JBoss Community

Problem with securing web service with ws security ( username token )

created by Ɓukasz Marczuk in JBoss Web Services - View the full discussion

Hello,

 

I'am trying to secure web service ( from ejb 3.0 stateless bean) and it is not working.

 

here is my code :

 

Bean :

 

@Stateless
@SOAPBinding(style=SOAPBinding.Style.RPC)
@SecurityDomain("JBossWS")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
public class HelloBean implements IHello {
@WebMethod
public String sayHello(String aName) {
return "siemanko " + aName;
}
}

// ... some imports
 
@Stateless
@SOAPBinding(style=SOAPBinding.Style.RPC)
@SecurityDomain("JBossWS")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
public class HelloBean implements IHello {
 
     @WebMethod
     public String sayHello(String aName) {
          return "siemanko " + aName;
     }
 
}

 

 

interface :

 

 

@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
public interface IHello  {
     
     
     String sayHello( String name);
}

 

 

In my META-INF folder i put jboss-wsse-server.xml file :

 

 

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.jboss.com/ws-security/config
                      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
     <config>
          <timestamp ttl="300"/>
          <requires/>
     </config>
</jboss-ws-security>

 

Now i deploy my app on server and i test it from SoapUI.

 

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test">
   <soapenv:Header/>
   <soapenv:Body>
      <test:sayHello>
         <arg0>?</arg0>
      </test:sayHello>
   </soapenv:Body>
</soapenv:Envelope>

 

And anser :

 

 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
   <env:Header>
      <wsse:Security env:mustUnderstand="1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsu:Timestamp wsu:Id="timestamp">
            <wsu:Created>2010-09-06T11:41:38.621Z</wsu:Created>
            <wsu:Expires>2010-09-06T11:46:38.621Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
   </env:Header>
   <env:Body>
      <test:sayHelloResponse xmlns:test="http://test">
         <return>siemanko ?</return>
      </test:sayHelloResponse>
   </env:Body>
</env:Envelope>

 

Got any idea why i can't secure my web service like that? i tryid it on jboss 4.2.3  , 5.01, 5.1, and 6 actually i work on 5.0.1 with JBoss Web Services - Native Server 3.3.1.GA.

 

Mayby i'm skipping some step or jboss-wsse-server.xml is incorect ?

when i put to jboss-wsse-server.xml this :

 

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.com/ws-security/config
                      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  <config>
    <username/>
    <authenticate>
      <usernameAuth/>
    </authenticate>
  </config>
</jboss-ws-security>
 
 
 

Also nothing happend and i'am albe to get response without puting principals in header.

 

JBossWS is good configured in login-config.xml

 

Please help.

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community