[JBoss JIRA] Created: (JBWS-1999) WS-Security Usename Token Profile JAAS Implementation for JSE based WebServices
by Thomas Diesler (JIRA)
WS-Security Usename Token Profile JAAS Implementation for JSE based WebServices
-------------------------------------------------------------------------------
Key: JBWS-1999
URL: http://jira.jboss.com/jira/browse/JBWS-1999
Project: JBoss Web Services
Issue Type: Task
Security Level: Public (Everyone can see)
Components: jbossws-native
Reporter: Thomas Diesler
Fix For: jbossws-native-2.0.4
Karl de Boer sais:
I created a Username TokenProfile implementation where the userid pwd are verified against the active JAAS SecurityManager
I want to share this with you.
It appears to me there is only support for EJB based webservices for this. So i had to create it myself in the form of a messagehandler and some glue to integrate with JBossSX.
In general i think the focus is to much on EJB Based services. I prefer the WSDL first approach to define a proper SOA.
It is not a perfect implementation. I do'nt do anything with Nonce and Timestamp and i also do not support passwordDigest.
So i also do not use any keystores (PasswordText is protect by the transport layer in my case (SSL)). I saw there is an issue in JIRA where the keystore shoud not be required. This is such a case.
I also was surprised that JBossWS does not check anymore for the requires Username section in Jboss-wsse-server.xml. But for this there is also as JIRA issue
What i did in a separate messagehandler should perhaps be moved to the WSSecurityDispatcher, which takes care of all WSSecurity related stuff.
To activate the messagehandler processing i simply adjusted the default the standard-jaxws-endpoint-config.xml
<endpoint-config>
<config-name>Standard WSSecurity Endpoint</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurity Handler</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
</javaee:handler>
<javaee:handler>
<javaee:handler-name>UserNameTokenProfileMessageHandler</javaee:handler-name>
<javaee:handler-class>nl.jnc.common.services.wssecurity.UserNameTokenProfileMessageHandler</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</endpoint-config>
I did not investigate how to link the authenticated user (principal) and associated roles to the WebServiceContext. I directly refer to the SecurityAssociation class which stores Subject and Principal in threadlocal.
In the SEI implementaion is use the princiap and roles like this (cloul be improved):
private boolean isUserInRole(String roleName) {
Subject sub = SecurityAssociation.getSubject();
if (sub != null) {
Set<Principal> set = SecurityAssociation.getSubject().getPrincipals();
if (set!= null) {
for (Principal p : set) {
if (p instanceof SimpleGroup) {
SimpleGroup ng = (SimpleGroup) p;
Enumeration mem = ng.members();
while (mem.hasMoreElements()) {
Principal p1 = (Principal) mem.nextElement();
if (p1.getName().equalsIgnoreCase(roleName)) return true;
}
}
}
}
}
return false;
}
Attached you will find the rest. You are free to use it the way you like.
In the WsSecurityManager you will also find some a method to authenticate a user with a certificate but this is not tested.
I use the security implementation against an LDAP (LdapLoginModule). The users are system accounts, the data(sections) returned by the service are governed by the roles a system users has.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 10 months
[JBoss JIRA] Created: (JBWS-1683) Fix JAXR samples for XFire
by Thomas Diesler (JIRA)
Fix JAXR samples for XFire
--------------------------
Key: JBWS-1683
URL: http://jira.jboss.com/jira/browse/JBWS-1683
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: integration-sunri
Reporter: Thomas Diesler
Fix For: jbossws-2.1.0
2007-06-01 06:12:43,257 ERROR [org.jboss.jaxr.juddi.transport.SaajTransport:94] Exception::
org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change an object in a way which is incorrect with regard to namespaces.
at com.sun.org.apache.xerces.internal.dom.CoreDocumentImpl.checkDOMNSErr(CoreDocumentImpl.java:2409)
at com.sun.org.apache.xerces.internal.dom.AttrNSImpl.setName(AttrNSImpl.java:150)
at com.sun.org.apache.xerces.internal.dom.AttrNSImpl.<init>(AttrNSImpl.java:111)
at com.sun.org.apache.xerces.internal.dom.CoreDocumentImpl.createAttributeNS(CoreDocumentImpl.java:2012)
at com.sun.xml.messaging.saaj.soap.SOAPDocumentImpl.createAttributeNS(SOAPDocumentImpl.java:161)
at com.sun.org.apache.xerces.internal.dom.ElementImpl.setAttributeNS(ElementImpl.java:684)
at com.sun.xml.messaging.saaj.soap.impl.ElementImpl.setAttributeNS(ElementImpl.java:1241)
at com.sun.xml.messaging.saaj.soap.impl.ElementImpl.addAttributeBare(ElementImpl.java:499)
at com.sun.xml.messaging.saaj.soap.impl.ElementImpl.addAttributeBare(ElementImpl.java:471)
at com.sun.xml.messaging.saaj.soap.impl.ElementImpl.addAttribute(ElementImpl.java:454)
at org.jboss.jaxr.juddi.transport.SaajTransport.appendAttributes(SaajTransport.java:156)
at org.jboss.jaxr.juddi.transport.SaajTransport.appendElements(SaajTransport.java:180)
at org.jboss.jaxr.juddi.transport.SaajTransport.appendElements(SaajTransport.java:181)
at org.jboss.jaxr.juddi.transport.SaajTransport.createSOAPMessage(SaajTransport.java:136)
at org.jboss.jaxr.juddi.transport.SaajTransport.send(SaajTransport.java:77)
at org.apache.juddi.proxy.RegistryProxy.execute(RegistryProxy.java:368)
at org.apache.juddi.AbstractRegistry.saveBusiness(AbstractRegistry.java:582)
at org.apache.ws.scout.registry.BusinessLifeCycleManagerImpl.executeOperation(BusinessLifeCycleManagerImpl.java:532)
at org.apache.ws.scout.registry.BusinessLifeCycleManagerImpl.saveOrganizations(BusinessLifeCycleManagerImpl.java:389)
at org.jboss.test.ws.jaxws.samples.jaxr.scout.query.JaxrBusinessQueryTestCase.setUp(JaxrBusinessQueryTestCase.java:58)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 11 months
[JBoss JIRA] Created: (JBWS-2331) Exploded deployment: web.xml modified to web.xml.org - Subsequent runs fail
by Ralf Taugerbeck (JIRA)
Exploded deployment: web.xml modified to web.xml.org - Subsequent runs fail
---------------------------------------------------------------------------
Key: JBWS-2331
URL: https://jira.jboss.org/jira/browse/JBWS-2331
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-cxf
Affects Versions: jbossws-cxf-3.0.3
Environment: win32, jboss AS 4.2.3 GA, jdk 1.5.0_15
Reporter: Ralf Taugerbeck
When using exploded EAR/WAR deployment web.xml is modified on each server start. That has two effects:
- the original web.xml, which was renamed to web.xml.org after 1st start is lost on 2nd server start
- the context parameter jbossws.cxf.beans.url is added to web.xml multiple times
My web.xml on second server start:
<web-app>
...
<context-param>
<param-name>jbossws.cxf.beans.url</param-name>
<param-value>file:/D:/Tools/jboss-4.2.3.GA/server/default/tmp/jbossws/jbossws-cxf29799.xml</param-value>
</context-param>
<context-param>
<param-name>jbossws.cxf.beans.url</param-name>
<param-value>file:/D:/Tools/jboss-4.2.3.GA/server/default/tmp/jbossws/jbossws-cxf58750.xml</param-value>
</context-param>
</web-app>
The exception is:
...
