"alessio.soldano(a)jboss.com" wrote : Hi, as a general suggestion, I first of all
suggest you to try using some more recent versions of both JBoss AS and JBossWS.
Hi, thanks for the suggestions! As a matter of fact, I am using JBoss 4.2.2 and JBossWS
3.0.2 now, with the same problems. Some more answers/questions for each of your points
below.
anonymous wrote : You get this message because you're using WS-Addressing and the
Action header is missing in your SOAP message. This is not related to WS-Security.
|
Have I inadvertently activated WS-Addressing? (that was most certainly not my intention).
I thought for using WS-Addressing one has to have an annotation like this on the web
service class: @EndpointConfig(configName = "Standard WSAddressing Endpoint") ?
anonymous wrote :
| Endpoint {http://localhost:8080/atb}WSTwoServiceBeanPort does not contain operation
meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData
|
| under which conditions you got this? Try looking at the log and verify the security
handler on server side is configured (the ws-security conf is selected).
I got this when requesting encryption in both client and service jboss-wsse-****.xml
I'm not sure if this part of the log is what you referred to, but the security config
seems to be null:
anonymous wrote : 2008-06-30 15:23:36,422 DEBUG [org.jboss.system.ServiceConfigurator]
SecurityConf set to [security: null] in jboss.mq.destination:service=Topic,name=testTopic
| 2008-06-30 15:23:36,422 DEBUG [org.jboss.mq.server.jmx.Topic.testTopic] Setting
securityConf: [security: null]
On the service endpoint it seems to be ok:
anonymous wrote : ServerEndpointMetaData:
| type=JAXWS
|
qname={http://wsthree.ws.atb.com/}WSThreeServiceBeanPort
| [...]
| configFile=META-INF/standard-jaxws-endpoint-config.xml
| configName=Standard WSSecurity Endpoint
| authMethod=null
| transportGuarantee=null
| secureWSDLAccess=false
| properties={}
(I suppose META-INF/standard-jaxws-endpoint-config.xml is taken from the JBossWS.sar
deployment, as it is not present in my web service deployment anymore? )
And a bit lower in the log file the handler seems to be ok as well:
anonymous wrote : HandlerMetaDataJAXWS:
| type=POST
| name=WSSecurity Handler
| class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer
| params=[]
| protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
| services=null
| ports=null
------------------------------------------------
Anyway, to sum up what I have now and what does not work:
Web service:
| @WebService
| @SOAPBinding(style = javax.jws.soap.SOAPBinding.Style.DOCUMENT,
| use = javax.jws.soap.SOAPBinding.Use.LITERAL,
| parameterStyle = javax.jws.soap.SOAPBinding.ParameterStyle.WRAPPED)
| @EndpointConfig(configName = "Standard WSSecurity Endpoint")
| public class WSThreeServiceBean implements WSThreeRemoteInterface {
| @WebMethod
| public String hello(String input) {
| return "Hello, " + input + "!";
| }
| }
In the META-INF folder there is the keystore, truststore and jboss-wsse-server.xml
Client:
[...]
| securityURL = new File("META-INF/jboss-wsse-client.xml").toURL();
| ((StubExt)wsthree).setSecurityConfig(securityURL.toExternalForm());
| ((StubExt)wsthree).setConfigName("Standard WSSecurity Client");
|
with keystore, truststore and jboss-wsse-client.xml in the META-INF (client is
standalone).
Both service and client request messages to be signed.
Tracing the SOAP messages, looks like the client sends a properly signed message, which
the service receives, then answers without signing the message.
The client replies with "This service requires <wsse:Security>, which is
missing.", which is logical, since the service sent an unsigned message.
If I comment out ((StubExt)wsthree).setConfigName("Standard WSSecurity Client");
in the client, the request-reply goes "perfectly": the client sends an unsigned
message, and the service answers with an unsigned message as well.
What is not so clear to me is how to make the web service sign the message -- does it need
something else besides the @EndpointConfig annotation and jboss-wsse-server.xml?
Thank you! (And I really apologize if I am asking stupid questions in the wrong direction,
I think I've gotten to the point where I can't see the forest because of the trees
anymore...)
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161532#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...