WSSecurity - need EJB to be invoked by WSCompile-Tie so Secu
kyle.d.duncan Jan 13, 2006 3:49 PMI am trying to modify an existing web service to use WSSecurity
features. My problem is that my previous setup did not use WSCompile
generated stubs and ties to communicate, and it is these stubs and
ties which call the security environment handler if a security
configuration file is given to WSCompile. I have changed the client to
use a stub to call the WS and the security environment handler is
invoked, but I can't figure out how to get the server side to use the
WSCompile generated Tie.
My original setup was as follows:
I supplied a hand written WSDL and schemas,a webservices.xml, and a
configuration file, and used WSCompile with import="true" to import
the WSDL and generate java classes for the XML types. I wrote an EJB
with XDoclet annotations specifying the EJB as the endpoint for the
service. I then used XDoclet to generate type mappings, an ejb-jar.xml
file, and a jboss.xml file. These were bundled in an ejb-jar and
deployed on JBoss 4.0.2.
Clients contacted the webservice by using a ServiceFactory to look up
the service endpoint, as opposed to a WSCompile generated stub.
Intending to encrypt and sign traffic belonging to this WS, I added
a security environment handler, and added the -secure option to my
WSCompile ant task, and gave WSCompile a security configuration file
from JWSDP 1.6 (slightly modified to point to my security handler).
After some digging around in JWSDP 1.6 code and comparing it to my
own, I discovered that WSCompile does nothing with the security option
unless you tell it to generate the client or server side artifacts. A
second run of WSCompile with client="true" generates a stub class
which uses the security environment handler, and calling this stub
from a client will successfully use the handler to perform the
requested security operations (at first I just used dumptraffic="true"
and no encryption or signing). This message is successfully received
by my EJB, and the traffic on the client side is dumped, as desired.
Hopeful that getting the server side to use the security handler would
be as simple, I ran WSCompile with server="true" to generate a Tie
class that uses the security handler. Bundling the newly generated
classes and the security environment handler into the ejb-jar file and
deploying the webservices, I find the Tie is not invoked. The messages
are still arriving at my EJB the same way they were before - a JNDI
lookup facilitated by XDoclet's generated files and my
webservices.xml.
What I need is a way to force my webservice traffic to be directed to
my EJB via the Tie (I gather this is the way things usually work when
WSDeploy is used to deploy a web service in a WAR), but I need to
deploy as an ejb-jar from within an EAR.
Any help would be most appreciated. Especially information regarding
1. how my EJB is actually serializing/deserializing data and receiving
messages without the help of WSCompile's Tie and generated
de/serializers (my understanding here is fuzzy, just that somehow JNDI
is involved), and 2. how other webservices deploy EJBs that are
invoked by WSCompile generated Ties.
thanks!
-Kyle Duncan