[jboss-user] [JBossWS] - WS-Security - extract information from signature in SOAP mes

adijo1 do-not-reply at jboss.com
Tue Jul 22 04:33:01 EDT 2008


Hi,

I'm using WS-Security to sign SOAP messages. Currently on endpoint side I know only that I trust the client that called some web service but I don't know which of the clients has called it. Now I would also like to know which client has called the web service.
Can you please help me how to extract client information from signature in SOAP message or maybe how to know which alias was used for authentication.

Sorry for my English.


I'm using (for server and client):
  - JbossAS : 4.2.1.GA
  - JbossWS : 1.2.1.GA (build=200704151756)
  - Eclipse : 3.3.1.1
  - JDK     : 1.5.0_14



Server side configuration:

WsServer.java
package app.ws.server;
  | 
  | import javax.ejb.Remote;
  | 
  | @Remote
  | public interface WsServer {
  | 	public String hello(String parameter);
  | }

WsServerBean.java
package app.ws.server;
  | 
  | import org.jboss.ws.annotation.WebContext;
  | import javax.ejb.Stateless;
  | import javax.jws.WebService;
  | import javax.jws.soap.SOAPBinding;
  | import javax.jws.WebMethod;
  | import javax.jws.WebParam;
  | import org.jboss.ws.annotation.EndpointConfig;
  | import org.apache.log4j.Logger;
  | import org.jboss.annotation.security.SecurityDomain; 
  | 
  | @Stateless
  | @WebContext(contextRoot="/TestWebServices")
  | @WebService(serviceName="testws", targetNamespace="http://testuri.org/")
  | @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
  | @EndpointConfig(configName = "Standard WSSecurity Endpoint")
  | @SecurityDomain("JBossWS")
  | public class WsServerBean implements WsServer {
  | 	private static final Logger logger = Logger.getLogger(WsServerBean.class.getName());
  | 	
  | 	@WebMethod(operationName = "hello", action = "urn:hello")
  | 	public String hello(@WebParam(name = "parameter") String parameter) {
  | 		logger.info("You have called method hello with parameter : " + parameter);
  | 		return "Hello world. You have called method hello with parameter : " + parameter;
  | 	}
  | }

META-INF/standard-jaxws-endpoint-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
  |               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  |               xmlns:javaee="http://java.sun.com/xml/ns/javaee"
  |               xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
  | 
  |    <endpoint-config>
  |       <config-name>Standard WSSecurity Endpoint</config-name>
  |       <post-handler-chains>
  |          <javaee:handler-chain>
  |             <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
  |             <javaee:handler>
  |                <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
  |                <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
  |             </javaee:handler>
  |          </javaee:handler-chain>
  |       </post-handler-chains>
  |    </endpoint-config>
  | 
  | </jaxws-config>
  | 

META-INF/jboss-wsse-server.xml
<?xml version="1.0" encoding="UTF-8"?>
  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
  |         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |         xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  |         <key-store-file>META-INF/wsse.keystore</key-store-file>
  |         <key-store-password>jbossws</key-store-password>
  |         <trust-store-file>META-INF/wsse.truststore</trust-store-file>
  |         <trust-store-password>jbossws</trust-store-password>
  |         <config>
  |                 <sign type="x509v3" alias="wsse"/>
  |                 <requires>
  |                          <signature/>
  |                 </requires>
  |         </config>
  | </jboss-ws-security>

META-INF/wsse.keystore
keytool -genkey -keystore wsse.keystore -storepass jbossws -keyalg RSA -alias wsse -validity 365

META-INF/wsse.cer
keytool -export -file wsse.cer -keystore wsse.keystore -storepass jbossws -alias wsse

META-INF/wsse.truststore
keytool -import -alias wsse -file wsse.cer -keystore wsse.truststore -storepass jbossws
  | keytool -import -alias wssc -file wssc.cer -keystore wsse.truststore -storepass jbossws

output
09:31:27,777 INFO  [Reference] Verification successful for URI "#element-1-1216711887170-23623672"
  | 09:31:27,777 INFO  [Reference] Verification successful for URI "#timestamp"
  | 09:31:27,796 INFO  [WsServerBean] You have called method hello with parameter : aaaaa



Client side configuration:

Generating stubs from WSDL
wsconsume.sh -k -p "app.ws.client" "http://10.10.11.173:8080/TestWebServices/WsServerBean?wsdl"

I have to change the service implementation class. In my case Testws.java.
  FROM : public class Testws extends Service
  TO   : public class Testws extends ServiceExt


META-INF/wssc.keystore
keytool -genkey -keystore wssc.keystore -storepass jbossws -keyalg RSA -alias wssc -validity 365

