfo2);
+ assertClassInfos(typeInfo, typeInfo2);
}
-
+
private void assertClassInfo(ClassInfo typeInfo, String className, ClassLoader cl) throws Exception
{
BeanInfo beanInfo = getConfiguration().getBeanInfo(className, cl);
ClassInfo typeInfo2 = beanInfo.getClassInfo();
- assertSame(typeInfo, typeInfo2);
+ assertClassInfos(typeInfo, typeInfo2);
}
+ private void assertClassInfos(TypeInfo typeA, TypeInfo typeB)
+ {
+ ClassInfo classA = assertInstanceOf(typeA, ClassInfo.class);
+ ClassInfo classB = assertInstanceOf(typeB, ClassInfo.class);
+
+ if (classA.getRawType() == classA)
+ assertSame(classA, classB);
+ else
+ {
+ assertEquals(classA, classB);
+ TypeInfo[] argsA = classA.getActualTypeArguments();
+ TypeInfo[] argsB = classB.getActualTypeArguments();
+
+ if (argsA != null)
+ assertNotNull(argsB);
+ if (argsB != null)
+ assertNotNull(argsA);
+ if (argsA == null)
+ {
+ assertNull(argsB);
+ return;
+ }
+
+ assertEquals(argsA.length, argsB.length);
+ for (int i = 0 ; i < argsA.length ; i++)
+ assertClassInfos(argsA[i], argsB[i]);
+ }
+ }
+
@SuppressWarnings("unchecked")
protected Type getType(String type, Class<?> clazz) throws Exception
{
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/539885#539885]
Start a new discussion in JBoss Microcontainer Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
15 years, 8 months