[jboss-user] [JBossWS] - WS-Security - extract information from signature in SOAP mes
adijo1
do-not-reply at jboss.com
Tue Jul 22 04:33:01 EDT 2008
Hi,
I'm using WS-Security to sign SOAP messages. Currently on endpoint side I know only that I trust the client that called some web service but I don't know which of the clients has called it. Now I would also like to know which client has called the web service.
Can you please help me how to extract client information from signature in SOAP message or maybe how to know which alias was used for authentication.
Sorry for my English.
I'm using (for server and client):
- JbossAS : 4.2.1.GA
- JbossWS : 1.2.1.GA (build=200704151756)
- Eclipse : 3.3.1.1
- JDK : 1.5.0_14
Server side configuration:
WsServer.java
package app.ws.server;
|
| import javax.ejb.Remote;
|
| @Remote
| public interface WsServer {
| public String hello(String parameter);
| }
WsServerBean.java
package app.ws.server;
|
| import org.jboss.ws.annotation.WebContext;
| import javax.ejb.Stateless;
| import javax.jws.WebService;
| import javax.jws.soap.SOAPBinding;
| import javax.jws.WebMethod;
| import javax.jws.WebParam;
| import org.jboss.ws.annotation.EndpointConfig;
| import org.apache.log4j.Logger;
| import org.jboss.annotation.security.SecurityDomain;
|
| @Stateless
| @WebContext(contextRoot="/TestWebServices")
| @WebService(serviceName="testws", targetNamespace="http://testuri.org/")
| @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
| @EndpointConfig(configName = "Standard WSSecurity Endpoint")
| @SecurityDomain("JBossWS")
| public class WsServerBean implements WsServer {
| private static final Logger logger = Logger.getLogger(WsServerBean.class.getName());
|
| @WebMethod(operationName = "hello", action = "urn:hello")
| public String hello(@WebParam(name = "parameter") String parameter) {
| logger.info("You have called method hello with parameter : " + parameter);
| return "Hello world. You have called method hello with parameter : " + parameter;
| }
| }
META-INF/standard-jaxws-endpoint-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xmlns:javaee="http://java.sun.com/xml/ns/javaee"
| xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
|
| <endpoint-config>
| <config-name>Standard WSSecurity Endpoint</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
| </endpoint-config>
|
| </jaxws-config>
|
META-INF/jboss-wsse-server.xml
<?xml version="1.0" encoding="UTF-8"?>
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <key-store-file>META-INF/wsse.keystore</key-store-file>
| <key-store-password>jbossws</key-store-password>
| <trust-store-file>META-INF/wsse.truststore</trust-store-file>
| <trust-store-password>jbossws</trust-store-password>
| <config>
| <sign type="x509v3" alias="wsse"/>
| <requires>
| <signature/>
| </requires>
| </config>
| </jboss-ws-security>
META-INF/wsse.keystore
keytool -genkey -keystore wsse.keystore -storepass jbossws -keyalg RSA -alias wsse -validity 365
META-INF/wsse.cer
keytool -export -file wsse.cer -keystore wsse.keystore -storepass jbossws -alias wsse
META-INF/wsse.truststore
keytool -import -alias wsse -file wsse.cer -keystore wsse.truststore -storepass jbossws
| keytool -import -alias wssc -file wssc.cer -keystore wsse.truststore -storepass jbossws
output
09:31:27,777 INFO [Reference] Verification successful for URI "#element-1-1216711887170-23623672"
| 09:31:27,777 INFO [Reference] Verification successful for URI "#timestamp"
| 09:31:27,796 INFO [WsServerBean] You have called method hello with parameter : aaaaa
Client side configuration:
Generating stubs from WSDL
wsconsume.sh -k -p "app.ws.client" "http://10.10.11.173:8080/TestWebServices/WsServerBean?wsdl"
I have to change the service implementation class. In my case Testws.java.
FROM : public class Testws extends Service
TO : public class Testws extends ServiceExt
META-INF/wssc.keystore
keytool -genkey -keystore wssc.keystore -storepass jbossws -keyalg RSA -alias wssc -validity 365
META-INF/wssc.cer
keytool -export -file wssc.cer -keystore wssc.keystore -storepass jbossws -alias wssc
META-INF/wssc.truststore
keytool -import -alias wssc -file wssc.cer -keystore wssc.truststore -storepass jbossws
| keytool -import -alias wsse -file wsse.cer -keystore wssc.truststore -storepass jbossws
TestClient.java
package app.ws.client;
|
| import java.io.File;
| import java.net.URL;
| import javax.xml.namespace.QName;
| import org.jboss.ws.core.StubExt;
| import org.jboss.ws.core.jaxws.client.ServiceExt;
|
| public class TestClient {
| public static void main(String[] args) {
| try{
| System.setProperty("org.jboss.wsse.keyStore", "/workspace/test/src/app/ws/client/META-INF/wssc.keystore");
| System.setProperty("org.jboss.wsse.keyStorePassword", "jbossws");
| System.setProperty("org.jboss.wsse.keyStoreType", "jks");
| System.setProperty("org.jboss.wsse.trustStore", "/workspace/test/src/app/ws/client/META-INF/wssc.truststore");
| System.setProperty("org.jboss.wsse.trustStorePassword", "jbossws");
| System.setProperty("org.jboss.wsse.trustStoreType", "jks");
|
| String wsdlLocation = "http://10.10.11.173:8080/TestWebServices/WsServerBean?wsdl";
| URL securityURL = new File("/workspace/test/src/app/ws/client/META-INF/jboss-wsse-client.xml").toURL();
| String targetNamespace = "http://testuri.org/";
| String serviceName = "testws";
|
| Testws service = new Testws(new URL(wsdlLocation), new QName(targetNamespace, serviceName));
| ((ServiceExt)service).setSecurityConfig(securityURL.toExternalForm());
|
| WsServerBean wsServerBean = service.getWsServerBeanPort();
| ((StubExt)wsServerBean).setConfigName("Standard WSSecurity Client");
|
| System.out.println("\n===[ hello ]===================================================================v");
| System.out.println(wsServerBean.hello("aaaaa"));
| System.out.println("===============================================================================^");
|
| }
| catch (Exception e) {
| System.out.println("\n===[ Exception handler ]=======================================================v");
| e.printStackTrace();
| System.out.println("===============================================================================^");
| }
| }
| }
META-INF/jboss-wsse-client.xml
<?xml version="1.0" encoding="UTF-8"?>
| <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
| <key-store-file>/workspace/test/src/app/ws/client/META-INF/wssc.keystore</key-store-file>
| <key-store-password>jbossws</key-store-password>
| <trust-store-file>/workspace/test/src/app/ws/client/META-INF/wssc.truststore</trust-store-file>
| <trust-store-password>jbossws</trust-store-password>
| <config>
| <sign type="x509v3" alias="wssc"/>
| <requires>
| <signature/>
| </requires>
| </config>
| </jboss-ws-security>
META-INF/standard-jaxws-client-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xmlns:javaee="http://java.sun.com/xml/ns/javaee"
| xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
|
| <client-config>
| <config-name>Standard WSSecurity Client</config-name>
| <post-handler-chains>
| <javaee:handler-chain>
| <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
| <javaee:handler>
| <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
| <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
| </javaee:handler>
| </javaee:handler-chain>
| </post-handler-chains>
| </client-config>
|
| </jaxws-config>
I have to add following lines to "wsrunclient.sh".
WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/wsdl4j.jar"
| WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/lib/jboss-common.jar"
| WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/xmlsec.jar"
| WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/commons-logging.jar"
Running the client:
wsrunclient.sh -classpath /workspace/test/src/app/ws/client "app.ws.client.TestClient" -/usr/local/jboss/bin
output:
===[ hello ]===================================================================v
| 08:31:27,890 INFO [Reference] Verification successful for URI "#element-16-1216711887803-747136"
| 08:31:27,892 INFO [Reference] Verification successful for URI "#timestamp"
| Hello world. You have called method hello with parameter : aaaaa
| ===============================================================================^
Thanks and Regards,
Peter
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4165812#4165812
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4165812
More information about the jboss-user
mailing list