[JBossWS] - Re: WSSE UsernameToken without HTTP basic auth?
by alessio.soldano@jboss.com
I did a bit of tests and investigation..
"mageshbk(a)jboss.com" wrote : The Username token sent in the SOAP Message is the one used by the endpoint server/stack to authenticate the user who is performing this request. This is called MessageLevel Security as defined by UsernameToken profile. If you see, Servlet endpoints can be configured with only basic or digest as per the specs of their deployment model. So setting AUTH_TYPE_WSSE is not and will not be applicable to the servlet deployment model unless you write your own customized implementation for it.
mikaeljl, in other words this means you can easily and successfully use the wsse username token profile without basic authentication through EJB3 endpoints.
I did this way:
| @WebService(
| wsdlLocation = "META-INF/wsdl/WsSecurity10.wsdl",
| serviceName = "PingService10",
| name = "IPingService",
| targetNamespace = "http://InteropBaseAddress/interop",
| endpointInterface = "org.jboss.test.ws.interop.nov2007.wsse.IPingService",
| portName = "UserNameOverTransport_IPingService")
| @EndpointConfig(configName = "Standard WSSecurity Endpoint")
| @Stateless
| @SecurityDomain("JBossWS")
| @WebContext(contextRoot="/nov2007/wsseUsernameTokenHTTPS", urlPattern="/endpoint")
| public class UsernameTokenHTTPSTestService extends TestService implements IPingService {
| ...
| }
|
please note, no authMethod and transportGuarantee in the @WebContext.
On the client side:
| ((BindingProvider)port).getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE);
| ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
| ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
|
This prevents the stack from using the basic auth and set the user/pwd in the context so that they can be put in the Username token. Using the wrong user/pwd couple causes an authentication failure due to a javax.ejb.EJBAccessException.
Of course you need to set client wsse config the right way:
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <config>
| <username/>
| <timestamp ttl="300"/>
| </config>
| </jboss-ws-security>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121401#4121401
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4121401
16 years, 11 months
[JBossWS] - Re: WS-Security Newbie Question...
by lafaserem
Ok... I have now added xmlsec.jar into "JBOSS_HOME/lib/endorsed" and recompile (just in case...) and the wsrunclient again... and I got this error:
| javax.xml.ws.WebServiceException: org.jboss.ws.core.CommonSOAPFaultException: An
| internal WS-Security error occurred. See log for details
| at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFa
| ilure(HandlerChainExecutor.java:276)
| at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha
| ndlerChainExecutor.java:155)
| at org.jboss.ws.core.jaxws.client.ClientImpl.callRequestHandlerChain(Cli
| entImpl.java:160)
| at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:297)
| at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
|
| at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:16
| 4)
| at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:15
| 0)
| at $Proxy15.echo(Unknown Source)
| at prueba.HelloClient.main(HelloClient.java:32)
| Caused by: org.jboss.ws.core.CommonSOAPFaultException: An internal WS-Security e
| rror occurred. See log for details
| at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(
| WSSecurityDispatcher.java:105)
| at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleOutbound(
| WSSecurityDispatcher.java:311)
| at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleOutbou
| ndSecurity(WSSecurityHandler.java:95)
| at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient.handle
| Outbound(WSSecurityHandlerClient.java:45)
| at org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericH
| andler.java:55)
| at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha
| ndlerChainExecutor.java:295)
| at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha
| ndlerChainExecutor.java:140)
|
Thanks again for your interest :)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121273#4121273
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4121273
16 years, 11 months
[JBossWS] - Re: WS-Security Newbie Question...
by lafaserem
Ups... Ok... That's was consecuence of so many "copy-paste"s that I have done during all these days :)
My Hello.java file is now like this:
| package wssec;
|
| import javax.jws.WebMethod;
| import javax.jws.WebParam;
| import javax.jws.WebResult;
| import javax.jws.WebService;
| import javax.xml.ws.RequestWrapper;
| import javax.xml.ws.ResponseWrapper;
|
|
| /**
| * This class was generated by the JAX-WS RI.
| * JAX-WS RI 2.1.1-b03-
| * Generated source version: 2.0
| *
| */
| @WebService(name = "Hello", targetNamespace = "urn:ws.sec")
| public interface Hello {
|
|
| /**
| *
| * @param nombre
| * @return
| * returns java.lang.String
| */
| @WebMethod
| @WebResult(targetNamespace = "")
| @RequestWrapper(localName = "echo", targetNamespace = "urn:ws.sec", className = "sec.ws.Echo")
| @ResponseWrapper(localName = "echoResponse", targetNamespace = "urn:ws.sec", className = "sec.ws.EchoResponse")
| public String echo(
| @WebParam(name = "nombre", targetNamespace = "")
| String nombre);
|
| }
|
but now I have this error:
| Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/xml/securi
| ty/Init
| at org.jboss.ws.extensions.security.SecurityEncoder.<init>(SecurityEncod
| er.java:47)
| at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleOutbound(
| WSSecurityDispatcher.java:302)
| at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleOutbou
| ndSecurity(WSSecurityHandler.java:95)
| at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient.handle
| Outbound(WSSecurityHandlerClient.java:45)
| at org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericH
| andler.java:55)
| at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha
| ndlerChainExecutor.java:295)
| at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha
| ndlerChainExecutor.java:140)
| at org.jboss.ws.core.jaxws.client.ClientImpl.callRequestHandlerChain(Cli
| entImpl.java:160)
| at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:297)
| at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
|
| at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:16
| 4)
| at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:15
| 0)
| at $Proxy15.echo(Unknown Source)
| at wssec.HelloClient.main(HelloClient.java:32)
|
I don't know what's happening now.. I'm with it, but if you see something, i'll be grateful for your advices ;)
At least now I see errors refering to WSSecurity and that makes me happy hehe :)
Thanks ;)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121266#4121266
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4121266
16 years, 11 months