March 2008 - jbossws-users - Jboss List Archives

[JBossWS] - Re: Steps for implementing WS-Security in JBoss using Userna

by pramod_bs

Thanks for the suggestions. I have a question. I am trying to figure out how to add a password digest to this. Please help View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136160#4136160 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136160

16 years, 10 months

1
0
0 / 0

[JBossWS] - Turn on clientAuth only on the web services

by poornimaanne

Hi, I have an issue which I have been trying to solve with JBoss4.0.4-GA but hadn't any success so far. I have my web application myapp.war and web services running in the single JBoss instance. 1)I would like anyone to be able to access the web application myapp.war using url https://myhost:8443/myapp without any client authentication. 2)But I would like to put the web services on port 8444 and turn on client Authentication on that port so that people with a valid certificate only can access the web services using URL https://myhost:8444/jbossws/. I have added connectors for ports 8443 with clientAuth=false and 8444 with clientAuth=true. Can anyone suggest me how to disable jbossws on port 8443 and how to disable myapp on 8444? Any help would be appreciated. Thanks, Poornima View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136130#4136130 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136130

16 years, 10 months

1
0
0 / 0

[JBossWS] - Re: Steps for implementing WS-Security in JBoss using Userna

by alessio.soldano＠jboss.com

Yep, this could be a nice tutorial on username tp. A suggestion I can give about this is to say that the StubExt.PROPERTY_AUTH_TYPE property can be used to set the auth type; for example adding ((BindingProvider)port).getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE); prevents the client from using the default basic auth (of course the soap header elements are written nevertheless, as you can see). Btw pramod_bs, soon I'm going to add some further docs on this topic, since the implementation of digest+nonces support is almost done (JBWS-1988), thus I could link your tutorial if you add it to the wiki. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136117#4136117 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136117

16 years, 10 months

1
0
0 / 0

[JBossWS] - Re: Steps for implementing WS-Security in JBoss using Userna

by heiko.braun＠jboss.com

Excellent! Would like to contribute it to the tutorial section of the WIKI? http://jbws.dyndns.org/mediawiki/index.php?title=Tutorials View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136092#4136092 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136092

