JBoss Community

Problem implementing WS-Security X509 Token in JBoss 5.x

created by Andrea De Angelis in JBoss Web Services - View the full discussion

Hi all,

i'm re-writing an application developped for JBoss 4.3 fro a new environment in JBoss 5.1.

In this application (EAR) we've a WAR with some Web Services with WS-Security and X509 Token.

In the first environment (Jboss 4.3) my jboss-wsse-server.xml look as:

{code:xml}

<jboss-ws-security

xmlns="http://www.jboss.com/ws-security/config"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.jboss.com/ws-security/config

http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

<key-store-file>/mydirectory/keystore/server.keystore</key-store-file>

<key-store-password>xxx</key-store-password>

<key-store-type>jks</key-store-type>

<trust-store-file>/mydirectory/keystore/server.truststore</trust-store-file>

<trust-store-password>xxx</trust-store-password>

<trust-store-type>jks</trust-store-type>

<timestamp-verification createdTolerance="600" warnCreated="true" expiresTolerance="600" warnExpires="true" />

</requires>

</authenticate>

</config>

</jboss-ws-security>

{code}

And my Jboss-service.xml as:

{code:xml}

<mbean code="org.jboss.security.plugins.JaasSecurityDomain"

name="jboss.security:service=SanferSecurityDomain">

</constructor>

<attribute name="KeyStoreURL">/mydirectory/keystore/server.keystore</attribute>

<depends>jboss.security:service=JaasSecurityManager</depends>

</mbean>

<mbean code="org.jboss.security.auth.login.DynamicLoginConfig"

name="whatever:service=SanferLogin">

<attribute name="AuthConfig">my-login-config.xml</attribute>

jboss.security:service=XMLLoginConfig</depends>

jboss.security:service=JaasSecurityManager</depends>

</mbean>

</server>

{code}

I highlighted in red the absolute path of my keystore and truststore.

When i deploy this EAR in Jboss 4.3 everything it's ok, but in Jboss 5.1 i've the error message above:

{code}

Caused by: org.jboss.ws.WSException: Cannot find required security resource: /opt/sanfer/keystore/server.keystore

at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.getResource(WSSecurityConfigFactory.java:114)

at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.initKeystorePath(WSSecurityConfigFactory.java:89)

at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.createConfiguration(WSSecurityConfigFactory.java:72)

at org.jboss.ws.metadata.builder.jaxws.JAXWSWebServiceMetaDataBuilder.buildWebServiceMetaData(JAXWSWebServiceMetaDataBuilder.java:132)

at org.jboss.ws.metadata.builder.jaxws.JAXWSServerMetaDataBuilder.setupProviderOrWebService(JAXWSServerMetaDataBuilder.java:52)

at org.jboss.ws.metadata.builder.jaxws.JAXWSMetaDataBuilderJSE.buildMetaData(JAXWSMetaDataBuilderJSE.java:61)

at org.jboss.wsf.stack.jbws.UnifiedMetaDataDeploymentAspect.start(UnifiedMetaDataDeploymentAspect.java:64)

at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:129)

at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:76)

at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)

at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:55)

at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179)

... 30 more

{code}

The WSSecurityConfig can't locate the keystore from the absolute path, but the JaasSecurityDomain however locate it.

I've tried another different way putting the Keystore and Trustore inside the WEB-INF folder of WAR, and i've a similar scenario.

In this case the WSSecurityConfig locate the Kesytsore/Trustore but the JaasSecurityDomain throw the error "Can't locate resource: WEB-INF/server.keystore".

I think i've some Class Loading issue, can you help me to fix it?

Thanks for the help.

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community