March 2012 - jbossws-issues - Jboss List Archives

[JBoss JIRA] Created: (JBWS-2932) Support for HTTP Digest authentication, when acting as a client to an external web service

by Ian (JIRA)

Support for HTTP Digest authentication, when acting as a client to an external web service ------------------------------------------------------------------------------------------ Key: JBWS-2932 URL: https://jira.jboss.org/jira/browse/JBWS-2932 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: jbossws-native Affects Versions: jbossws-metro-3.2.1, jbossws-native-3.2.1, jbossws-cxf-3.2.1 Reporter: Ian Please implement HTTP Digest Authentication when acting as a client to an external web service. I don't mean using WS-Security, just using HTTP authentication in a similar that Basic Authentication is used - using JAX-WS code similar to this: String url = configuration.getString(CONFIG_URL); BindingProvider provider = (BindingProvider)requestInvoker; provider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, username); provider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password); This code works if run as a standalone java client (probably because Metro supports it). However it doesn't work with JBossWS: * Native implementation simply doesn't work at all * Metro implementation has classloading issues when web service calls are made (to do with WS-Addressing I think, I've seen other posts about it). * CXF has the same issues as Metro Given from my reading that the WS-Security work supports Digest authentication, it doesn't seem a difficult task. I'd suggest one of two ways to fix it: 1. Implement it in JBossWS native, OR 2. Fix the classloading issues in Metro and/or CXF so those stacks can be used (given they already support it). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 2 months

3
3
0 / 0

[JBoss JIRA] Created: (JBWS-2569) Soap over TCP/IP Transport for Jboss WS

by Bryan Kearney (JIRA)

Soap over TCP/IP Transport for Jboss WS --------------------------------------- Key: JBWS-2569 URL: https://jira.jboss.org/jira/browse/JBWS-2569 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Environment: Jboss 5.0.X, any WS stack, running on Fedora Reporter: Bryan Kearney I would like to see one of the supported WS stackes support SOAP over a TCP/IP transport instead of http. I have 2 main drivers for this: 1) Performance (http://blogs.sun.com/oleksiys/entry/soap_tcp_makes_web_services). 2) Interoperability with the M$ stack, specifically the WCF classes. -- bk -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 2 months

3
4
0 / 0

[JBoss JIRA] Created: (JBWS-3335) Evaluate adding client-configuration to AS7 domain model

by Alessio Soldano (JIRA)

Evaluate adding client-configuration to AS7 domain model -------------------------------------------------------- Key: JBWS-3335 URL: https://issues.jboss.org/browse/JBWS-3335 Project: JBoss Web Services Issue Type: Task Security Level: Public (Everyone can see) Components: jbossws-cxf, jbossws-integration, jbossws-native Reporter: Alessio Soldano Fix For: jbossws-native-4.0, jbossws-cxf-4.0 In JBWS-3286 we added endpoint configurations to the AS7 domain. We need to evaluate the feasibility of doing the same for jaxws client configurations. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 3 months

2
7
0 / 0

[JBoss JIRA] Created: (JBWS-1814) Dynamic Encryption based on clients input

by Magesh Kumar B (JIRA)

Dynamic Encryption based on clients input ----------------------------------------- Key: JBWS-1814 URL: http://jira.jboss.com/jira/browse/JBWS-1814 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: ws-security Affects Versions: jbossws-2.0.1, jbossws-1.2.1 Reporter: Magesh Kumar B Let's say that Bob runs the web service and Alice has a client that uses the web service. Now John would also like to use the web service. John would create: johns.keystore ---------------- john - keyPair (pub+priv) bob - trustedCertEntry (pub) johns.truststore ---------------- john - trustedCertEntry (just john's public key) In addition, Bob's keystore would be updated to: bobs.keystore ---------------- bob - keyPair (public + private key) alice - trustedCertEntry (just alice's public key) john - trustedCertEntry (just john's public key) This does not pose a problem for encrypting the request from the client side since both Alice and John use Bob's public key to encrypt the message, and Bob of course uses his pirvate key to decrypt the message. But how is the response message encrypted? JBossWS apparently does not support multiple clients because the certificate used by the server to encrypt the response is specified statically in jboss-wsse-server.xml. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 3 months

