[jboss-user] [JBossWS] - WS-security interoperability

stepmarti do-not-reply at jboss.com
Tue May 20 15:07:19 EDT 2008


Hello.

I have a secure web service on JBoss

Server side
jboss-wsse-server.xml

  | <?xml version="1.0" encoding="UTF-8"?>
  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
  |                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |                    xsi:schemaLocation="http://www.jboss.com/ws-security/config 
  | http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  |     <key-store-file>WEB-INF/keystore.jks</key-store-file>
  |     <key-store-password>adminadmin</key-store-password>
  |     <trust-store-file>WEB-INF/cacerts.jks</trust-store-file>
  |     <trust-store-password>adminadmin</trust-store-password>    
  |     <config>
  |         <sign type="x509v3" alias="xws-security-server" tokenReference="keyIdentifier"/>        
  |         <requires>
  |             <signature/>
  |         </requires>         
  |     </config>
  | </jboss-ws-security>
  | 

Web Service code

  | package step;
  | 
  | import javax.jws.WebMethod;
  | import javax.jws.WebParam;
  | import javax.jws.WebService;
  | import javax.jws.soap.SOAPBinding;
  | import org.jboss.annotation.security.SecurityDomain; 
  | import org.jboss.ws.annotation.EndpointConfig; 
  | 
  | @WebService
  | (name="NewWebService", 
  | targetNamespace = "http://step", 
  | serviceName = "NewWebServiceService") 
  | @SOAPBinding(style = SOAPBinding.Style.RPC) 
  | @EndpointConfig(configName = "Standard WSSecurity Endpoint") 
  | 
  | public class NewWebService {
  | 
  | /**
  |      * Web service operation
  |      */
  |     @WebMethod(operationName = "holaMundo")    
  |     public String holaMundo(@WebParam(name = "param")
  |     String param) {
  |         String res="RECIBIDO:"+param+" ENTREGADO: HOLA MUNDO ";
  |         return res;
  |     }
  | 
  | }
  | 

Consuming this service with a java client works fine, but with .Net client I am getting the error message: 

