[JBossWS] - Re: Need help : JBossWS Security!
by xinhua
Sorry, forgot to paste the codes
| public static void main(String[] args) {
| KSBService ksb = null;
| try {
| //SSL keystore
| System.setProperty("javax.net.ssl.keyStore", "c:\\ksbws.keystore");
| System.setProperty("javax.net.ssl.trustStore", "c:\\ksbws.keystore");
| System.setProperty("javax.net.ssl.keyStorePassword", "test");
| System.setProperty("javax.net.ssl.trustStorePassword", "test");
| System.setProperty("javax.net.ssl.keyStoreType", "jks");
| System.setProperty("javax.net.ssl.trustStoreType", "jks");
| System.setProperty("org.jboss.security.ignoreHttpsHost","true");
|
| //Signature keystore
| System.setProperty("org.jboss.ws.wsse.keyStore","c:\\ksbws_security.keystore");
| System.setProperty("org.jboss.ws.wsse.trustStore","c:\\ksbws_security.keystore");
| System.setProperty("org.jboss.ws.wsse.keyStorePassword", "test");
| System.setProperty("org.jboss.ws.wsse.trustStorePassword", "test");
| System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks");
| System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks");
|
| Service service = Service.create(new URL("http://localhost:8180/KSBService/KSBServiceBean?wsdl"),
| new QName("http://xxx.xxx.de/","KSBServiceBeanService") );
|
|
|
|
| ksb= service.getPort(KSBService.class);
|
| URL securityURL = new File("META-INF/jboss-wsse-client.xml").toURL();
| URL securityConfig= new File("META-INF/standard-jaxws-client-config.xml").toURL();
| ((StubExt) port).setSecurityConfig(securityURL.toExternalForm());
| ((StubExt) port).setConfigName("Standard WSSecurity Client",securityConfig.toExternalForm());
|
|
| ((BindingProvider) port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
| ((BindingProvider) port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
|
|
|
| } catch (Exception e) {
| ....
| ...
|
and also, i am not very clear about mixing jaxrpc and jaxws classes. :?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161556#4161556
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161556
15 years, 10 months
[JBossWS] - Re: Need help : JBossWS Security!
by helmutdoe
Hi all,
yes think you were right i had mixed RPC und JAXWS. Also after a while i was able to fix the <wsse:Securtiy> -Tag missing by using the folloing code
| import java.io.File;
| import java.net.MalformedURLException;
| import java.net.URL;
| import java.util.ArrayList;
| import java.util.List;
| import javax.xml.namespace.QName;
| import javax.xml.ws.BindingProvider;
| import javax.xml.ws.Service;
| import javax.xml.ws.handler.Handler;
| import org.jboss.ws.core.StubExt;
| import org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient;
| import org.jboss.ws.extensions.addressing.jaxws.WSAddressingClientHandler;
|
| ...
| System.setProperty("org.jboss.ws.wsse.keyStore","src/WEB-INF/keystore.jks");
| System.setProperty("org.jboss.ws.wsse.trustStore", "src/WEB-INF/cacerts.jks");
| System.setProperty("org.jboss.ws.wsse.keyStorePassword", "changeit");
| System.setProperty("org.jboss.ws.wsse.trustStorePassword", "changeit");
| System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks");
| System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks");
|
|
|
| // Create Service Binding
| URL url = new URL("http://localhost:8080/LottoBean/LottoEJBWS?wsdl");
| QName qName = new QName("urn:com:tools:wsse", "LottoEJBWSService");
|
| //LottoEJBWSService service = new LottoEJBWSService(url,qName);
| LottoEJBWS port = Service.create(url, qName).getPort(LottoEJBWS.class);
|
| ((StubExt) port).setSecurityConfig(new File("src/META-INF/jboss-wsse-client.xml").toURI().toURL().toExternalForm());
| ((StubExt) port).setConfigName("Standard WSSecurity Client");
|
| BindingProvider binding = (BindingProvider)port;
| List<Handler> handlerChain = new ArrayList<Handler>();
| // handlerChain.add(new WSAddressingClientHandler());
| handlerChain.add(new WSSecurityHandlerClient());
| handlerChain.add(new LogHandler());
| binding.getBinding().setHandlerChain(handlerChain);
|
With this code and my configured handlers i be able to sign messages. If i add encryption to the WebService Endponit i run in an other Exception.
