1 Reply Latest reply on Mar 21, 2008 12:19 PM by asoldano

Yet another WS-Security question ...

viniciuscarvalho Mar 10, 2008 4:50 PM

Hello there! I'm using JBoss 4.2.1.GA with JBoss WS

Before one can point, I've already read:

http://jbws.dyndns.org/mediawiki/index.php?title=User_Guide#WS-Security
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=105580&postdays=0&postorder=asc&start=10
http://jbws.dyndns.org/mediawiki/index.php?title=WS-Security_options
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=94406&postdays=0&postorder=asc&start=10

Although those really helped me getting things started, I could not get security running.

I have 2 services that need to have an encryption/sign options. I decided to do this using certificates.

One of the services, is a pure JSR-189 WS:

@Stateless(name="CSMQueryService")
@WebService(serviceName="CSMQueryService",targetNamespace="http://www.synos.com.br/CSM/definitions")
@SOAPBinding(use = SOAPBinding.Use.LITERAL, style = SOAPBinding.Style.DOCUMENT)
@WebContext(contextRoot="/csm/services",urlPattern="/CSMQueryService")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@HandlerChain(file="resource://META-INF/ServerHandler.xml")
public class CSMQueryServiceImpl implements CSMQueryService

The other, is a bit trick since I've implemented the WSDL from a top-down approach, and it was hand created. But, I can't get even this one working :(

I have a jar, with jboss-wsse-server.xml, ServerHandler, csm.keystore, csm.truststore inside its META-INF dir.

During deployment, there's no error, neither warning on the console. But, when I access the service's WSDL I was hoping to find some ws-security related stuff in there, but there was none, this was my first concern.

So I tried to access it using SOAPUI (I'll not try to run tests using jboss ws clients, since this service will be accessed using other languages like .net). Well, I did not set the certificate on SOAPUI on purpose, but I was expecting an error like "Not allowed", instead, a nullpointer was thrown:

2008-03-10 17:34:05,463 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerResolverImpl] getHandlerChain: [type=POST,info=[service={http://www.synos.com.br/CSM/definitions}CSMQueryService,port={http://www.synos.com.br/CSM/definitions}CSMQueryServiceImplPort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
2008-03-10 17:34:05,464 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Create a handler executor: [WSSecurity Handler]
2008-03-10 17:34:05,464 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Enter: handleIn BoundMessage
2008-03-10 17:34:05,470 ERROR [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exception during handler processing
java.lang.NullPointerException
 at org.jboss.ws.extensions.security.Util.matchNode(Util.java:188)
 at org.jboss.ws.extensions.security.Util.matchNode(Util.java:183)
 at org.jboss.ws.extensions.security.Util.findElement(Util.java:89)
 at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:114)
 at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
 at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
 at org.jboss.wsf.spi.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
 at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
 at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
 at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
 at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:115)
 at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:159)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:396)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:260)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:177)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
 at org.jboss.wsf.spi.invocation.EndpointServlet.service(EndpointServlet.java:72)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Thread.java:595)
2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exit: handleIn BoundMessage with status: false
2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.jaxws.handler.MessageContextJAXWS] Begin response processing
2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.soap.MessageContextAssociation] popMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@1e7879f (Thread http-127.0.0.1-8080-1)
2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.soap.MessageContextAssociation] pushMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@4fe915 (Thread http-127.0.0.1-8080-1)
2008-03-10 17:34:05,484 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
javax.xml.ws.WebServiceException: java.lang.NullPointerException
 at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFailure(HandlerChainExecutor.java:276)
 at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:155)
 at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
 at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:115)
 at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:159)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:396)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:260)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:177)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
 at org.jboss.wsf.spi.invocation.EndpointServlet.service(EndpointServlet.java:72)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.NullPointerException
 at org.jboss.ws.extensions.security.Util.matchNode(Util.java:188)
 at org.jboss.ws.extensions.security.Util.matchNode(Util.java:183)
 at org.jboss.ws.extensions.security.Util.findElement(Util.java:89)
 at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:114)
 at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
 at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
 at org.jboss.wsf.spi.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
 at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
 at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
 ... 27 more
2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] Cannot obtain fault meta data for: class javax.xml.ws.WebServiceException
2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callFaultHandlerChain: PRE
2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callFaultHandlerChain: ENDPOINT
2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callFaultHandlerChain: POST
2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Enter: handleOutBoundFault
2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exit: handleOutBoundFault with status: true

It is my first time using WS-Sec on jbossws. I have used it before on glassfish. And the provider added few stuff on the WSDL to let the client know about the extensions to the WSDL.

I believe that my questions are:

1st: Does jbossws add this meta-data inside the secured service?
2nd: How do I get it running?

Regards[/url]

1. Re: Yet another WS-Security question ...

asoldano Mar 21, 2008 12:19 PM (in response to viniciuscarvalho)

Hi,
regarding your first concern, i.e. nothing related to ws-security in the wsdl, that's right since we currently support ws-security only, not ws-security policy, thus even if the security processing is correctly configured you should not expect it to be advertised in the wsdl.
Regarding your second issue, i.e. the null pointer exception you're getting, could you please tell me which JBossWS version you are using? Is it the one that ships with JBoss 4.2.1.GA? Btw you might want to try with the latest JBossWS version, since we've been making many fixes and changes to this stuff recently, so your issue might have been already addressed.
Actions