[jboss-user] [JBossWS] - Re: WS-Security trouble: {http://www.w3.org/2005/08/addressi

timeagentess do-not-reply at jboss.com
Mon Jun 30 10:33:22 EDT 2008 

"alessio.soldano at jboss.com" wrote : Hi, as a general suggestion, I first of all suggest you to try using some more recent versions of both JBoss AS and JBossWS.
Hi, thanks for the suggestions! As a matter of fact, I am using JBoss 4.2.2 and JBossWS 3.0.2 now, with the same problems. Some more answers/questions for each of your points below.

anonymous wrote : You get this message because you're using WS-Addressing and the Action header is missing in your SOAP message. This is not related to WS-Security.
  | 
Have I inadvertently activated WS-Addressing? (that was most certainly not my intention). I thought for using WS-Addressing one has to have an annotation like this on the web service class: @EndpointConfig(configName = "Standard WSAddressing Endpoint") ?

anonymous wrote : 
  | Endpoint {http://localhost:8080/atb}WSTwoServiceBeanPort does not contain operation meta data for: {http://www.w3.org/2001/04/xmlenc#}EncryptedData 
  | 
  | under which conditions you got this? Try looking at the log and verify the security handler on server side is configured (the ws-security conf is selected).

I got this when requesting encryption in both client and service jboss-wsse-****.xml
I'm not sure if this part of the log is what you referred to, but the security config seems to be null:
anonymous wrote : 2008-06-30 15:23:36,422 DEBUG [org.jboss.system.ServiceConfigurator] SecurityConf set to [security: null] in jboss.mq.destination:service=Topic,name=testTopic
  | 2008-06-30 15:23:36,422 DEBUG [org.jboss.mq.server.jmx.Topic.testTopic] Setting securityConf: [security: null]
 
On the service endpoint it seems to be ok:
anonymous wrote : ServerEndpointMetaData:
  |  type=JAXWS
  |  qname={http://wsthree.ws.atb.com/}WSThreeServiceBeanPort
  | [...]
  |  configFile=META-INF/standard-jaxws-endpoint-config.xml
  |  configName=Standard WSSecurity Endpoint
  |  authMethod=null
  |  transportGuarantee=null
  |  secureWSDLAccess=false
  |  properties={} 

(I suppose META-INF/standard-jaxws-endpoint-config.xml is taken from the JBossWS.sar deployment, as it is not present in my web service deployment anymore? )

And a bit lower in the log file the handler seems to be ok as well:
anonymous wrote : HandlerMetaDataJAXWS:
  |  type=POST
  |  name=WSSecurity Handler
  |  class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer
  |  params=[]
  |  protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
  |  services=null
  |  ports=null

------------------------------------------------

Anyway, to sum up what I have now and what does not work:

Web service:

  | @WebService
  | @SOAPBinding(style = javax.jws.soap.SOAPBinding.Style.DOCUMENT, 
  | 		use = javax.jws.soap.SOAPBinding.Use.LITERAL, 
  | 		parameterStyle = javax.jws.soap.SOAPBinding.ParameterStyle.WRAPPED)
  | @EndpointConfig(configName = "Standard WSSecurity Endpoint")
  | public class WSThreeServiceBean implements WSThreeRemoteInterface {
  |    @WebMethod
  |    public String hello(String input) {
  | 	   return "Hello, " + input + "!";
  |    }
  | }

In the META-INF folder there is the keystore, truststore and jboss-wsse-server.xml

Client:
[...]
  | securityURL = new File("META-INF/jboss-wsse-client.xml").toURL();
  | ((StubExt)wsthree).setSecurityConfig(securityURL.toExternalForm());
  | ((StubExt)wsthree).setConfigName("Standard WSSecurity Client");
  | 

with keystore, truststore and jboss-wsse-client.xml in the META-INF (client is standalone).

Both service and client request messages to be signed.
Tracing the SOAP messages, looks like the client sends a properly signed message, which the service receives, then answers without signing the message. 
The client replies with "This service requires <wsse:Security>, which is missing.", which is logical, since the service sent an unsigned message.

If I comment out ((StubExt)wsthree).setConfigName("Standard WSSecurity Client"); in the client, the request-reply goes "perfectly": the client sends an unsigned message, and the service answers with an unsigned message as well.

What is not so clear to me is how to make the web service sign the message -- does it need something else besides the @EndpointConfig annotation and jboss-wsse-server.xml?

Thank you! (And I really apologize if I am asking stupid questions in the wrong direction, I think I've gotten to the point where I can't see the forest because of the trees anymore...)

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161532#4161532

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161532

More information about the jboss-user mailing list