[JBoss JIRA] Created: (JBWS-2833) WebServiceContext#getUserPrincipal() returns null when a service is protected by "Standard WSSecurity Endpoint"
by Morten Andersen (JIRA)
WebServiceContext#getUserPrincipal() returns null when a service is protected by "Standard WSSecurity Endpoint"
---------------------------------------------------------------------------------------------------------------
Key: JBWS-2833
URL: https://jira.jboss.org/jira/browse/JBWS-2833
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: ws-security
Affects Versions: jbossws-native-3.1.2
Environment: jboss-5.1.0.GA (i.e. JBoss Web Services version 3.1.2.GA)
java 1.6
Reporter: Morten Andersen
When exposing a webservice using the "@WebServiceProvider" annotation, and protecting it with WSSE username token the WebServiceContext#userPrincipal is not set.
The WEB-INF/jboss-wsse-server.xml is configured as described here:
http://www.jboss.org/community/wiki/JBossWS-WS-Securityoptions#POJO_Endpo...
Although this does not really seem to be enough, as it is also required to have META-INF/standard-jaxws-endpoint-config.xml file with only the "Standard WSSecurity Endpoint" on the server to actually enforce the authentication of the username token.
Attached:
* wstest.war: example war - exposing one webservice (compiled from the content of server.zip)
* server.zip: source for the wstest.war
* client.zip: simple client for the server, sending a username token.
Reproducing the problem:
1) deploy wstest.war to a jboss 5.1.0
2) open the run.sh in the client.zip, and set the JBOSS_5 to fit your installation. It the server is not listening on 8080, modify the url in the client source (WsExampleClient.java).
3) compile and run the client, by running ./run.sh
4) inspect the server log. If this says: "[INFO] Principal = null" we have the problem (expected principal = admin)
Server code:
* service: server.zip:src/main/java/org/example/WsExample.java
* wsdl: server.zip:src/main/webapp/WEB-INF/wsdl
* wsse-config: server.zip:src/main/webapp/WEB-INF/jboss-wsse-server.xml
* wsse-config2: server.zip:src/main/webapp/META-INF/standard-jaxws-endpoint-config.xml
It seems that "wsse-config2" is required. If this is not present, it is possible for the client to send any client credentials it want (or leave them out) and it will still get admission to the service.
Other areas where this has been discussed:
* http://www.jboss.org/index.html?module=bb&op=viewtopic&t=127582&postdays=...
* http://www.jboss.org/community/wiki/jbosssecuritytokenservice#comment-2075 (in relation to the same problem in the JBoss STS)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 9 months
[JBoss JIRA] Created: (JBWS-2744) Dispatch and Config Provider via System Properties and/or a Properties file
by Anil Saldhana (JIRA)
Dispatch and Config Provider via System Properties and/or a Properties file
---------------------------------------------------------------------------
Key: JBWS-2744
URL: https://jira.jboss.org/jira/browse/JBWS-2744
Project: JBoss Web Services
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Reporter: Anil Saldhana
The Dispatch seems to be an important JAXWS client construct. It does not provide everything that any JBossWS user needs. Hence there are chances where he may have to cast the dispatch to ConfigProvider and provide the additional settings as outlined in the forum thread.
For this reason, I suggest adding a properties file on the classpath and one setting that can be done via system property. The DispatchImpl implementation needs to handle this one system prop and use the associated properties file to get the settings.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 9 months
[JBoss JIRA] Created: (JBWS-3019) Moving to jbossws-native-3.2.2.GA Stopped honering my java http proxy settings
by David Waters (JIRA)
Moving to jbossws-native-3.2.2.GA Stopped honering my java http proxy settings
------------------------------------------------------------------------------
Key: JBWS-3019
URL: https://jira.jboss.org/jira/browse/JBWS-3019
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.2.2
Environment: jboss-5.1.0.GA, Sun java 1.6.0_14, Window XP 64bit, Intel Core2
Reporter: David Waters
In order to talk to a NTLM secured webservice I go through a NTLM Http proxy (ntlmaps).
I configure this proxy through a java.net.ProxySelector (ProxySelector.setDefault(aCustomProxySelector)).
This was working (with issues) with the version of jbossws that ships with jboss 5.1.0GA (jbossws version 3.1.2.GA). I was required to turn off chunking so I updated to jbossws 3.2.2GA and used ChunkedEncodingFeature to disable chunking.
The installation of jbossws 3.2.2 stopped the webservice calls calling my proxy selector and did not use my configured proxy. I have tried to find any way to reinstate the proxy but have been unsuccessful.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 9 months
[JBoss JIRA] Created: (JBWS-2930) IllegalArgumentException: Illegal null argument:ns - Raised initialising Service referencing a WSDL which imports a xsd with no namespace
by Darran Lofthouse (JIRA)
IllegalArgumentException: Illegal null argument:ns - Raised initialising Service referencing a WSDL which imports a xsd with no namespace
-----------------------------------------------------------------------------------------------------------------------------------------
Key: JBWS-2930
URL: https://jira.jboss.org/jira/browse/JBWS-2930
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.2.2
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: jbossws-native-3.3.0
The following exception is thrown when a Service is initialised using a WSDL that imports a schema with no namespace: -
java.lang.IllegalArgumentException: Illegal null argument:ns
at org.jboss.ws.metadata.wsdl.xmlschema.JBossXSModel.createNamespaceItemIfNotExistent(JBossXSModel.java:511)
at org.jboss.ws.metadata.wsdl.xmlschema.JBossXSModel.addXSElementDeclaration(JBossXSModel.java:351)
at org.jboss.ws.metadata.wsdl.xmlschema.WSSchemaUtils.copyXSModel(WSSchemaUtils.java:707)
at org.jboss.ws.tools.JavaToXSD.parseSchema(JavaToXSD.java:202)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 10 months
[JBoss JIRA] Created: (JBWS-2397) Fix jbws1797 testcase
by Alessio Soldano (JIRA)
Fix jbws1797 testcase
---------------------
Key: JBWS-2397
URL: https://jira.jboss.org/jira/browse/JBWS-2397
Project: JBoss Web Services
Issue Type: Task
Security Level: Public (Everyone can see)
Components: jbossws-metro
Reporter: Alessio Soldano
Priority: Minor
Fix For: jbossws-metro-3.0.6
The JBWS1797TestCase is about .NET friendly part names; it's in framework but has never been executed with the metro integration stack because of the missing wrapper generation on both client and server side. Now that's possible and reveals that the test should be written better to support different message names in the wsdls generated by different stacks (or to have the same generated message names).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 10 months