Caused by: java.lang.IllegalArgumentException: Duplicate context initialization parameter jbossws.cxf.beans.url
at org.apache.catalina.core.StandardContext.addParameter(StandardContext.java:2332)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 11 months
[JBoss JIRA] Created: (JBWS-2114) Soap attachments are dropped on server response when added in ejb3 jaxws handler
by Thomas Diesler (JIRA)
Soap attachments are dropped on server response when added in ejb3 jaxws handler
--------------------------------------------------------------------------------
Key: JBWS-2114
URL: http://jira.jboss.com/jira/browse/JBWS-2114
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Environment: windows, linux, jdk1.5
Reporter: Thomas Diesler
Assigned To: Heiko Braun
Fix For: jbossws-2.0.0
Soap attachments were dropped on server responses. Attachment can be added on a handler's handleResponse method; however it mysteriously disappeared on the outgoing soap message.
The problem was in the ServiceEndpointInvoker. It overwrote the SOAPMessage in the MessageContext. In this class, the method invokeServiceEndpoint was overwritten by ServiceEndpointInvokerEJB21, which invokes the EJB via the ServiceEndpointInterceptor. This ServiceEndpointInterceptor invokes the EJB and also the handlers; it creates the correct SOAPMessage and sets it in the ContextContext. Unfortunately, it was overwritten later by the ServiceEndpointInvoker.
Fixes are attached.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 11 months
[JBoss JIRA] Created: (JBWS-2288) Exception handling issue in org.jboss.ws.core.CommonClient.
by aodhan hoffman (JIRA)
Exception handling issue in org.jboss.ws.core.CommonClient.
-----------------------------------------------------------
Key: JBWS-2288
URL: https://jira.jboss.org/jira/browse/JBWS-2288
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.0.3
Environment: Shown running JBossAS 4.2.2 & 4.2.3, JBossWS 3.0.1 & 3.0.3 on windows XP, JVM 1.5.0_15
Reporter: aodhan hoffman
In troubleshooting a problem another user, PeterJ, found what looks like a coding error at line 404 in org.jboss.ws.core.CommonClient.invoke(). Exception is caught but details are not logged before another method is called which in turn causes another exception. See http://www.jboss.com/index.html?module=bb&op=viewtopic&t=141051
I tried using JBossWS 3.x stand alone, stock downloads of JBossAS 4.2.x and JBossAS 4.2.x updated to JBossWS 3.0.1, 3.0.2, & 3.0.3. All versions of JBossWS 3.0.x appear to contain this code segment.
// Stacktrace
Exception in thread "main" javax.xml.ws.WebServiceException: java.lang.IllegalStateException: Cannot find property: java
x.xml.ws.handler.message.outbound
at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:404)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:314)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:172)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:152)
at $Proxy19.update(Unknown Source)
at com.boeing.nmt.nls.mv4client.MV4Client.disableTag(MV4Client.java:308)
at com.boeing.nmt.nls.test.AssetTest.main(AssetTest.java:25)
Caused by: java.lang.IllegalStateException: Cannot find property: javax.xml.ws.handler.message.outbound
at org.jboss.ws.core.jaxws.handler.MessageContextJAXWS.processPivot(MessageContextJAXWS.java:109)
at org.jboss.ws.core.jaxws.client.ClientImpl.processPivot(ClientImpl.java:363)
at org.jboss.ws.core.CommonClient.processPivotInternal(CommonClient.java:476)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:404)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:302)
// Lines 401-420 of CommonClient.java
// http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/sr...
catch (Exception ex)
{
// Reverse the message direction
processPivotInternal(msgContext, direction); // <-- line 404, where the later exception gets thrown
if (faultType[2] != null)
callFaultHandlerChain(portName, faultType[2], ex);
if (faultType[1] != null)
callFaultHandlerChain(portName, faultType[1], ex);
if (faultType[0] != null)
callFaultHandlerChain(portName, faultType[0], ex);
throw ex;
}
finally
{
closeHandlerChain(portName, handlerType[2]);
closeHandlerChain(portName, handlerType[1]);
closeHandlerChain(portName, handlerType[0]);
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 11 months