[jboss-user] [JBossWS] - Need help : JBossWS Security!

xinhua do-not-reply at jboss.com
Wed Apr 30 05:13:39 EDT 2008


Hi all,
i want to use ssl and signature to protect my WS on Jboss4.2.2GA , ssl works perfectly but when i use client to send a request with signature, i always got an error. My codes, configurations and evn listed as followed:

JBoss4.2.2GA
jdk1.5

SSL keyStore&trustStore file: ksbws.keystore
Signature keyStore&trustStore file: ksbws_security.keystore

Server Side:

 
  | @Stateless
  | @SecurityDomain("JBossWS")
  | @RolesAllowed("friend")
  | @WebService(endpointInterface="de.xxx.xxx.KSBService")
  | @WebContext(contextRoot="/KSBService",
  | 			urlPattern="/*", 
  | 			authMethod="BASIC",
  | 			transportGuarantee="CONFIDENTIAL", 
  | 			secureWSDLAccess=false)
  | @EndpointConfig(configName = "Standard WSSecurity Endpoint")
  | public class KSBServiceBean implements KSBService,KSBServiceRemote,KSBServiceLocal{
  | 	
  | 	private static final Logger log = Logger.getLogger(KSBServiceBean.class);
  | 
  | 	@EJB
  | 	KSBManagerLocal ksb;
  | 
  | 	public sting validateLogin(Long userNo,	String password) {
  | 		// doSomething
  | 	}
  | 		
  | }

in META-INF/ i putted ksbws_security.keystore and jboss-wsse-server.xml
here is my jboss-wsse-server.xml:

  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
  | 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  | 	xsi:schemaLocation="http://www.jboss.com/ws-security/config 
  |                     http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  | 	<key-store-file>META-INF/ksbws_security.keystore</key-store-file>
  | 	<key-store-password>test</key-store-password>
  | 	<trust-store-file>META-INF/ksbws_security.keystore</trust-store-file>
  | 	<trust-store-password>test</trust-store-password>
  | 	<config>
  | 		<sign type="x509v3" alias="KSBWS_SECURITY" />
  | 		<requires>
  | 		<signature />
  | 		</requires>
  | 	</config>
  | </jboss-ws-security>
  | 

Server side jar deployed without exception

Client:
codes


  | 	public static void main(String[] args) {
  |         KSBService ksb = null;
  |         try {
  |                 //SSL keystore
  |         	System.setProperty("javax.net.ssl.keyStore", "c:\\ksbws.keystore");
  |         	System.setProperty("javax.net.ssl.trustStore", "c:\\ksbws.keystore");
  |         	System.setProperty("javax.net.ssl.keyStorePassword", "test");
  |         	System.setProperty("javax.net.ssl.trustStorePassword", "test");
  |         	System.setProperty("javax.net.ssl.keyStoreType", "jks");
  |         	System.setProperty("javax.net.ssl.trustStoreType", "jks");
  |         	System.setProperty("org.jboss.security.ignoreHttpsHost","true");
  | 
  |                 //Signature keystore
  |         	System.setProperty("org.jboss.ws.wsse.keyStore","c:\\ksbws_security.keystore");
  |         	System.setProperty("org.jboss.ws.wsse.trustStore","c:\\ksbws_security.keystore");
  |         	System.setProperty("org.jboss.ws.wsse.keyStorePassword", "test");
  |         	System.setProperty("org.jboss.ws.wsse.trustStorePassword", "test");
  |         	System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks");
  |         	System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks");
  |         	
  |             Service service = Service.create(new URL("http://localhost:8180/KSBService/KSBServiceBean?wsdl"),
  |                     new QName("http://xxx.xxx.de/","KSBServiceBeanService") );
  |             
  |             
  |             
  |             
  |             ksb= service.getPort(KSBService.class);
  |             
  |             ((StubExt) ksb).setConfigName("Standard WSSecurity Client");
  |             
  |             BindingProvider bp = (BindingProvider)ksb;
  |             bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
  |             bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
  |             
  |             
  |         } catch (Exception e) {
  | ....
  | ...
  | 
  | 
  | 

also, i putted jboss-wsse-client.xml in META-INF/ 


  |     <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
  |           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |       xsi:schemaLocation="http://www.jboss.com/ws-security/config 
  |             http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  |     <config>
  |       <sign type="x509v3" alias="KSBWS_SECURITY"/>
  |       <requires>
  |         <signature/>
  |         </requires>
  |       </config>
  |     </jboss-ws-security>
  | 

But when i run client , an Exception like this: 


  | java.lang.ClassCastException: $Proxy23 cannot be cast to org.jboss.ws.core.StubExt
  | 	at dexxxxx.xxxx.xxxx.MultiThreadsTest.main(MultiThreadsTest.java:43)
  | Exception in thread "Thread-1" com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized
  | 	at com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197)
  | 	at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137)
  | 	at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
  | 	at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
  | 	at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
  | 	at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
  | 	at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
  | 	at com.sun.xml.ws.client.Stub.process(Stub.java:235)
  | 	at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
  | 	at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
  | 	at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
  | 	at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
  | 	at $Proxy23.validateLogin(Unknown Source)
  | 

It seems that jboss-wsse-client.xml was not readed by client. 
If i remove codes and configs for signature, SSL works fine. 

can anyone help me???

thanks 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147754#4147754

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147754



More information about the jboss-user mailing list