META-INF/wssc.cer
keytool -export -file wssc.cer -keystore wssc.keystore -storepass jbossws -alias wssc

META-INF/wssc.truststore
keytool -import -alias wssc -file wssc.cer -keystore wssc.truststore -storepass jbossws
  | keytool -import -alias wsse -file wsse.cer -keystore wssc.truststore -storepass jbossws

TestClient.java
package app.ws.client;
  | 
  | import java.io.File;
  | import java.net.URL;
  | import javax.xml.namespace.QName;
  | import org.jboss.ws.core.StubExt; 
  | import org.jboss.ws.core.jaxws.client.ServiceExt;
  | 
  | public class TestClient {
  | 	public static void main(String[] args) {
  | 		try{
  | 			System.setProperty("org.jboss.wsse.keyStore", "/workspace/test/src/app/ws/client/META-INF/wssc.keystore");
  | 			System.setProperty("org.jboss.wsse.keyStorePassword", "jbossws");
  | 			System.setProperty("org.jboss.wsse.keyStoreType", "jks");
  | 			System.setProperty("org.jboss.wsse.trustStore", "/workspace/test/src/app/ws/client/META-INF/wssc.truststore");
  | 			System.setProperty("org.jboss.wsse.trustStorePassword", "jbossws");
  | 			System.setProperty("org.jboss.wsse.trustStoreType", "jks");
  | 			
  | 			String wsdlLocation = "http://10.10.11.173:8080/TestWebServices/WsServerBean?wsdl";
  | 			URL securityURL = new File("/workspace/test/src/app/ws/client/META-INF/jboss-wsse-client.xml").toURL();
  | 			String targetNamespace = "http://testuri.org/";
  | 			String serviceName = "testws";
  | 			
  | 			Testws service = new Testws(new URL(wsdlLocation), new QName(targetNamespace, serviceName));
  | 			((ServiceExt)service).setSecurityConfig(securityURL.toExternalForm());
  | 			
  | 			WsServerBean wsServerBean = service.getWsServerBeanPort();
  | 			((StubExt)wsServerBean).setConfigName("Standard WSSecurity Client");
  | 			
  | 			System.out.println("\n===[ hello ]===================================================================v");
  | 			System.out.println(wsServerBean.hello("aaaaa"));
  | 			System.out.println("===============================================================================^");
  | 			
  | 		}
  | 		catch (Exception e) {
  | 			System.out.println("\n===[ Exception handler ]=======================================================v");
  | 			e.printStackTrace();
  | 			System.out.println("===============================================================================^");
  | 		}
  | 	}
  | }

META-INF/jboss-wsse-client.xml
<?xml version="1.0" encoding="UTF-8"?>
  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
  | 					xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  | 					xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  | 	<key-store-file>/workspace/test/src/app/ws/client/META-INF/wssc.keystore</key-store-file>
  | 	<key-store-password>jbossws</key-store-password>
  | 	<trust-store-file>/workspace/test/src/app/ws/client/META-INF/wssc.truststore</trust-store-file>
  | 	<trust-store-password>jbossws</trust-store-password>
  | 	<config>
  | 		<sign type="x509v3" alias="wssc"/>
  | 		<requires>
  | 			<signature/>
  | 		</requires>
  | 	</config>
  | </jboss-ws-security>

META-INF/standard-jaxws-client-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
  |               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  |               xmlns:javaee="http://java.sun.com/xml/ns/javaee"
  |               xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
  | 
  | 	<client-config>
  | 		<config-name>Standard WSSecurity Client</config-name>
  | 		<post-handler-chains>
  | 			<javaee:handler-chain>
  | 				<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
  | 				<javaee:handler>
  | 					<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
  | 					<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
  | 				</javaee:handler>
  | 			</javaee:handler-chain>
  | 		</post-handler-chains>
  | 	</client-config>
  | 
  | </jaxws-config>

I have to add following lines to "wsrunclient.sh".
WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/wsdl4j.jar"
  | WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/lib/jboss-common.jar"
  | WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/xmlsec.jar"
  | WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/commons-logging.jar"

Running the client:
wsrunclient.sh -classpath /workspace/test/src/app/ws/client "app.ws.client.TestClient" -/usr/local/jboss/bin

output:
===[ hello ]===================================================================v
  | 08:31:27,890 INFO  [Reference] Verification successful for URI "#element-16-1216711887803-747136"
  | 08:31:27,892 INFO  [Reference] Verification successful for URI "#timestamp"
  | Hello world. You have called method hello with parameter : aaaaa
  | ===============================================================================^


Thanks and Regards,
  Peter


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4165812#4165812

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4165812



More information about the jboss-user mailing list