[jboss-jira] [JBoss JIRA] (AS7-5827) WS-SecurityPolicy AS 7.1.1

[Harry Callahan (JIRA)]

    [ https://issues.jboss.org/browse/AS7-5827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12729362#comment-12729362 ] 

Harry Callahan edited comment on AS7-5827 at 10/26/12 6:06 AM:
---------------------------------------------------------------

I have moved @Policy to the SEI but nothing has changed. Server throws the same error.
Same error if I remove SEI on server side and just use the Impl.
                
      was (Author: harry12345678):
    I have moved @Policy to the SEI but nothing has changed. Server throws the same error.
                  
> WS-SecurityPolicy AS 7.1.1
> --------------------------
>
>                 Key: AS7-5827
>                 URL: https://issues.jboss.org/browse/AS7-5827
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Web Services
>    Affects Versions: 7.1.1.Final
>         Environment: JBoss AS 7.1.1
>            Reporter: Harry Callahan
>            Assignee: Alessio Soldano
>
> It seems WS-SecurityPolicy does not work with JBoss 7.1.1 Full profile.
> WS client sends the message correctly with security header (see server log below) however server can not understand it.
> Do you have an idea what could be the problem? Is it a configuration issue or a bug?
> Server side said:
> WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-1) Interceptor for {http://org.xy.webservice}ServiceName#{http://org.xy.webservice}read has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
>  
> CLIENT SIDE
> Test client:
> ------------
>         URL wsdlURL = new URL("http://IP:PORT/context/ServiceName/ServiceNameWS?wsdl");
>         QName qname = new QName("http://org.xy.webservice", "ServiceName");
>         Service service = Service.create(wsdlURL, qname);
>         ServiceName port = (ServiceName) service.getPort(ServiceName.class);
>         Map<String, Object> ctx = ((BindingProvider)port).getRequestContext();
>         ctx.put(SecurityConstants.USERNAME, "USERNAME");
>         ctx.put(SecurityConstants.CALLBACK_HANDLER, com.demo.PasswordCallbackHandlerClient.class.getName());
>         ctx.put(SecurityConstants.ALWAYS_ENCRYPT_UT, true);
>         XYZ response = port.read("12345");
> CallbackHandlerClient:
> ----------------------
> public class PasswordCallbackHandlerClient implements CallbackHandler {
>     @Override
>     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
>         for (int i=0; i< callbacks.length; i++) {
>             if (callbacks[i] instanceof WSPasswordCallback) {
>                 WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
>                 pc.setPassword("xy");
>             }
>         }
>     }
>       
> SERVER SIDE
>  
> MANIFEST.MF:
> ------------
> Manifest-Version: 1.0
> Ant-Version: Apache Ant 1.7.1
> Created-By: 17.0-b16 (Sun Microsystems Inc.)
> Dependencies: org.apache.cxf, com.sun.xml.bind, org.apache.ws.security
> Service interface on server side:
> -----------------------
> @Local
> @WebService(name="ServiceName", targetNamespace="http://org.xy.webservice")
> public interface ServiceName {
> Service implementation on server side:
> -----------------------
> @Stateless
> @WebService(portName = "ServiceNamePort", name = "ServiceNameWS", serviceName = "ServiceName", targetNamespace = "http://org.xy.webservice", endpointInterface = "ServiceName")
> @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = Use.LITERAL)
> @EndpointProperties(value = {
> @EndpointProperty(key = "ws-security.callback-handler ", value = "org.xy.PasswordCallbackHandlerServer"),
> @EndpointProperty(key = "ws-security.validate.token", value = "false")})
> @InInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingInInterceptor",
>         "org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"
> })
> @OutInterceptors(interceptors = "org.apache.cxf.interceptor.LoggingOutInterceptor")
> @Policies({ @Policy(uri = "SecurityPolicy.xml") })
> public class ServiceNameImpl implements ServiceName { 
> Method authorization definition is handled by @RolesAllowed(value = { "role1" })
>  
> jboss-web.xml:
> <?xml version="1.0"?>
> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
> <jboss-web>
>           <security-domain>java:/jaas/wssecurity-domain</security-domain>
> </jboss-web>
>  
> SecurityPolicy.xml:
> -------------------
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy"
>           xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:ExactlyOne>
>                     <wsp:All>
>                               <sp:SupportingTokens>
>                                         <wsp:Policy>
>                                                   <sp:UsernameToken
>                                                             sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>                                                             <wsp:Policy>
>                                                                       <sp:HashPassword />
>                                                             </wsp:Policy>
>                                                   </sp:UsernameToken>
>                                         </wsp:Policy>
>                               </sp:SupportingTokens>
>                     </wsp:All>
>           </wsp:ExactlyOne>
> </wsp:Policy>
>  
> standalone.xml:
> ---------------
>                 <security-domain name="wssecurity-domain">
>                     <authentication>
>                         <login-module code="Database" flag="required">
>                             <module-option name="dsJndiName" value="java:/jboss/datasources/MainDS"/>
>                             <module-option name="principalsQuery" value="..."/>
>                             <module-option name="rolesQuery" value="..."/>
>                             <module-option name="hashAlgorithm" value="SHA"/>
>                             <module-option name="hashEncoding" value="BASE64"/>
>                             <module-option name="hashCharset" value="UTF-8"/>
>                             <module-option name="hashUserPassword" value="false"/>
>                             <module-option name="hashStorePassword" value="true"/>
>                             <module-option name="storeDigestCallback" value="org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallback"/>
>                             <module-option name="unauthenticatedIdentity" value="anonymous"/>
>                         </login-module>
>                     </authentication>
>                 </security-domain>
>  
> Log from server side:
>  
> Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1"><wsse:Username>USERNAME</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">kmmJ3YGRbC+7WH3qfEWy8+n83Sk=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">7MWXmcGoJ5uMmukJ13cggA==</wsse:Nonce><wsu:Created>2012-10-17T09:38:25.036Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><ns2:read xmlns:ns2="http://org.xy.webservice"><arg0>12345</arg0></ns2:read></soap:Body></soap:Envelope>
> --------------------------------------
> 11:38:25,088 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8080-1) Interceptor for {http://org.xy.webservice}ServiceName#{http://org.xy.webservice}read has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
>           at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.checkUltimateReceiverHeaders(MustUnderstandInterceptor.java:150) [cxf-rt-bindings-soap-2.4.6.jar:2.4.6]
>           at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:96) [cxf-rt-bindings-soap-2.4.6.jar:2.4.6]
>           at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:49) [cxf-rt-bindings-soap-2.4.6.jar:2.4.6]
>           at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) [cxf-api-2.4.6.jar:2.4.6]
>           at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-rt-core-2.4.6.jar:2.4.6]
>           at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207) [cxf-rt-transports-http-2.4.6.jar:2.4.6]
>           at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
>           at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
>           at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
>           at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185) [cxf-rt-transports-http-2.4.6.jar:2.4.6]
>           at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108) [cxf-rt-transports-http-2.4.6.jar:2.4.6]
>           at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
>           at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
>           at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]
>           at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
>           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
>           at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
>           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
>           at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
>           at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
>           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
>           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
>           at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_07]
>     

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira