March 2007 - jbossws-users - Jboss List Archives

How to disable weak ciphersuites for a SSL secured webservice

by Wolfgang Moser

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello there at JBossWS, I'm developing for a WebServices application that runs on JBoss 4.0.5.GA with JBossWS 1.0.4.GA We got managed to setup JBoss as well as the deployed WebService to only allow SSL connections (with user authentication). Unfortunately we don't see a way to disable all the weak ciphersuites (like DES40, RC4_40 or standard DES) for that SSL secured webservice, so that the server acts in a way that it will never accept such weak ciphersuites on the initial SSL handshake. I did already check out: http://jira.jboss.com/jira/browse/JBAS-1983 but was not able to configure the ciphersuites accordingly (this included JBAS-2785). I wasn't unable to check out, if these settings would change anything on WebServices, since JBoss doesn't start due to a null pointer exception (see attachment). As some debugging reveals, this is because the member "securityDomain" within: org.jboss.security.ssl.ServerSocketFactory seems to not get initialized. Any hints on how to become able to select or to configure the ciphersuites being accepted from our SSL enabled WebServices application would be appreciated much. - -- With kind regards, Wolfgang Moser _______________________________________________________________ SRC Security Research & Consulting GmbH Graurheindorfer Str. 149 a Tel: +49(0)228-2806-149 53117 Bonn Fax: +49(0)228-2806-199 http://www.src-gmbh.de Mob: +49(0) Handelsregister Bonn: HRB 9414 Geschäftsführer: Gerd Cimiotti -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iQEVAwUBRgpPaV351eL5alt0AQh6+wf+Na9a4R1m7Q0InWpJMi860Zc9VwyNw9hS klWpt9DPevLhdCopke2AFN2lbyvnbkx2FApBSsRItoowCmow1A6R0CGsY6cZsWo7 jersZe4Ee7U60V6CYreX1C7V6A1/vvPTPq9P0CU2Te4aamd80kOZhCjJ2nZ3vOJQ aVqx3TK2PObTsIYRo01E4dVtfhYNkNznZGKjEdubXai1b4c7Sn3/Gwdid/SRN5jl MpWMLoYhS763ZgXv71S3XFIDdNDTWh36kPpmqokb1baUl7ceUjEdprganBzhQeLE 4qF4dV/R2MCXdBAdcRjGR9/E7XRnP4riPH3OBa6o8wzRRVIF6jOMwA== =RJpB -----END PGP SIGNATURE----- 10:47:44,078 WARN [ServiceController] Problem starting service jboss:service=invoker,type=jrmp,socketType=SSLSocketFactory java.lang.NullPointerException at org.jboss.security.ssl.Context.forDomain(Context.java:66) at org.jboss.security.ssl.DomainServerSocketFactory.initSSLContext(DomainServerSocketFactory.java:304) at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:225) at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:203) at org.jboss.security.ssl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:120) at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:622) at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:231) at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:178) at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:382) at sun.rmi.transport.LiveRef.exportObject(LiveRef.java:116) at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:180) at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:293) at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:256) at org.jboss.invocation.jrmp.server.JRMPInvoker.exportCI(JRMPInvoker.java:451) at org.jboss.invocation.jrmp.server.JRMPInvoker.startService(JRMPInvoker.java:373) at org.jboss.invocation.jrmp.server.JRMPInvoker$1.startService(JRMPInvoker.java:150) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at org.jboss.invocation.jrmp.server.JRMPInvoker.jbossInternalLifecycle(JRMPInvoker.java:645) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:417) at org.jboss.system.ServiceController.start(ServiceController.java:435) at org.jboss.system.ServiceController.start(ServiceController.java:435) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy4.start(Unknown Source) at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy5.deploy(Unknown Source) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:490) at java.lang.Thread.run(Thread.java:595)

18 years, 11 months

1
1
0 / 0

[JBossWS] - Re: wstools failing on XSDs using xs:import

by krishnakumars

This one's been out for over a year now. How do people deal with it? Any workarounds? I find it difficult to have a flat set of XSDs without the ability to import. Its a pain to have the same elements and types defined repeatedly in multiple XSDs. having a core XSd that's imported by other XSDs is critical to good design (at least abstraction and reuse). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033394#4033394 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033394

19 years

1
0
0 / 0

[JBossWS] - Re: How Do I See the XML?

by joshlam

You can try something like: | public boolean handleMessage(SOAPMessageContext ctx) | { | boolean outbound= ((Boolean)ctx.get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue(); | SOAPMessage m = ctx.getMessage(); | ByteArrayOutputStream bo = new ByteArrayOutputStream(); | try | { | if (outbound) | { | | m.writeTo(bo); | System.out.println("Outbound: "+bo.toString()); | } | else // inbound | { | | m.writeTo(bo); | System.out.println("Inbound: "+bo.toString()); | } | } | catch (SOAPException e) | { | e.printStackTrace(); | return false; | } | catch (IOException e) | { | e.printStackTrace(); | return false; | } | | return true; | } | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033308#4033308 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033308

