[
https://jira.jboss.org/jira/browse/JBWS-2216?page=com.atlassian.jira.plug...
]
Richard Opalka commented on JBWS-2216:
--------------------------------------
I commented out SSL connector in server/default/deploy/jboss-web.deployer/server.xml
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150" scheme="https"
secure="true"
clientAuth="false" sslProtocol="TLS" />
I generated keystore and digitally signed the certificate:
[/home/opalka][/home/opalka]>keytool -genkey -alias tomcat -keyalg RSA -validity 1095
-keystore ~/.keystore
Enter keystore password: changeit
What is your first and last name?
[Unknown]: 127.0.0.1
What is the name of your organizational unit?
[Unknown]: servers
What is the name of your organization?
[Unknown]: Organization name
What is the name of your City or Locality?
[Unknown]: My Country
What is the name of your State or Province?
[Unknown]: My Republic
What is the two-letter country code for this unit?
[Unknown]: EN
Is CN=127.0.0.1, OU=servers, O=Organization Name, L="My City", ST=My Country,
C=EN correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
[/home/opalka][/home/opalka]>keytool -selfcert -alias tomcat -keystore .keystore
Enter keystore password: changeit
I commented out webservice secure port in
server/default/deploy/jbossws.sar/jbossws.beans/META-INF/jboss-beans.xml
<bean name="WSServerConfig"
class="org.jboss.wsf.stack.jbws.NativeServerConfig">
<property name="mbeanServer"><inject
bean="WSMBeanServerLocator"
property="mbeanServer"/></property>
<property
name="webServiceHost">${jboss.bind.address}</property>
<property name="modifySOAPAddress">true</property>
<property name="webServiceSecurePort">8443</property>
<property name="webServicePort">8080</property>
</bean>
I updated my web.xml to include security constraints:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<servlet>
<servlet-name>TestService</servlet-name>
<servlet-class>org.jboss.test.ws.jaxws.samples.webparam.PingServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestService</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
And everything works as expected. My WSDL contains both https and correct port and
it's accessible through https only:
<service name="PingServiceImplService">
<port binding="tns:PingServiceBinding"
name="PingServicePort">
<soap:address
location="https://127.0.0.1:8443/jaxws-samples-webparam"/>
</port>
</service>
Soap address incorrect for https
---------------------------------
Key: JBWS-2216
URL:
https://jira.jboss.org/jira/browse/JBWS-2216
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.0.1
Reporter: Joan Pujol Espinar
Assignee: Richard Opalka
The soap address is incorrect for https.
There's no way to change the soap address to https.
Althouth I've in jboss-beans.xml
<property name="webServiceHost">localhost</property>
<property name="modifySOAPAddress">true</property>
<property name="webServiceSecurePort">8545</property>
<property name="webServicePort">8080</property>
And I've the CONFIDENTIAL transport-guarantee in the webapp that has the ws.
<user-data-constraint>
<description>SSL</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
The generated WDSL always has soap:address with http
<port binding="ns1:repositoriDocumentsBinding"
name="RepositoriDocumentsWSPort">
<soap:address
location="http://localhost:8080/xcpwsserver/RepositoriDocuments" />
</port>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira