[jboss-user] [JBossWS] - Re: implementing wsse:UserNameToken

rayymlai do-not-reply at jboss.com
Mon Oct 30 13:53:17 EST 2006 

_Revisiting username token profile_
=======================

I try to understand and use JBossws 1.0.3 with username token profile. The objective is to use WSS 1.0 username token for an existing Web services, since we are not ready with key management infrastructure (for X.509v3 cert) yet.

Approach - using simpleSignTestCase:
========================
1. Use jbossws wss example
Replace the existing x.509v3 cert profile with username token profile
in both jboss-wsse-server.xml and jboss-wsse-client.xml

e.g. jboss-wsse-server.xml

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  <key-store-file>WEB-INF/wsse.keystore</key-store-file>
  <key-store-password>jbossws</key-store-password>
  <trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
  <trust-store-password>jbossws</trust-store-password>
  
  
  
</jboss-ws-security>

e.g. jboss-wsse-client.xml
<?xml version="1.0" encoding="UTF-8"?>

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  
  
  
</jboss-ws-security>

2. Verify if the SOAP header contains username and password

e.g. under output/samples, we can't see any SOAP header containing WSS 1.0 username token profile

<result xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>Kermit

But if we use X.509v3 cert profile, I can find WSS 1.0 cert profile in the SOAP header.

3. add user and password in the client stub, since I read that 
JBossWS does not support  with user and password attributes, and that JBossWS username token profile still requires using keystore password (an implementation constraint) as per this email thread.

Issues Encountered
=============
1. wss example running with  username profile is OK without error, but I couldn't find the username/password in the SOAP header (as in output/log)

2. add user and password in WS stub
but I can't see any user and password in the SOAP header

e.g. in SimpleSignTestCase.java:

 Hello port = (Hello)service.getPort(Hello.class);
         Stub stub = (Stub)port;
         stub._setProperty(Stub.USERNAME_PROPERTY, "manager"); 
                  stub._setProperty(Stub.PASSWORD_PROPERTY, "manager"); 

         ((Stub)port)._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:8080/jbossws-samples-wssecurity-sign");
         return port;

3. jboss server log/console does not show any helpful /debugging information

e.g. jboss console shows:

M0346:8080/jbossws-samples-wssecurity-sign
10:16:15,937 INFO  [ClientDeployer] Client ENC bound under: jbossws-client
10:16:16,797 INFO  [ClientDeployer] Removing client ENC from: jbossws-client
10:16:16,812 INFO  [ServiceEndpointManager] WebService stopped: http://MTVL04AL3
M0346:8080/jbossws-samples-wssecurity-sign
10:16:16,812 WARN  [WSDLFilePublisher] Cannot delete published wsdl document: fi
le:/C:/tools/jboss/server/default/data/wsdl/jbossws-samples-wssecurity-sign.war/
HelloService.wsdl
10:16:16,812 INFO  [TomcatDeployer] undeploy, ctxPath=/jbossws-samples-wssecurit
y-sign, warUrl=.../tmp/deploy/tmp3642jbossws-samples-wssecurity-sign-exp.war/
10:16:17,703 INFO  [TomcatDeployer] deploy, ctxPath=/jbossws-samples-store-pass-
encrypt, warUrl=.../tmp/deploy/tmp3646jbossws-samples-store-pass-encrypt-exp.war
/
10:16:17,812 INFO  [WSDLFilePublisher] WSDL published to: file:/C:/tools/jboss/s
erver/default/data/wsdl/jbossws-samples-store-pass-encrypt.war/HelloService.wsdl

10:16:17,906 INFO  [ServiceEndpointManager] WebService started: http://MTVL04AL3


Need help:
=======
1. How could I use WSS 1.0 username token in the JBossWS example?
- I use  and the WSS example runs without error, but I can't find the username token profile in the header
- I snoop the SOAP traffic using TCPSpy, but still couldn't find the username token in the SOAP header

2. could anyone verify whether I miss any step in the configuration?

Thanks.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981852#3981852

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3981852

More information about the jboss-user mailing list