WS-Security Signing for EJB
acxjbertr Jun 1, 2006 3:03 PMI am trying to use WS-Security to sign the contents of my SOAP requests/responses. I have successfully compile, deployed, and tested the wssecurity example from http://labs.jboss.com/file-access/default/members/jbossws/downloads/jbossws-samples-1.0.0.GA.zip. However, the example uses a servlet based Web Service and I am attempting to deploy an EJB (JSR-109) based Web Service and I can't seem to make the server enforce WS-Security message signing.
I took the wsse.keystore and wsse.truststore from the example as well as the jboss-wsse-server.xml (but I changed "WEB-INF" to "META-INF") and put them all into the META-INF directory of my EJB. Here is the structure of my EJB jar:
com
com\mycompany
com\mycompany\us
com\mycompany\us\ejb
com\mycompany\us\ejbConstants.class
com\mycompany\us\ejbJBossTest2Bean.class
com\mycompany\us\ejbJBossTest2Endpoint.class
com\mycompany\us\ejbJBossTest2Endpoint_prescreen_RequestStruct.class
com\mycompany\us\ejbJBossTest2Endpoint_prescreen_ResponseStruct.class
com\mycompany\us\ejbJBossTest2SessionBean.class
META-INF
META-INF\wsdl
META-INF\wsdl\JBossTest2.wsdl
META-INF\ejb-jar.xml
META-INF\jaxrpc-mapping.xml
META-INF\jboss-wsse-server.xml
META-INF\jboss.xml
META-INF\MANIFEST.MF
META-INF\webservices.xml
META-INF\wsse.keystore
META-INF\wsse.truststore
This jar is in an ear with a few other jars (libraries). It deploys and runs fine - it just won't enforce WS-Security signing.
Here is my jboss-wsse-server.xml:
<?xml version="1.0" encoding="UTF-8"?> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>META-INF/wsse.keystore</key-store-file> <key-store-password>jbossws</key-store-password> <trust-store-file>META-INF/wsse.truststore</trust-store-file> <trust-store-password>jbossws</trust-store-password> <config> <sign type="x509v3" alias="wsse"/> <requires> <signature/> </requires> </config> </jboss-ws-security>