[jboss-user] [JBoss Web Services] - How to enable SSL with JBossWS without "server.xml" ?

mauro.brasil do-not-reply at jboss.com
Tue May 24 11:24:11 EDT 2011 

mauro.brasil [http://community.jboss.org/people/mauro.brasil] created the discussion

"How to enable SSL with JBossWS without "server.xml" ?"

To view the discussion, visit: http://community.jboss.org/message/606760#606760

--------------------------------------------------------------
Hello there!

We have a fully operational client/server application that uses JBossWS at server side and Axis2C at client side to provide Web Service communication.
We are just using "username autentication" and "timestamp validation" WS-Security features as shown below on "jboss-wsse-server.xml" file:

<?xml version="1.0" encoding="UTF-8"?>

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.jboss.com/ws-security/config
                   http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
    
    <config>
        
        <requires/>
        
        <timestamp ttl="60" />
        
        <authenticate>
            <usernameAuth />
        </authenticate>
        
        <authorize>
            <role>AllowedRole01</role>
            <role>AllowedRole02</role>
        </authorize>
        
    </config>
    
    <timestamp-verification createdTolerance="30" warnCreated="true" expiresTolerance="10" warnExpires="true" />
    
</jboss-ws-security>



Now we need to use SSL for all Web Services provided by our application.

Following Alessio Soldano's article at  http://community.jboss.org/docs/DOC-13534#Client_side http://community.jboss.org/wiki/JBossWS-SecureTransport#Client_side, we were able to make SSL work changing file "web.xml" accordingly to alternative 2.

The problem is that we want to use the first approach with "@WebContext" annotation.

I've reverted "web.xml" configurations and changed current annotation from just:

@WebService( name = "user" )
@EndpointConfig( configName = "Standard WSSecurity Endpoint" )
@SecurityDomain( "CrossServerWS" )
public class UserWSImpl extends AbstractBaseWS implements IUserWS {


To:

@WebService( name = "user" )
@EndpointConfig( configName = "Standard WSSecurity Endpoint" )
@SecurityDomain( "SECURITY_DOMAIN" )
@WebContext
( 
    contextRoot = "/CONTEXT_ROOT", 
    urlPattern = "/user", 
    transportGuarantee = "CONFIDENTIAL", 
    secureWSDLAccess = false 
)
public class UserWSImpl extends AbstractBaseWS implements IUserWS {


But it didn't work.

Am I missing something ?

Please let me know if you guys need any more information to figure out the problem.

Thank's a lot and best regards,
Mauro.
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/606760#606760]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110524/314af5ff/attachment.html

More information about the jboss-user mailing list