19 years

1
0
0 / 0

[JBossWS] - How to disable weak ciphersuites for a SSL secured webservice

by Wolfgang Moser

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello there at JBossWS, (please excuse me for sending this message twice, it seems I didn't format my subject line correctly, so the message wasn't put through onto the forum) I'm developing for a WebServices application that runs on JBoss 4.0.5.GA with JBossWS 1.0.4.GA We got managed to setup JBoss as well as the deployed WebService to only allow SSL connections (with user authentication). Unfortunately we don't see a way to disable all the weak ciphersuites (like DES40, RC4_40 or standard DES) for that SSL secured webservice, so that the server acts in a way that it will never accept such weak ciphersuites on the initial SSL handshake. I did already check out: http://jira.jboss.com/jira/browse/JBAS-1983 but was not able to configure the ciphersuites accordingly (this included JBAS-2785). I wasn't unable to check out, if these settings would change anything on WebServices, since JBoss doesn't start due to a null pointer exception (see attachment). As some debugging reveals, this is because the member "securityDomain" within: org.jboss.security.ssl.ServerSocketFactory seems to not get initialized. Any hints on how to become able to select or to configure the ciphersuites being accepted from our SSL enabled WebServices application would be appreciated much. - -- With kind regards, Wolfgang Moser _______________________________________________________________ SRC Security Research & Consulting GmbH Graurheindorfer Str. 149 a Tel: +49(0)228-2806-149 53117 Bonn Fax: +49(0)228-2806-199 http://www.src-gmbh.de Mob: +49(0) Handelsregister Bonn: HRB 9414 Geschäftsführer: Gerd Cimiotti -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iQEVAwUBRg04Al351eL5alt0AQhswwgAnDKiNJ9o0izElzH08D7MU1buhfaxJDOC tTh6qK8qsJ/bMcPSgpwCQV0ulpUukWiQacdhrIZtDu+xvgy8bZ1YCWFjw8lRrgVv aJpwZQ6g+On+B5ZOWnkdRcvt0LWvOyJxaADLRso+WQm9HJ3U+TidtyVsFGU+rgct 0C0t0Df8vLcyoj7IFKC0nJWaUsnVVqXEoRxvTlS45WDYjsYI6n0GxYG5hiY/PSZV djoAVXhzeuP0hBwzEsyEKfBd6a2Kp/nzNNDuF2/V8awKlSmaiDeDBdNBf99ktyyv 6lBLwQuj5fjoXVQDQXXieGHTSvInB/ZVnMXLYbKbGut0Y1YW2SEPcQ== =I9Pc -----END PGP SIGNATURE----- 10:47:44,078 WARN [ServiceController] Problem starting service jboss:service=invoker,type=jrmp,socketType=SSLSocketFactory java.lang.NullPointerException at org.jboss.security.ssl.Context.forDomain(Context.java:66) at org.jboss.security.ssl.DomainServerSocketFactory.initSSLContext(DomainServerSocketFactory.java:304) at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:225) at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:203) at org.jboss.security.ssl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:120) at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:622) at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:231) at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:178) at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:382) at sun.rmi.transport.LiveRef.exportObject(LiveRef.java:116) at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:180) at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:293) at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:256) at org.jboss.invocation.jrmp.server.JRMPInvoker.exportCI(JRMPInvoker.java:451) at org.jboss.invocation.jrmp.server.JRMPInvoker.startService(JRMPInvoker.java:373) at org.jboss.invocation.jrmp.server.JRMPInvoker$1.startService(JRMPInvoker.java:150) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at org.jboss.invocation.jrmp.server.JRMPInvoker.jbossInternalLifecycle(JRMPInvoker.java:645) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:417) at org.jboss.system.ServiceController.start(ServiceController.java:435) at org.jboss.system.ServiceController.start(ServiceController.java:435) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy4.start(Unknown Source) at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy5.deploy(Unknown Source) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:490) at java.lang.Thread.run(Thread.java:595)

19 years

1
0
0 / 0

[JBossWS] - Re: How Do I See the XML?

by rmartony

I created a handler, how can I print out the XML of the incoming request? I have the SOAPMessage, SOAPHeader and SOAPBody. What should I do next? I'm using JBossWS-1.0.4.GA, installed into JBoss AS 4.0.5.GA. Regards, Rafael. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033208#4033208 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033208

19 years

1
0
0 / 0

[JBossWS] - Re: How to register SerializerFactory and DeSerializerFactor

by czhao07

Yep, this should work. My workaround is to change the WSDL to not use soap encoding style, now it works just fine. -Chunyun Zhao View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033188#4033188 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033188

19 years

1
0
0 / 0

[JBossWS] - Re: JSR181 EJB endpoint with root contextRoot

by jason.greene＠jboss.com

Is example.war a servlet deployment? If so, it would conflict with the generated war for the service. Otherwise you don't need that entry. Can you also try contextRoot=""? Otherwise, I believe, we may need to add special support for this for EJB endpoints. http://jira.jboss.com/jira/browse/JBWS-1596 In the meantime you could do with this with a war style deployment. http://wiki.jboss.org/wiki/Wiki.jsp?page=SetupARootContextApp -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033176#4033176 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033176

19 years

1
0
0 / 0

[JBossWS] - Re: StackOverflowError with WS-Security

by jason.greene＠jboss.com

If you need to fix it asap, i would recommend just increasing your stack size (-Xss jvm option). Otherwise if you can create a test case that demonstrates the problem and attach it to a jira issue, we can debug it. -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033170#4033170 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033170

19 years

1
0
0 / 0

[JBossWS] - Re: Pooling pojos

by jason.greene＠jboss.com

Currently the only way you get pooling is with EJB3. The POJO model currently allocates an instance per request. This should be improved to reuse the same instance across multiple requests like the servlet container. While we could add pooling to the POJO model, it would only be relevant for endpoints that implement SingleThreadModel, since otherwise they are supposed to be written to handle concurrent requests. -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033164#4033164 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033164

19 years

1
0
0 / 0

[JBossWS] - Re: Name of generated exception class

by jason.greene＠jboss.com

Yes, the package name passed to wsconsume is an override, and is not really part of the standard. It's just their for ease of use. You can change the name of the exception class by using <jaxws:class name="MyNewException" node="..."/> to point to the wsdl:fault element. You can also change the name of the fault bean by using a JAXB customization that points to the schema complex type: <jaxb:class name="AuthorizationFaultBean" node="..."/> -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033159#4033159 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033159

19 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-users March 2007