16 years, 10 months

1
0
0 / 0

[JBossWS] - Steps for implementing WS-Security in JBoss using Username t

by pramod_bs

This posting might be useful for those people trying to implement WS-Security using username toekn authentication. I couldn't find a single document anywhere on the web. I though i will ceate a comrehensive doc. Please let me know if you guys see any flaw here, Steps for implementing WS-Security in JBoss using Username token Authentication I. Server: 1. Create Endpoint for Web Service (Ex: A stateless session bean) Code sample: TestWSEJB.java package test; import javax.ejb.Stateless; import javax.jws.WebService; import javax.jws.WebMethod; import javax.jws.soap.SOAPBinding; import org.jboss.annotation.security.SecurityDomain; import org.jboss.ws.annotation.EndpointConfig; @Stateless @WebService (name="TestWSEJB", targetNamespace = "http://test", serviceName = "TestWSEJBService") @SOAPBinding(style = SOAPBinding.Style.DOCUMENT) @EndpointConfig(configName = "Standard WSSecurity Endpoint") @SecurityDomain("JBossWS") public class TestWSEJB { @WebMethod public String ping (String name) { return "Hello : " + name; } } @EndpointConfig(configName = "Standard WSSecurity Endpoint") This is the configuration in the {JBOSS_HOME}jboss-4.2.1.GA\server\default\deploy\jbossws.sar\META-INF\standard-jaxws-endpoint-config.xml file Portion of standard-jaxws-endpoint-config.xml file: <endpoint-config> <config-name>Standard WSSecurity Endpoint</config-name> <post-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings> <javaee:handler> <javaee:handler-name>WSSecurity Handler</javaee:handler-name> <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </post-handler-chains> </endpoint-config> @SecurityDomain("JBossWS") This is the configuration for security domain for JBossWS in the {JBOSS_HOME} \jboss-4.2.1.GA\server\default\conf\login-config.xml Portion of standard-jaxws-endpoint-config.xml file: <application-policy name="JBossWS"> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">props/jbossws-users.properties</module-option> <module-option name="rolesProperties">props/jbossws-roles.properties</module-option> <module-option name="unauthenticatedIdentity">anonymous</module-option> </login-module> </application-policy> 2. jboss-wsse-server.xml. Create jboss-wsse-server.xml and save in META-INF or WEB-INF folder based on the EJB or Web project) Sample file: <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> </jboss-ws-security> 3. Authentication information In the above Security domain (JBossWS) the credentials are in the {JBOSS_HOME} jbossws-user.properties in jboss-4.2.1.GA\server\default\conf\props\jbossws-users.properties. (Default is UsersRolesLoginModule) II. Client: 1. Create the client for Web Service. Sample Code: Test.java: package test; import java.io.File; import java.net.URL; import java.util.Map; import javax.xml.namespace.QName; import javax.xml.ws.BindingProvider; import javax.xml.ws.Service; import javax.xml.ws.WebServiceRef; import org.jboss.ws.core.StubExt; public class Test { public static void main(String[] args) { try { Test client = new Test(); client.doTest(args); } catch(Exception e) { e.printStackTrace(); } } public void doTest(String[] args) { try { URL url = new URL("http://localhost:8080/WS_Security_Test/TestWSEJB?wsdl"); QName qn = new QName("http://test","TestWSEJBService"); Service s = Service.create(url, qn); TestWSEJB port = s.getPort(TestWSEJB.class); URL securityURL = new File("ejbModule/META-INF/jboss-wsse-client.xml").toURL(); ((StubExt)port).setSecurityConfig(securityURL.toExternalForm()); ((StubExt)port).setConfigName("Standard WSSecurity Client"); ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");; ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");; System.out.println("Invoking the sayHello operation on the port."); String response = port.ping("Pramod") ; System.out.println(response); } catch(Exception e) { e.printStackTrace(); } } } ((StubExt)port).setConfigName("Standard WSSecurity Client"); This is the configuration in the {JBOSS_HOME}jboss-4.2.1.GA\server\default\deploy\jbossws.sar\META-INF\ standard-jaxws-client-config.xml file Portion of standard-jaxws-client-config.xml: <client-config> <config-name>Standard WSSecurity Client</config-name> <post-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings> <javaee:handler> <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name> <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </post-handler-chains> </client-config> TestWSEJB.java: package test; import javax.jws.WebMethod; import javax.jws.WebParam; import javax.jws.WebResult; import javax.jws.WebService; import javax.xml.ws.RequestWrapper; import javax.xml.ws.ResponseWrapper; /** * This class was generated by the JAX-WS RI. * JAX-WS RI 2.1.1-b03- * Generated source version: 2.0 * */ @WebService(name = "TestWSEJB", targetNamespace = "http://test") public interface TestWSEJB { /** * * @param arg0 * @return * returns java.lang.String */ @WebMethod @WebResult(targetNamespace = "") @RequestWrapper(localName = "ping", targetNamespace = "http://test", className = "test.Ping") @ResponseWrapper(localName = "pingResponse", targetNamespace = "http://test", className = "test.PingResponse") public String ping( @WebParam(name = "arg0", targetNamespace = "") String arg0); } 2. jboss-wsse-client.xml. Create jboss-wsse-client.xml and save in META-INF or WEB-INF folder based on the EJB or Web project Ã¢ÂÂ based on the client) Sample file: <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> </jboss-ws-security> III. Tools Used: JBoss Application Server Ã¯ÂÂ www.jboss.org Eclipse IDE Ã¯ÂÂ www.eclipse.org SoapUI for testing Web Services Ã¯ÂÂ www.soapui.org Ws-Consume Ã¯ÂÂ Jboss tool (I jboss bin folder) WireShark (TCP-IP monitoring tool) Ã¯ÂÂ http://www.wireshark.org Output from Wireshark (any other TCPIP monitoring tools can be used) -> This is the SOAP-Envelope that actually goes from the client to the server. <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header> <wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext...' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit...'> <wsse:UsernameToken wsu:Id='token-1-1205175076833-11112467'> <wsse:Username>admin</wsse:Username> <wsse:Password>admin</wsse:Password> </wsse:UsernameToken> </wsse:Security> </env:Header> <env:Body> <ns2:ping xmlns:ns2="http://test"> <arg0>Pramod</arg0> </ns2:ping> </env:Body> </env:Envelope> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136079#4136079 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136079

16 years, 10 months

1
0
0 / 0

[JBossWS] - Re: webservice <transport-guarantee> CONFIDENTIAL does not w

by squ1rr3l

So am I securing the consoles wrong? If I add | <security-constraint> | <user-data-constraint> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint> | </security-constraint> | to the web.xml files in both /server/prod/deploy/jboss-web.deployer/ROOT.war/WEB-INF and /server/prod/deploy/jmx-console.war/WEB-INF it seems to have no affect. I can still connect to both unsecured on port 8080. https works fine, but I have to specify it, and 8080 is still allowed on both apps. Is there something else required? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136041#4136041 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136041

