[jboss-user] [JBossWS] - SSL & Authorization

Wed Aug 1 04:24:36 EDT 2007

Hi guys,

I really need some directions from you.

I have a test ws:

  | @Stateless
  | @WebService(name = "wstest", serviceName = "wstest")
  | @WebContext(contextRoot = "/ma", transportGuarantee="NONE", secureWSDLAccess = false)
  | @Remote(WsTest.class)
  | @RemoteBinding
  | @SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
  | public class WsTestBean implements WsTest
  | {
  | 	Logger	log	= Logger.getLogger(WsTestBean.class);
  | 
  | 	@WebMethod
  | 	public String echo(String message)
  | 	{
  | 		return message;
  | 	}
  | }
  | 

deployed into Jboss 4.2.0

Using wsconsume I prepared the proxy and my client is able to call the ws:

  | public class WsTestClient
  | {
  | 
  | 	public static void main(String[] args)
  | 	{
  | 		System.out.println("WsTest Client Start");
  | 		
  | 		
  | 		Wstest_Service ws = new Wstest_Service();
  | 		
  | 		Wstest wsTest = ws.getWstestPort();
  | 		
  | 		System.out.println("Echo message: "+wsTest.echo("Ciao Ciao sono Fabrizio"));
  | 
  | 		System.out.println("WsTest Client End");
  | 	}
  | 
  | }
  | 

What I have to do now (for a real application !) is:

1) use SSL
2) enforce authentication (only authorized user can call the ws)

I have changed the servers as follows:

  | 
  | @WebContext(contextRoot = "/ma", transportGuarantee="CONFIDENTIAL", secureWSDLAccess = false)
  | 
  | 

and than the SSL should be ok. The ServiceEndpointAddress switch from http://.....?wsdl to https://.....?wsdl

Then I have tried to regenerate the proxy using wsconsume and I get the following error:

  | failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  |         at org.jboss.com.sun.tools.ws.processor.modeler.wsdl.WSDLModeler.buildModel(WSDLModeler.java:215)
  |         at org.jboss.com.sun.tools.ws.processor.config.ModelInfo.buildModel(ModelInfo.java:88)
  |         at org.jboss.com.sun.tools.ws.processor.Processor.runModeler(Processor.java:82)
  |         at org.jboss.com.sun.tools.ws.wscompile.CompileTool.run(CompileTool.java:543)
  |         at org.jboss.com.sun.tools.ws.util.ToolBase.run(ToolBase.java:57)
  |         at org.jboss.ws.tools.jaxws.impl.WSContractConsumerImpl$1.run(WSContractConsumerImpl.java:163)
  |         at org.jboss.ws.tools.jaxws.impl.WSContractConsumerImpl.consume(WSContractConsumerImpl.java:166)
  |         at org.jboss.ws.tools.jaxws.command.wsconsume.importServices(wsconsume.java:193)
  |         at org.jboss.ws.tools.jaxws.command.wsconsume.main(wsconsume.java:76)
  | Caused by: failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  |         at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.buildDocumentFromWSDL(WSDLParser.java:318)
  |         at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.parseDefinitions(WSDLParser.java:222)
  |         at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.parse(WSDLParser.java:213)
  |         at org.jboss.com.sun.tools.ws.processor.modeler.wsdl.WSDLModeler.buildModel(WSDLModeler.java:166)
  |         ... 8 more
  | Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  |         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
  |         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
  |         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
  |         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
  |         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
  |         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
  |         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
  |         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:938)
  |         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
  |         at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
  |         at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
  |         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
  |         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
  |         at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
  |         at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
  |         at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
  |         at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.buildDocumentFromWSDL(WSDLParser.java:276)
  |         ... 11 more
  | Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  |         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
  |         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
  |         at sun.security.validator.Validator.validate(Validator.java:203)
  |         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
  |         at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
  |         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
  |         ... 30 more
  | Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  |         at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
  |         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
  |         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
  |         ... 35 more
  | error: failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  | 
I think that I have to put a certificate somewhere !

Reading documentation I realized that I have to configure:

boss-wsse-server.xml

and

jboss-wsse-client.xml

but I can't find a step-by-step procedure. 

What about authorization ?

Thank you in advance for any help.

Regards 

Fabrizio

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069518#4069518

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069518