[jboss-jira] [JBoss JIRA] (AS7-5827) WS-SecurityPolicy AS 7.1.1
Harry Callahan (JIRA)
jira-events at lists.jboss.org
Fri Oct 26 05:59:01 EDT 2012
[ https://issues.jboss.org/browse/AS7-5827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Callahan reopened AS7-5827:
---------------------------------
I have moved @Policy to the SEI but nothing has changed.
> WS-SecurityPolicy AS 7.1.1
> --------------------------
>
> Key: AS7-5827
> URL: https://issues.jboss.org/browse/AS7-5827
> Project: Application Server 7
> Issue Type: Bug
> Components: Web Services
> Affects Versions: 7.1.1.Final
> Environment: JBoss AS 7.1.1
> Reporter: Harry Callahan
> Assignee: Alessio Soldano
>
> It seems WS-SecurityPolicy does not work with JBoss 7.1.1 Full profile.
> WS client sends the message correctly with security header (see server log below) however server can not understand it.
> Do you have an idea what could be the problem? Is it a configuration issue or a bug?
> Server side said:
> WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-1) Interceptor for {http://org.xy.webservice}ServiceName#{http://org.xy.webservice}read has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
>
> CLIENT SIDE
> Test client:
> ------------
> URL wsdlURL = new URL("http://IP:PORT/context/ServiceName/ServiceNameWS?wsdl");
> QName qname = new QName("http://org.xy.webservice", "ServiceName");
> Service service = Service.create(wsdlURL, qname);
> ServiceName port = (ServiceName) service.getPort(ServiceName.class);
> Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
> ctx.put(SecurityConstants.USERNAME, "USERNAME");
> ctx.put(SecurityConstants.CALLBACK_HANDLER, com.demo.PasswordCallbackHandlerClient.class.getName());
> ctx.put(SecurityConstants.ALWAYS_ENCRYPT_UT, true);
> XYZ response = port.read("12345");
> CallbackHandlerClient:
> ----------------------
> public class PasswordCallbackHandlerClient implements CallbackHandler {
> @Override
> public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
> for (int i=0; i< callbacks.length; i++) {
> if (callbacks[i] instanceof WSPasswordCallback) {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
> pc.setPassword("xy");
> }
> }
> }
>
> SERVER SIDE
>
> MANIFEST.MF:
> ------------
> Manifest-Version: 1.0
> Ant-Version: Apache Ant 1.7.1
> Created-By: 17.0-b16 (Sun Microsystems Inc.)
> Dependencies: org.apache.cxf, com.sun.xml.bind, org.apache.ws.security
> Service interface on server side:
> -----------------------
> @Local
> @WebService(name="ServiceName", targetNamespace="http://org.xy.webservice")
> public interface ServiceName {
> Service implementation on server side:
> -----------------------
> @Stateless
> @WebService(portName = "ServiceNamePort", name = "ServiceNameWS", serviceName = "ServiceName", targetNamespace = "http://org.xy.webservice", endpointInterface = "ServiceName")
> @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = Use.LITERAL)
> @EndpointProperties(value = {
> @EndpointProperty(key = "ws-security.callback-handler ", value = "org.xy.PasswordCallbackHandlerServer"),
> @EndpointProperty(key = "ws-security.validate.token", value = "false")})
> @InInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingInInterceptor",
> "org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"
> })
> @OutInterceptors(interceptors = "org.apache.cxf.interceptor.LoggingOutInterceptor")
> @Policies({ @Policy(uri = "SecurityPolicy.xml") })
> public class ServiceNameImpl implements ServiceName {
> Method authorization definition is handled by @RolesAllowed(value = { "role1" })
>
> jboss-web.xml:
> <?xml version="1.0"?>
> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
> <jboss-web>
> <security-domain>java:/jaas/wssecurity-domain</security-domain>
> </jboss-web>
>
> SecurityPolicy.xml:
> -------------------
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SupportingTokens>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:HashPassword />
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> standalone.xml:
> ---------------
> <security-domain name="wssecurity-domain">
> <authentication>
> <login-module code="Database" flag="required">
> <module-option name="dsJndiName" value="java:/jboss/datasources/MainDS"/>
> <module-option name="principalsQuery" value="..."/>
> <module-option name="rolesQuery" value="..."/>
> <module-option name="hashAlgorithm" value="SHA"/>
> <module-option name="hashEncoding" value="BASE64"/>
> <module-option name="hashCharset" value="UTF-8"/>
> <module-option name="hashUserPassword" value="false"/>
> <module-option name="hashStorePassword" value="true"/>
> <module-option name="storeDigestCallback" value="org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallback"/>
> <module-option name="unauthenticatedIdentity" value="anonymous"/>
> </login-module>
> </authentication>
> </security-domain>
>
> Log from server side:
>
> Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1"><wsse:Username>USERNAME</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">kmmJ3YGRbC+7WH3qfEWy8+n83Sk=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">7MWXmcGoJ5uMmukJ13cggA==</wsse:Nonce><wsu:Created>2012-10-17T09:38:25.036Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:read xmlns:ns2="http://org.xy.webservice"><arg0>12345</arg0></ns2:read></soap:Body></soap:Envelope>
> --------------------------------------
> 11:38:25,088 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-1) Interceptor for {http://org.xy.webservice}ServiceName#{http://org.xy.webservice}read has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
> at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.checkUltimateReceiverHeaders(MustUnderstandInterceptor.java:150) [cxf-rt-bindings-soap-2.4.6.jar:2.4.6]
> at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:96) [cxf-rt-bindings-soap-2.4.6.jar:2.4.6]
> at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:49) [cxf-rt-bindings-soap-2.4.6.jar:2.4.6]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) [cxf-api-2.4.6.jar:2.4.6]
> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-rt-core-2.4.6.jar:2.4.6]
> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207) [cxf-rt-transports-http-2.4.6.jar:2.4.6]
> at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
> at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
> at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185) [cxf-rt-transports-http-2.4.6.jar:2.4.6]
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108) [cxf-rt-transports-http-2.4.6.jar:2.4.6]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
> at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
> at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
> at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_07]
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list