[jboss-user] [JBossWS] - Steps for implementing WS-Security in JBoss using Username t
pramod_bs
do-not-reply at jboss.com
Wed Mar 12 14:56:35 EDT 2008
This posting might be useful for those people trying to implement WS-Security using username toekn authentication. I couldn't find a single document anywhere on the web. I though i will ceate a comrehensive doc.
Please let me know if you guys see any flaw here,
Steps for implementing WS-Security in JBoss using Username token Authentication
I. Server:
1. Create Endpoint for Web Service (Ex: A stateless session bean)
Code sample: TestWSEJB.java
package test;
import javax.ejb.Stateless;
import javax.jws.WebService;
import javax.jws.WebMethod;
import javax.jws.soap.SOAPBinding;
import org.jboss.annotation.security.SecurityDomain;
import org.jboss.ws.annotation.EndpointConfig;
@Stateless
@WebService
(name="TestWSEJB",
targetNamespace = "http://test",
serviceName = "TestWSEJBService")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SecurityDomain("JBossWS")
public class TestWSEJB {
@WebMethod
public String ping (String name)
{
return "Hello : " + name;
}
}
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
This is the configuration in the {JBOSS_HOME}jboss-4.2.1.GA\server\default\deploy\jbossws.sar\META-INF\standard-jaxws-endpoint-config.xml file
Portion of standard-jaxws-endpoint-config.xml file:
<endpoint-config>
<config-name>Standard WSSecurity Endpoint</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurity Handler</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</endpoint-config>
@SecurityDomain("JBossWS")
This is the configuration for security domain for JBossWS in the {JBOSS_HOME} \jboss-4.2.1.GA\server\default\conf\login-config.xml
Portion of standard-jaxws-endpoint-config.xml file:
<application-policy name="JBossWS">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</application-policy>
2. jboss-wsse-server.xml.
Create jboss-wsse-server.xml and save in META-INF or WEB-INF folder based on the EJB or Web project)
Sample file:
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
</jboss-ws-security>
3. Authentication information
In the above Security domain (JBossWS) the credentials are in the {JBOSS_HOME} jbossws-user.properties in jboss-4.2.1.GA\server\default\conf\props\jbossws-users.properties. (Default is UsersRolesLoginModule)
II. Client:
1. Create the client for Web Service.
Sample Code:
Test.java:
package test;
import java.io.File;
import java.net.URL;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.WebServiceRef;
import org.jboss.ws.core.StubExt;
public class Test {
public static void main(String[] args) {
try {
Test client = new Test();
client.doTest(args);
} catch(Exception e) {
e.printStackTrace();
}
}
public void doTest(String[] args) {
try {
URL url = new URL("http://localhost:8080/WS_Security_Test/TestWSEJB?wsdl");
QName qn = new QName("http://test","TestWSEJBService");
Service s = Service.create(url, qn);
TestWSEJB port = s.getPort(TestWSEJB.class);
URL securityURL = new File("ejbModule/META-INF/jboss-wsse-client.xml").toURL();
((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
((StubExt)port).setConfigName("Standard WSSecurity Client");
((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");;
((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");;
System.out.println("Invoking the sayHello operation on the port.");
String response = port.ping("Pramod") ;
System.out.println(response);
} catch(Exception e) {
e.printStackTrace();
}
}
}
((StubExt)port).setConfigName("Standard WSSecurity Client");
This is the configuration in the {JBOSS_HOME}jboss-4.2.1.GA\server\default\deploy\jbossws.sar\META-INF\ standard-jaxws-client-config.xml file
Portion of standard-jaxws-client-config.xml:
<client-config>
<config-name>Standard WSSecurity Client</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</client-config>
TestWSEJB.java:
package test;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebResult;
import javax.jws.WebService;
import javax.xml.ws.RequestWrapper;
import javax.xml.ws.ResponseWrapper;
/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.1.1-b03-
* Generated source version: 2.0
*
*/
@WebService(name = "TestWSEJB", targetNamespace = "http://test")
public interface TestWSEJB {
/**
*
* @param arg0
* @return
* returns java.lang.String
*/
@WebMethod
@WebResult(targetNamespace = "")
@RequestWrapper(localName = "ping", targetNamespace = "http://test", className = "test.Ping")
@ResponseWrapper(localName = "pingResponse", targetNamespace = "http://test", className = "test.PingResponse")
public String ping(
@WebParam(name = "arg0", targetNamespace = "")
String arg0);
}
2. jboss-wsse-client.xml.
Create jboss-wsse-client.xml and save in META-INF or WEB-INF folder based on the EJB or Web project – based on the client)
Sample file:
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
</jboss-ws-security>
III. Tools Used:
JBoss Application Server www.jboss.org
Eclipse IDE www.eclipse.org
SoapUI for testing Web Services www.soapui.org
Ws-Consume Jboss tool (I jboss bin folder)
WireShark (TCP-IP monitoring tool) http://www.wireshark.org
Output from Wireshark (any other TCPIP monitoring tools can be used) -> This is the SOAP-Envelope that actually goes from the client to the server.
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
<env:Header>
<wsse:Security env:mustUnderstand='1'
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:UsernameToken
wsu:Id='token-1-1205175076833-11112467'>
<wsse:Username>admin</wsse:Username>
<wsse:Password>admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
<env:Body>
<ns2:ping xmlns:ns2="http://test">
<arg0>Pramod</arg0>
</ns2:ping>
</env:Body>
</env:Envelope>
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136079#4136079
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136079
More information about the jboss-user
mailing list