February 2008 - jbossws-issues - Jboss List Archives

[JBoss JIRA] Commented: (JBWS-1172) Support schema validation for incoming messages

by Thomas Diesler (JIRA)

[ http://jira.jboss.com/jira/browse/JBWS-1172?page=comments#action_12400925 ] Thomas Diesler commented on JBWS-1172: -------------------------------------- XML Document Validation with an XML Schema http://www.onjava.com/pub/a/onjava/2004/09/15/schema-validation.html Java Technology & XML - How to..validate xml doc against schema using Xerces DOM http://forum.java.sun.com/thread.jspa?threadID=250998&messageID=928947&fo... > Support schema validation for incoming messages > ----------------------------------------------- > > Key: JBWS-1172 > URL: http://jira.jboss.com/jira/browse/JBWS-1172 > Project: JBoss Web Services > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: jbossws-native > Reporter: Thomas Diesler > Assigned To: Thomas Diesler > Fix For: jbossws-native-2.0.4 > > > I am trying to use JBOSSWS 1.0.2. and JBOSSAS-4.0.4GA > I am starting with a WSDL file that contains a schema. I used WSTOOLS to generate the appropriate artifacts > I would like to use DOCUMENT/LITERAL wrapped style and I would like to turn on schema validation of my XML instances against a schema defined in the WSDL (on receipt of the message the server does the validation ?). > Looking through the sources, I see that JAXBDeserializer (jbossws-core.jar) calls JAXBUnmarshallerImpl which calls UnmarshallerImpl (jboss-xml-binding.jar) which does the parsing of the XML. > I do not see any call to UnmarshallerImpl.setSchemaValidation in this call graph. Should this be called to turn on to do Schema Validation ? If so how and where ? > Is Schema Validation for Document/Literal something that JBOSSWS 1.0.2 supports ? > How does one turn on XML Schema validation in JBOSSWS ? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

1
0
0 / 0

[JBoss JIRA] Created: (JBWS-1974) Using signature as security in a webservice throws an error when loglevel not Debug or Info

by Micha Wensveen (JIRA)

Using signature as security in a webservice throws an error when loglevel not Debug or Info ------------------------------------------------------------------------------------------- Key: JBWS-1974 URL: http://jira.jboss.com/jira/browse/JBWS-1974 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Components: ws-security Affects Versions: jbossws-2.0.2 Environment: application server: jboss-4.2.1.GA or jboss-4.2.2.GA Reporter: Micha Wensveen The org.jboss.ws.extensions.security.SignatureVerificationOperation.process() throws an exception if the loglevel for the org.jboss.ws package is not DEBUG. Both the loglevel of client and service must have DEBUG. Client log level: DEBUG and service log level: INFO throws exception on the client side. Client log level: DEBUG and service log level: DEBUG works fine. Client log level: INFO and service log level: DEBUG throws exception on the service side. Client log level: INFO and service log level: INFO throws exception on the service side. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

3
9
0 / 0

[JBoss JIRA] Created: (JBWS-1859) Concurrency issue in building the request handler chain when more than one handler is specified

by Bruce (JIRA)