  | ERROR [WSSecurityDispatcher] Internal error occured handling inbound message:
  | org.jboss.ws.extensions.security.exception.SecurityTokenUnavailableException: Could not resolve toke
  | n id: SecurityToken-0ea77ee8-31eb-469e-b7b1-67159331a23f
  |         at org.jboss.ws.extensions.security.KeyResolver.resolveDirectReference(KeyResolver.java:106)
  | 
  |         at org.jboss.ws.extensions.security.KeyResolver.resolve(KeyResolver.java:84)
  |         at org.jboss.ws.extensions.security.KeyResolver.resolveCertificate(KeyResolver.java:131)
  |         at org.jboss.ws.extensions.security.KeyResolver.resolvePublicKey(KeyResolver.java:141)
  |         at org.jboss.ws.extensions.security.KeyResolver.resolvePublicKey(KeyResolver.java:161)
  |         at org.jboss.ws.extensions.security.element.Signature.<init>(Signature.java:56)
  |         at org.jboss.ws.extensions.security.element.SecurityHeader.<init>(SecurityHeader.java:87)
  |         at org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:175)
  |         at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.
  | java:219)
  |         at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurity
  | Handler.java:83)
  |         at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHa
  | ndlerServer.java:41)
  |         at org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.j
  | ava:295)
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.j
  | ava:140)
  |         at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDeleg
  | ateJAXWS.java:97)
  |         at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointIn
  | voker.java:127)
  |         at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:171)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:466)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:284)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:201)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:134
  | )
  |         at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
  |         at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
  | ava:290)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 
  |         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
  | ava:235)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 
  |         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  |         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  |         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja
  | va:179)
  |         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
  |         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  |         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  |         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:
  | 157)
  |         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  |         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
  |         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  |         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
  | va:583)
  |         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
  |         at java.lang.Thread.run(Thread.java:619)
  | 12:20:07,044 ERROR [HandlerChainExecutor] Exception during handler processing
  | org.jboss.ws.core.CommonSOAPFaultException: Could not resolve token id: SecurityToken-0ea77ee8-31eb-
  | 469e-b7b1-67159331a23f
  |         at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher
  | .java:100)
  |         at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.
  | java:237)
  |         at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurity
  | Handler.java:83)
  |         at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHa
  | ndlerServer.java:41)
  |         at org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.j
  | ava:295)
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.j
  | ava:140)
  |         at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDeleg
  | ateJAXWS.java:97)
  |         at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointIn
  | voker.java:127)
  |         at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:171)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:466)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:284)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:201)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:134
  | )
  |         at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
  |         at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
  | ava:290)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 
  |         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
  | ava:235)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 
  |         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  |         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  |         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja
  | va:179)
  |         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
  |         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  |         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  |         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:
  | 157)
  |         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  |         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
  |         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  |         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
  | va:583)
  |         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
  |         at java.lang.Thread.run(Thread.java:619)
  | 12:20:07,201 ERROR [SOAPFaultHelperJAXWS] SOAP request exception
  | javax.xml.ws.WebServiceException: org.jboss.ws.core.CommonSOAPFaultException: Could not resolve toke
  | n id: SecurityToken-0ea77ee8-31eb-469e-b7b1-67159331a23f
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFailure(HandlerChainEx
  | ecutor.java:276)
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.j
  | ava:155)
  |         at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDeleg
  | ateJAXWS.java:97)
  |         at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointIn
  | voker.java:127)
  |         at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:171)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:466)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:284)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:201)
  |         at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:134
  | )
  |         at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
  |         at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
  | ava:290)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 
  |         at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  |         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
  | ava:235)
  |         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 
  |         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  |         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  |         at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja
  | va:179)
  |         at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
  |         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  |         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  |         at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:
  | 157)
  |         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  |         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
  |         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  |         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja
  | va:583)
  |         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
  |         at java.lang.Thread.run(Thread.java:619)
  | Caused by: org.jboss.ws.core.CommonSOAPFaultException: Could not resolve token id: SecurityToken-0ea
  | 77ee8-31eb-469e-b7b1-67159331a23f
  |         at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher
  | .java:100)
  |         at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.
  | java:237)
  |         at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurity
  | Handler.java:83)
  |         at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHa
  | ndlerServer.java:41)
  |         at org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.j
  | ava:295)
  |         at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.j
  | ava:140)
  |         ... 27 more
  | 


In client side
wse3policyCache.config

  | <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
  |   <extensions>
  |     <extension name="mutualCertificate11Security" type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  |     <extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  |     <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  |   </extensions>
  |   <policy name="ClientPolicyJBoss">    
  |     <mutualCertificate11Security establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300">      
  |       <clientToken>
  |         <x509 storeLocation="LocalMachine" storeName="My" findValue="CN=xwssecurityclient, OU=SUN, O=Internet Widgits Pty Ltd, S=Some-State, C=AU" findType="FindBySubjectDistinguishedName" />
  |       </clientToken>      
  |       <serviceToken>
  |         <x509 storeLocation="LocalMachine" storeName="AddressBook" findValue="CN=xwssecurityserver, OU=SUN, O=Internet Widgits Pty Ltd, S=Some-State, C=AU" findType="FindBySubjectDistinguishedName" />
  |       </serviceToken>
  |       <protection>
  |         <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
  |         <response signatureOptions="IncludeNone" encryptBody="false" />
  |         <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
  |       </protection>
  |     </mutualCertificate11Security>
  |     <requireActionHeader /> 
  |   </policy>
  | </policies>
  | 

I am using jbossws-3.0.1-native-2.0.4.GA, WSE 3.0 and .Net 2005
I have certificates properly instaled on local machine and current user.

Does anyone knows what is going on?

Thanks for help 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4152119#4152119

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4152119



More information about the jboss-user mailing list