4
4
0 / 0

[JBoss JIRA] (JBWS-3461) HTTPS / TLS Client certificate authentication does not give client certificate to server side

by Tomas Gustavsson (JIRA)

Tomas Gustavsson created JBWS-3461: -------------------------------------- Summary: HTTPS / TLS Client certificate authentication does not give client certificate to server side Key: JBWS-3461 URL: https://issues.jboss.org/browse/JBWS-3461 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Environment: JBoss AS 7.1.0.GA Reporter: Tomas Gustavsson We use client certificate authentication (TLS) for our webservice (JAX-WS annotated EJB). In JBoss 5 and 6 the following code worked to fetch the client certificate in the session bean. MessageContext msgContext = wsContext.getMessageContext(); HttpServletRequest request = (HttpServletRequest) msgContext.get(MessageContext.SERVLET_REQUEST); X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); In JBoss AS 7.1.0.GA no certificate is retrieved. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 3 months

3
5
0 / 0

[JBoss JIRA] (JBWS-3446) Evaluate options for enabling username over transport security wsse tests

by Alessio Soldano (JIRA)

Alessio Soldano created JBWS-3446: ------------------------------------- Summary: Evaluate options for enabling username over transport security wsse tests Key: JBWS-3446 URL: https://issues.jboss.org/browse/JBWS-3446 Project: JBoss Web Services Issue Type: Task Security Level: Public (Everyone can see) Components: jbossws-cxf Reporter: Alessio Soldano Fix For: jbossws-cxf-4.1 <ropalka> asoldano, IMHO we should remove <ropalka>  <ropalka> <exclude>org/jboss/test/ws/jaxws/samples/wssePolicy/UsernameTestCase.*</exclude> <ropalka> <exclude>org/jboss/test/ws/jaxws/samples/wsse/policy/basic/UsernameOverTransportTestCase.*</exclude> <ropalka> asoldano, from our test suite. Because having tests that are not executed doesn't make sense 2 me <ropalka> asoldano, WDYT? <asoldano> ropalka, I don't agree because tests are also needed as examples / tutorials to users <asoldano> ropalka, so if they want to see how to do that, they need those tests <asoldano> ropalka, this said, we should actually try them from time to time... <ropalka> asoldano, ok <ropalka> asoldano, shouldn't be these tests part of jboss quickstart ? <asoldano> ropalka, maybe.. <asoldano> ropalka, do you know btw if the AS7 testsuite has SSL tests? <asoldano> ropalka, we might copy/extend them to cover our wsse transport security tests above <ropalka> asoldano, I have no idea. Ask Darran or Anil <ropalka> asoldano, that would be great <darran> asoldano, it is not something I have worked on myself but I think I have seen some in there <asoldano> darran, interesting, thanks -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 3 months

1
1
0 / 0

[JBoss JIRA] Created: (JBWS-3213) xml preamble ignored for determining charset of SOAP request

by Philippe Marschall (JIRA)