Concurrency issue in building the request handler chain when more than one handler is specified ----------------------------------------------------------------------------------------------- Key: JBWS-1859 URL: http://jira.jboss.com/jira/browse/JBWS-1859 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Components: jbossws-jaxws Affects Versions: jbossws-2.0.1, jbossws-1.2.1 Reporter: Bruce >From what I can tell jbossws has concurrency issues in building the request handler chain when more than one handler is specified, and multiple requests are made to the server while it is starting. The problem is that too many copies of the handlers are inserted into the handler chain because more than one thread is building it. This only becomes apparent when one of the handlers is for WS Security. During request handling, the first WS Security handler removes the wsse header, so any subsequent handler throws an exception. The client receives the fault string "This service requires <wsse:Security>, which is missing". The server stack trace: javax.xml.ws.WebServiceException: org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing. at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFailure(HandlerChainExecutor.java:276) at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:155) at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87) at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:126) at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:170) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:408) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:272) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:189) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:122) at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) Steps to duplicate - Create web service that exposes a ping() method, and requires both WS Security and WS Addressing. A customized standard-jaxws-endpoint-config.xml file is required. - Create a client application that calls ping() every second in a loop - Start the server - Once the server initializes, start 2 instances of the client - Restart the server - Most of the time the error will start to occur for every request. You may have to restart the server a few time to get the error condition. Sometimes the server is able to initialize successfully. If it is successful, it will stay that way. Even having many clients pounding on the server for hours will not cause the error. - Once the error condition begins, the server is unable to properly process any more ping requests, even if both clients are stopped, and only one is restarted. standard-jaxws-endpoint-config.xml addition: <endpoint-config> <config-name>WSAddressing + WSSecurity Endpoint</config-name> <post-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings> <javaee:handler> <javaee:handler-name>WSAddressing Handler</javaee:handler-name> <javaee:handler-class>org.jboss.ws.extensions.addressing.jaxws.WSAddressingServerHandler</javaee:handler-class> </javaee:handler> <javaee:handler> <javaee:handler-name>WSSecurity Handler</javaee:handler-name> <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </post-handler-chains> </endpoint-config> I have sample server and client code that you can use, but could not see how to attach it to the bug report. I was able to prevent the error from occurring with a slight modification to callRequestHandlerChain() in org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS. I changed: if (isInitialized() == false) { resolver.initHandlerChain(sepMetaData, HandlerType.PRE, true); resolver.initHandlerChain(sepMetaData, HandlerType.ENDPOINT, true); resolver.initHandlerChain(sepMetaData, HandlerType.POST, true); setInitialized(true); } to if (isInitialized() == false) { synchronized(this) { if (isInitialized() == false) { resolver.initHandlerChain(sepMetaData, HandlerType.PRE, true); resolver.initHandlerChain(sepMetaData, HandlerType.ENDPOINT, true); resolver.initHandlerChain(sepMetaData, HandlerType.POST, true); setInitialized(true); } } } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

2
5
0 / 0

[JBoss JIRA] Created: (JBWS-1938) Assign message name instead of IN and OUT for Inbound/Outbound Addressing Property

by Magesh Kumar B (JIRA)

Assign message name instead of IN and OUT for Inbound/Outbound Addressing Property ---------------------------------------------------------------------------------- Key: JBWS-1938 URL: http://jira.jboss.com/jira/browse/JBWS-1938 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Components: jbossws-jaxws, ws-addressing Affects Versions: jbossws-2.0.2, jbossws-1.2.1 Reporter: Magesh Kumar B Assigned To: Magesh Kumar B -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

3
7
0 / 0

[JBoss JIRA] Created: (JBWS-1871) Support @HandlerChain on Service classes

by Heiko Braun (JIRA)

Support @HandlerChain on Service classes ---------------------------------------- Key: JBWS-1871 URL: http://jira.jboss.com/jira/browse/JBWS-1871 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Affects Versions: jbossws-2.0.2 Reporter: Heiko Braun Assigned To: Heiko Braun Fix For: jbossws-2.1.0 Conformance (Handler resolver for a HandlerChain annotation): For a generated service class (see 2.7) which is annotated with a HandlerChain annotation, the default handler resolver MUST return handler chains consistent with the contents of the handler chain descriptor referenced by the HandlerChain anno- tation. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

2
3
0 / 0

[JBoss JIRA] Created: (JBWS-1991) ReceiveUsernameToken doesn't process authentication

by seboonet (JIRA)

ReceiveUsernameToken doesn't process authentication --------------------------------------------------- Key: JBWS-1991 URL: http://jira.jboss.com/jira/browse/JBWS-1991 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Affects Versions: jbossws-native-2.0.3 Reporter: seboonet Priority: Critical ReceiveUsernameToken (via SecurityAdaptorImpl) delegate setting of username/password directly to SecurityAssociation, without invoking authentication by JaasSecurityManagerService. Example header: <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext..." xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."> <wsse:UsernameToken wsu:Id="token-5-1201603135036-5863106"> <wsse:Username>some_username_that_should_be_authenticated_by_container</wsse:Username> <wsse:Password>some_credentials</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

3
7
0 / 0

[JBoss JIRA] Created: (JBWS-1830) Implement Database Based WS-RM Message Store

by Richard Opalka (JIRA)