16 years, 10 months

1
0
0 / 0

[JBossWS] - JBossXSModel goes into endless loop

by scallens

Hi, I am new to JbossWs & JAX-WS. I created my first Webservice, but when I want to deploy it (now using jboss-4.2.2.GA but I have the same error with other versions) JBossXSModel goes into endless loop :-( Can anybody help me with this problem? 1. service: package test.ws; | | import javax.jws.WebMethod; | import javax.jws.WebService; | import javax.jws.soap.SOAPBinding; | import javax.jws.soap.SOAPBinding.ParameterStyle; | import javax.jws.soap.SOAPBinding.Style; | import javax.jws.soap.SOAPBinding.Use; | | import test.ws.xhtml.Html; | import test.ws.xhtml.ObjectFactory; | | @WebService(wsdlLocation="WEB-INF/wsdl/MyService.wsdl") | @SOAPBinding(style=Style.DOCUMENT, use=Use.LITERAL, parameterStyle=ParameterStyle.WRAPPED) | public class MyService { | | @WebMethod | public Html getHmtl() { | return new ObjectFactory().createHtml(); | } | } 2. wsdl-file <definitions name="MyServiceService" | targetNamespace="http://ws.test/" | xmlns="http://schemas.xmlsoap.org/wsdl/" | xmlns:tns="http://ws.test/" | xmlns:xhtml="http://www.w3.org/1999/xhtml" | xmlns:xsd="http://www.w3.org/2001/XMLSchema" | xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"> | <types> | <xsd:import namespace="http://www.w3.org/1999/xhtml" schemaLocation="http://www.w3.org/2002/08/xhtml/xhtml1-strict.xsd"/> | </types> | <message name="MyService_getHmtl"> | <part name="getHmtl" element="tns:getHmtl"/> | </message> | <message name="MyService_getHmtlResponse"> | <part name="getHmtlResponse" element="tns:getHmtlResponse"/> | </message> | <portType name="MyService"> | <operation name="getHmtl" parameterOrder="getHmtl"> | <input message="tns:MyService_getHmtl"/> | <output message="tns:MyService_getHmtlResponse"/> | </operation> | </portType> | <binding name="MyServiceBinding" type="tns:MyService"> | <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/> | <operation name="getHmtl"> | <soap:operation soapAction=""/> | <input> | <soap:body use="literal"/> | </input> | <output> | <soap:body use="literal"/> | </output> | </operation> | </binding> | <service name="MyServiceService"> | <port name="MyServicePort" binding="tns:MyServiceBinding"> | <soap:address location="REPLACE_WITH_ACTUAL_URL"/> | </port> | </service> | </definitions> 3. logfile 2008-03-12 10:58:38,906 DEBUG [org.jboss.ws.metadata.umdm.UnifiedMetaData] Eagerly initialize the meta data model | 2008-03-12 10:58:38,906 DEBUG [org.jboss.ws.metadata.wsdl.xmlschema.JBossXSModel] Registered as anon type: {http://www.w3.org/1999/xhtml:>p} -> Complex type ... After this, JBossXSModel goes into an endless loop... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135875#4135875 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135875

16 years, 10 months

1
0
0 / 0

[JBossWS] - Stateless EJB (EJB 2.1) components to webservices

by mathews567

I would like to know the best way (axis/jaxrpc) to convert a stateless EJB (EJB 2.1) components to webservices which need to be deployed in JBoss 4.0.5 GA. Our EJBS have java.util.collection classes also as method arguments. If possible please give us the steps to convert EJB 2.1 into web services. Thanks in advance. Mathew View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135784#4135784 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135784

16 years, 10 months

1
0
0 / 0

[JBossWS] - Re: JBoss & JAX-WS. Beginners Guide

by JGF1

I noticed in a PDF by Radim Marek over at BSG that @PortComponent is not supported in and @WebContext is now used instead. Also @WebContext has been moved to org.jboss.wsf.spi.annotation Is there an online guide for JBoss's implementation of Webservices using JAX-WS that someone can point me too that can give me an introduction and bring things up to date. (or perhaps an up to date book) I liked the idea of using annotations to code web services in Java in a fashion similar to the example they gave in the book. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135779#4135779 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135779

16 years, 10 months

1
0
0 / 0

[JBossWS] - Re: JBoss & JAX-WS. Beginners Guide

by JGF1

"JGF1" wrote : warning: [path] bad path element "c:\apps\jboss-4.2.2.ga\client\jsr173_1.0_api.jar": no such file or directory | warning: [path] bad path element "c:\apps\jboss-4.2.2.ga\client\jaxb1-impl.jar": no such file or directory | | 1) Wondered if someone could shed some light on this for me? | I think I may have tracked this one down. jaxb-impl.jar has a manifest with the two offenders jsr173_1.0_api.jar & jaxb1-impl.jar This was located in the jbossws.sar folder I think this got pulled in because of the introduction of jboss-jaxrpc.jar. It's manifest contains a reference to jaxb-impl.jar.. Perhaps the folks doing the JBoss builds need to be made aware of this... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135765#4135765 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135765

16 years, 10 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbossws-users March 2008