xml preamble ignored for determining charset of SOAP request ------------------------------------------------------------ Key: JBWS-3213 URL: https://issues.jboss.org/browse/JBWS-3213 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Components: jbossws-native Affects Versions: jbossws-native-3.1.2 Environment: Any Reporter: Philippe Marschall If a SOAP request is made with the charset specified in the XML preamble but left out in the HTTP header then JBossWS ignores the XML preamble and defaults to UTF-8. Consider for example the following request {code} POST /crm/webservice HTTP/1.0 content-type: text/xml content-length: 2240 host: example.com:8080 authorization: Basic Y3JtaTAxOnRleGFz user-agent: SAP Web Application Server (1.0;700) accept-encoding: gzip <?xml version="1.0" encoding="iso-8859-1"?>... {code} In this case JBossWS assumes UTF-8 which leads to the following exception on the first non-ASCII character: {code} 2011-02-03 16:09:39,277 3377777 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] (http-0.0.0.0-7766-1:) SOAP request exception org.jboss.ws.core.CommonSOAPFaultException: org.apache.xerces.impl.io.MalformedByteSequenceException: Invalid byte 1 of 1-byte UTF-8 sequence. at org.jboss.ws.core.soap.EnvelopeBuilderDOM.build(EnvelopeBuilderDOM.java:93) at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:294) at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:193) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:455) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131) at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:662) 2011-02-03 16:09:39,309 3377809 ERROR [org.jboss.ws.core.jaxrpc.SOAPFaultHelperJAXRPC] (http-0.0.0.0-7766-1:) SOAP request exception javax.xml.rpc.soap.SOAPFaultException: org.apache.xerces.impl.io.MalformedByteSequenceException: Invalid byte 1 of 1-byte UTF-8 sequence. at org.jboss.ws.core.jaxrpc.SOAPFaultHelperJAXRPC.exceptionToFaultMessage(SOAPFaultHelperJAXRPC.java:189) at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.exceptionToFaultMessage(SOAPFaultHelperJAXWS.java:183) at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.createFaultMessageFromException(SOAP11BindingJAXWS.java:102) at org.jboss.ws.core.CommonSOAPBinding.bindFaultMessage(CommonSOAPBinding.java:671) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:496) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131) at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:662) {code} Looking at the code the problem seems to be that {{org.jboss.ws.core.soap.EnvelopeBuilderDOM#build(SOAPMessage, InputStream, boolean)}} always sets the encoding. In this case the {{InputSource}} should be able to determine the encoding from the preamble. The trouble seems to be that the code defaults to UTF-8 in several places earlier. {{org.jboss.ws.core.soap.EnvelopeBuilderDOM.getEncoding(SOAPMessage)}} hard codes UTF-8 as a fallback. However this can never happen because {{org.jboss.ws.core.soap.SOAPMessageImpl#SOAPMessageImpl()}} initializes as UTF-8. We will attach a full tcpdump later. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 3 months

1
2
0 / 0

[JBoss JIRA] Created: (JBWS-2535) Multiple security domain check is too overzealous

by Galder Zamarreno (JIRA)

Multiple security domain check is too overzealous ------------------------------------------------- Key: JBWS-2535 URL: https://jira.jboss.org/jira/browse/JBWS-2535 Project: JBoss Web Services Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Galder Zamarreno Assignee: Darran Lofthouse If you mix up EJB3 SLSBs without security domains and SLSBs with SecurityDomain("other"), and you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an exception similar to this: Caused by: java.lang.IllegalStateException: Multiple security domains not supported at org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58) at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268) at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101) at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85) at org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78) at org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76) at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121) at org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61) at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84) at org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43) at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60) at org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112) at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50) at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171) ... 18 more The validation seems to be a bit too overzealous. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 4 months

8
10
0 / 0

[JBoss JIRA] (JBWS-3434) Apache CXF STS integration

by Alessio Soldano (JIRA)

Alessio Soldano created JBWS-3434: ------------------------------------- Summary: Apache CXF STS integration Key: JBWS-3434 URL: https://issues.jboss.org/browse/JBWS-3434 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: jbossws-cxf, jbossws-integration Reporter: Alessio Soldano Assignee: Alessio Soldano Fix For: jbossws-cxf-4.1 Make it possible to deploy Apache CXF STS implementation and provide a full WS-Trust demo -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 4 months

1
2
0 / 0

[JBoss JIRA] Created: (JBWS-3109) Global handler to intercept/observe inbound/outbound messages

by Gary Brown (JIRA)

Global handler to intercept/observe inbound/outbound messages ------------------------------------------------------------- Key: JBWS-3109 URL: https://jira.jboss.org/browse/JBWS-3109 Project: JBoss Web Services Issue Type: Feature Request Security Level: Public (Everyone can see) Components: jbossws-integration Reporter: Gary Brown Although individual web services can be configured to use JAX-WS handlers to intercept messages, it would be useful to be able to define a 'global' (server wide) handler that could intercept messages inbound and outbound from any deployed web services, regardless of the web service stack in use. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 4 months

3
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-issues March 2012