Implement Database Based WS-RM Message Store -------------------------------------------- Key: JBWS-1830 URL: http://jira.jboss.com/jira/browse/JBWS-1830 Project: JBoss Web Services Issue Type: Sub-task Security Level: Public (Everyone can see) Reporter: Richard Opalka Assigned To: Richard Opalka -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

2
4
0 / 0

[JBoss JIRA] Updated: (JBWS-678) OASIS Catalog support

by Thomas Diesler (JIRA)

[ http://jira.jboss.com/jira/browse/JBWS-678?page=all ] Thomas Diesler updated JBWS-678: -------------------------------- Assignee: (was: Thomas Diesler) > OASIS Catalog support > --------------------- > > Key: JBWS-678 > URL: http://jira.jboss.com/jira/browse/JBWS-678 > Project: JBoss Web Services > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: jbossws-native > Reporter: Thomas Diesler > Fix For: jbossws-3.x > > Attachments: jboss-entity-resolver.zip > > > From the JAXWS-2.-0 spec > 4.4 Catalog Facility > > JAX-WS mandates support for a standard catalog facility to be used when resolving any Web service docu- 15 > ment that is part of the description of a Web service, specifically WSDL and XML Schema documents. 16 > The facility in question is the OASIS XML Catalogs 1.1 specification [30]. It defines an entity catalog that 17 > handles the following two cases: 18 > ? Mapping an external entity?s public identifier and/or system identifier to a URI reference. 19 > ? Mapping the URI reference of a resource to another URI reference. 20 > Using the entity catalog, an application can package one or more description and/or schema documents in 21 > jar files, avoiding costly remote accesses, or remap remote URIs to other, possibly local ones. Since the 22 > catalog is an XML document, a deployer can easily alter it to suit the local environment, unbeknownst to 23 > the application code. 24 > The catalog is assembled by taking into account all accessible resources whose name is META-INF/jax- 25 > -ws-catalog.xml. Each resource MUST be a valid entity catalog according to the XML Catalogs 1.1 26 > specification. When running on the Java SE platform, the current context class loader MUST be used to 27 > retrieve all the resources with the specified name. Relative URIs inside a catalog file are relative to the 28 > location of the catalog that contains them. 29 > } Conformance (Use of the Catalog): In the process of resolving a URI that points to a WSDL document 30 > or any document reachable from it, a JAX-WS implementation MUST perform a URI resolution for it, as 31 > prescribed by the XML Catalogs 1.1 specification, using the catalog defined above as its entity catalog. 32 > In particular, every JAX-WS API argument or annotation element whose semantics is that of a WSDL 33 > location URI MUST undergo URI resolution using the catalog facility described in this section. 34 > Although defined in the client API chapter for reasons of ease of exposure, use of the catalog is in no way 35 > restricted to client uses of WSDL location URIs. In particular, resolutions of URIs to WSDL and schema 36 > documents that arise during the publishing of endpoint metadata (see 5.2.5) are subject to the requirements 37 > in this section, resulting in catalog-based URI resolutions. > > There is a catalog implementation by Apache > http://xml.apache.org/commons/components/resolver/ > XML Entity and URI Resolvers > http://xml.apache.org/commons/components/resolver/resolver-article.html -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

1
0
0 / 0

[JBoss JIRA] Created: (JBWS-1431) Merge ws-security config with jaxrpc/jaxws config

by Thomas Diesler (JIRA)

Merge ws-security config with jaxrpc/jaxws config ------------------------------------------------- Key: JBWS-1431 URL: http://jira.jboss.com/jira/browse/JBWS-1431 Project: JBoss Web Services Issue Type: Task Security Level: Public (Everyone can see) Components: jaxrpc, jaxws Reporter: Thomas Diesler Assigned To: Thomas Diesler Fix For: jbossws-2.0.0 The config data should be in standard jbossws client/server side config files. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

2
2
0 / 0

[JBoss JIRA] Created: (JBWS-1382) Provide access to servlet init params

by Thomas Diesler (JIRA)

Provide access to servlet init params ------------------------------------- Key: JBWS-1382 URL: http://jira.jboss.com/jira/browse/JBWS-1382 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: jaxrpc Reporter: Thomas Diesler Assigned To: Thomas Diesler Fix For: jbossws-1.0.6 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

16 years, 9 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-issues February 2008