| Endpoint {urn:com:tools:wsse}LottoEJBWSPort does not contain operation meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData
| javax.xml.ws.soap.SOAPFaultException: Endpoint {urn:com:tools:wsse}LottoEJBWSPort does not contain operation meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData
| at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.getSOAPFaultException(SOAPFaultHelperJAXWS.java:72)
| at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.throwFaultException(SOAP11BindingJAXWS.java:109)
| at org.jboss.ws.core.CommonSOAPBinding.unbindResponseMessage(CommonSOAPBinding.java:579)
| ....
|
The code below shows my xml handler files.
standard-jaxws-client-config.xml
|
| <client-config>
| <config-name>Standard WSSecurity Client</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
| </client-config>
|
standard-jaxws-endpoint-config.xml
|
|
| <endpoint-config>
| <config-name>Standard WSSecurity Endpoint</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
| </javaee:handler>
| <javaee:handler>
| <javaee:handler-name>Recording Handler</javaee:handler-name>
| <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
| </endpoint-config>
|
jboss-wsse-client.xml
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config
| http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <config>
| <sign type="x509v3" alias="s1as" includeTimestamp="false"/>
| <encrypt type="x509v3" alias="s1as" />
| <requires>
| <signature/>
| </requires>
| </config>
| </jboss-ws-security>
|
jboss-wsse-server.xml
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config
| http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <key-store-file>WEB-INF/keystore.jks</key-store-file>
| <key-store-password>changeit</key-store-password>
| <key-store-type>jks</key-store-type>
| <trust-store-file>WEB-INF/cacerts.jks</trust-store-file>
| <trust-store-password>changeit</trust-store-password>
| <config>
| <sign type="x509v3" alias="s1as" includeTimestamp="false"/>
| <encrypt type="x509v3" alias="s1as" />
| <requires>
| <signature/>
| </requires>
| </config>
| </jboss-ws-security>
|
Thnx for any hints
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161537#4161537
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161537
15 years, 10 months
[JBossWS] - Re: WS-Security trouble: {http://www.w3.org/2005/08/addressi
by timeagentess
"alessio.soldano(a)jboss.com" wrote : Hi, as a general suggestion, I first of all suggest you to try using some more recent versions of both JBoss AS and JBossWS.
Hi, thanks for the suggestions! As a matter of fact, I am using JBoss 4.2.2 and JBossWS 3.0.2 now, with the same problems. Some more answers/questions for each of your points below.
anonymous wrote : You get this message because you're using WS-Addressing and the Action header is missing in your SOAP message. This is not related to WS-Security.
|
Have I inadvertently activated WS-Addressing? (that was most certainly not my intention). I thought for using WS-Addressing one has to have an annotation like this on the web service class: @EndpointConfig(configName = "Standard WSAddressing Endpoint") ?
anonymous wrote :
| Endpoint {http://localhost:8080/atb}WSTwoServiceBeanPort does not contain operation meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData
|
| under which conditions you got this? Try looking at the log and verify the security handler on server side is configured (the ws-security conf is selected).
I got this when requesting encryption in both client and service jboss-wsse-****.xml
I'm not sure if this part of the log is what you referred to, but the security config seems to be null:
anonymous wrote : 2008-06-30 15:23:36,422 DEBUG [org.jboss.system.ServiceConfigurator] SecurityConf set to [security: null] in jboss.mq.destination:service=Topic,name=testTopic
| 2008-06-30 15:23:36,422 DEBUG [org.jboss.mq.server.jmx.Topic.testTopic] Setting securityConf: [security: null]
On the service endpoint it seems to be ok:
anonymous wrote : ServerEndpointMetaData:
| type=JAXWS
| qname={http://wsthree.ws.atb.com/}WSThreeServiceBeanPort
| [...]
| configFile=META-INF/standard-jaxws-endpoint-config.xml
| configName=Standard WSSecurity Endpoint
| authMethod=null
| transportGuarantee=null
| secureWSDLAccess=false
| properties={}
(I suppose META-INF/standard-jaxws-endpoint-config.xml is taken from the JBossWS.sar deployment, as it is not present in my web service deployment anymore? )
And a bit lower in the log file the handler seems to be ok as well:
anonymous wrote : HandlerMetaDataJAXWS:
| type=POST
| name=WSSecurity Handler
| class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer
| params=[]
| protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
| services=null
| ports=null
------------------------------------------------
Anyway, to sum up what I have now and what does not work:
Web service:
| @WebService
| @SOAPBinding(style = javax.jws.soap.SOAPBinding.Style.DOCUMENT,
| use = javax.jws.soap.SOAPBinding.Use.LITERAL,
| parameterStyle = javax.jws.soap.SOAPBinding.ParameterStyle.WRAPPED)
| @EndpointConfig(configName = "Standard WSSecurity Endpoint")
| public class WSThreeServiceBean implements WSThreeRemoteInterface {
| @WebMethod
| public String hello(String input) {
| return "Hello, " + input + "!";
| }
| }
In the META-INF folder there is the keystore, truststore and jboss-wsse-server.xml
Client:
[...]
