how to secure web services in jboss?| JBoss.org Content Archive (Read Only)

1. Re: how to secure web services in jboss?

peterj Feb 8, 2008 11:45 AM (in response to thomaschan)

Using basic authorization, or by using WSSecurity?

For basic authorization, see the discussion at http://www.jboss.com/index.html?module=bb&op=viewtopic&t=123643.

Also, the documentation covers this at http://jbws.dyndns.org/mediawiki/index.php?title=Authentication

For WSSecurity, see the discussion at http://www.jboss.com/index.html?module=bb&op=viewtopic&t=127824. That discussion contains links to the documentation.

2. Re: how to secure web services in jboss?

smjain Feb 10, 2008 11:25 AM (in response to thomaschan)

Hi,
I have configured all files for JBoss WS Security..Using JBoss WS 2.0.3 stack.
The Web service is defined as
@WebService(name = "SecureService", targetNamespace = "http://org.jboss.ws/samples/wssecurity")
@SOAPBinding(style = Style.RPC)
public interface SecureService {

/**
*
* @param name
* @return
* returns java.lang.String
*/
@WebMethod
@WebResult(partName = "return")
public String getName(
@WebParam(name = "name", partName = "name")
String name);

}

The standalone java client is

public class NewClient {

/** Creates a new instance of NewClient */
public NewClient() {
try { // Call Web Service Operation
System.setProperty("org.jboss.wsse.keyStore","c://wsse.keystore");
System.setProperty("org.jboss.wsse.keyStorePassword","jbossws");
System.setProperty("org.jboss.wsse.keyStoreType","x509v3");
System.setProperty("org.jboss.wsse.trustStore","c://wsse.truststore");
System.setProperty("org.jboss.wsse.trustStorePassword","jbossws");
System.setProperty("org.jboss.wsse.trustStoreType","x509v3");

//List handlerChain = new ArrayList();
//HandlerInfo handler=new HandlerInfo();

//handler.setHandlerClassName("WSSecurityHandlerOutbound");

//handlerChain.add(handler);
com.hp.security.client.SecureService_Service ser=new com.hp.security.client.SecureService_Service();

com.hp.security.client.SecureService port = getPort();//ser.getSecureServicePort();//getPort();
//BindingProvider bindingProvider = (BindingProvider) port;
// bindingProvider.getBinding().setHandlerChain(handlerChain);
//((StubExt)port).setConfigName("Standard WSSecurity Client");
// TODO initialize WS operation arguments here
java.lang.String name = "";
// TODO process result here
java.lang.String result = port.getName("Shashank");
System.out.println("Result = "+result);
} catch (Exception ex) {
ex.printStackTrace();
System.out.println(ex.getMessage());
// TODO handle custom exceptions here
}

}

private static com.hp.security.client.SecureService getPort() throws Exception
{

URL wsdlURL = new URL("http://127.0.0.1:8080/TestSecure/SecureService?wsdl");
URL securityURL = new File("web//META-INF//jboss-wsse-client.xml").toURL();
System.out.println(securityURL.getPath());
QName serviceName = new QName("http://org.jboss.ws/samples/wssecurity", "SecureService");
System.out.println(serviceName.toString());
Service service = Service.create(wsdlURL, serviceName);

SecureService port = (SecureService)service.getPort(SecureService.class);
//((ServiceExt)service)setSecurityConfig(securityURL.toExternalForm());

//((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
//((StubExt)port).setConfigName("Standard WSSecurity Client");

Map<String, Object> reqContext =
((BindingProvider)port).getRequestContext();
reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"http://127.0.0.1:8080/TestSecure/SecureService");

return port;
}

I have all the configuration files on server as well as client....
On client I have
META-INF/standard-jaxws-client-config.xml
META-INF/jboss-wsse-client.xml
META-INF/wsse.keystore
META-INF/wsse.truststore

On server I have
under
web-inf /jboss-wsse-server.xml
web-inf/wsse.keystore
web-inf/wsse.truststore

I dont see any changes as configured in samples...Still I tried everything I am unable to get it working.Pls help

I created a standalone client. I get the following errors
Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/util/NotImplementedException
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:2357)
at java.lang.Class.getConstructor0(Class.java:2671)
at java.lang.Class.newInstance0(Class.java:321)
at java.lang.Class.newInstance(Class.java:303)
at javax.xml.ws.spi.FactoryFinder.newInstance(FactoryFinder.java:36)
at javax.xml.ws.spi.FactoryFinder.find(FactoryFinder.java:95)
at javax.xml.ws.spi.Provider.provider(Provider.java:83)
at javax.xml.ws.Service.(Service.java:56)
at com.hp.security.client.SecureService_Service.(SecureService_Service.java:40)
at com.hp.standalone.NewClient.(NewClient.java:44)
at com.hp.standalone.NewClient.main(NewClient.java:94)

Pls help.
Shashank

3. Re: how to secure web services in jboss?

smjain Feb 10, 2008 11:29 AM (in response to thomaschan)

After adding few more jars in classpath i start getting this error
org.jboss.xb.binding.JBossXBRuntimeException: Failed to create a new SAX parser

4. Re: how to secure web services in jboss?

smjain Feb 10, 2008 11:47 PM (in response to thomaschan)

When I run the same with WSrunclient

I get the following error

javax.xml.ws.soap.SOAPFaultException: org.jboss.ws.core.CommonSOAPFaultException
: This service requires <wsse:Security>, which is missing.
at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS.getSOAPFaultException(SO
APFaultHelperJAXWS.java:72)
at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS.throwFaultExceptio
n(SOAP11BindingJAXWS.java:109)
at org.jboss.ws.core.CommonSOAPBinding.unbindResponseMessage(CommonSOAPB
inding.java:579)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:381)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:300)

at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:16
6)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:15
2)
at $Proxy8.getName(Unknown Source)
at com.hp.standalone.NewClient.(NewClient.java:54)
at com.hp.standalone.NewClient.main(NewClient.java:94)
org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security
>, which is missing.

regards
Shashank

5. Re: how to secure web services in jboss?

peterj Feb 12, 2008 2:27 AM (in response to thomaschan)

It is amazing how using the wsrunclient script gets rid of most of the class-not-found errors, isn't it?

Anyway, the error "This service requires <wsse:Security>, which is missing." means that the client still doesn't know you are using WSSecurity. What you are missing is the META-INF/standard-jaxws-client-config.xml file in your client. An example file can be found at ./server/default/deploy/jbossws.sar/META-INF. Take that file, remove all of the client-config entries, except the one named "Standard WSSecurity Client", and package it with your client.