| securityURL = new File("META-INF/jboss-wsse-client.xml").toURL();
| ((StubExt)wsthree).setSecurityConfig(securityURL.toExternalForm());
| ((StubExt)wsthree).setConfigName("Standard WSSecurity Client");
|
with keystore, truststore and jboss-wsse-client.xml in the META-INF (client is standalone).
Both service and client request messages to be signed.
Tracing the SOAP messages, looks like the client sends a properly signed message, which the service receives, then answers without signing the message.
The client replies with "This service requires <wsse:Security>, which is missing.", which is logical, since the service sent an unsigned message.
If I comment out ((StubExt)wsthree).setConfigName("Standard WSSecurity Client"); in the client, the request-reply goes "perfectly": the client sends an unsigned message, and the service answers with an unsigned message as well.
What is not so clear to me is how to make the web service sign the message -- does it need something else besides the @EndpointConfig annotation and jboss-wsse-server.xml?
Thank you! (And I really apologize if I am asking stupid questions in the wrong direction, I think I've gotten to the point where I can't see the forest because of the trees anymore...)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161532#4161532
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161532
15 years, 10 months
[JBossWS] - Re: Jbossws Tutorial.
by poisoner
Hi,
i am trying the same example but i am getting incomplete deployment.
The service is registered, but the wsdl is empty.
Somebody to have idea what is the problem?
| 15:41:47,421 ERROR [URLDeploymentScanner] Incomplete Deployment listing:
|
| --- Packages waiting for a deployer ---
| org.jboss.deployment.DeploymentInfo@7f08c218 { url=file:/C:/jboss/jboss-portal-2.6.2.GA/server/default/deploy/jboss-portal.sar/portal-wsrp.sar/portal-wsrp.jse }
| deployer: null
| status: Starting
| state: INIT_WAITING_DEPLOYER
| watch: file:/C:/jboss/jboss-portal-2.6.2.GA/server/default/deploy/jboss-portal.sar/portal-wsrp.sar/portal-wsrp.jse
| altDD: null
| lastDeployed: 1214570470468
| lastModified: 1214570426218
| mbeans:
|
| --- Incompletely deployed packages ---
| org.jboss.deployment.DeploymentInfo@49deb077 { url=file:/C:/jboss/jboss-portal-2.6.2.GA/server/default/deploy/sum.war }
| deployer: MBeanProxyExt[jboss.web:service=WebServer]
| status: Deployment FAILED reason: String index out of range: -1
| state: FAILED
| watch: file:/C:/jboss/jboss-portal-2.6.2.GA/server/default/deploy/sum.war
| altDD: null
| lastDeployed: 1214570496406
| lastModified: 1214570496390
| mbeans:
| jboss.web:j2eeType=Servlet,name=Sum,WebModule=//localhost/sum,J2EEApplication=none,J2EEServer=none (state not available)
| jboss.web:j2eeType=Servlet,name=jsp,WebModule=//localhost/sum,J2EEApplication=none,J2EEServer=none (state not available)
| jboss.web:j2eeType=Servlet,name=default,WebModule=//localhost/sum,J2EEApplication=none,J2EEServer=none (state not available)
|
|
|
|
|
|
|
|
| /*
| * Sum.java
| * created by borislav
| * created on 27.06.2008
| */
|
| import javax.jws.WebMethod;
| import javax.jws.WebService;
| import javax.jws.soap.SOAPBinding;
|
|
|
| @WebService
| @SOAPBinding(style = SOAPBinding.Style.RPC)
| public class Sum {
|
| @WebMethod
| public int sumAB(int a, int b){
| return a+b;
| }
|
| }
|
|
|
|
|
| web.xml
|
| <?xml version="1.0" encoding="UTF-8"?>
|
| <web-app version="2.5"
| xmlns="http://java.sun.com/xml/ns/javaee"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
|
| <servlet>
| <servlet-name>Sum</servlet-name>
| <servlet-class>Sum</servlet-class>
| </servlet>
|
| <servlet-mapping>
| <servlet-name>Sum</servlet-name>
| <url-pattern>/*</url-pattern>
| </servlet-mapping>
|
| </web-app>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161499#4161499
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161499
15 years, 10 months