2 Replies Latest reply on Apr 1, 2008 10:06 PM by esacchi

WS-Security and Dispatch

esacchi Apr 1, 2008 5:29 PM

Dear Sirs:

We was working with JAXWS "Dispatch" to dynamically invoke a WS endpoint with WS-Security, and we had some problems that we
couldn't solve yet. We will appreciate your help.

When the program invokes the endpoint using the static class build with wsconsume it work properly including the security stuff but when
we use (in the same installation and with the same ws) through Dispatch dynamically the signature is not validated.

The current JBOSS config is Jboss 4.2.2. with jbossws-native-2.0.3.GA

Bellow you can see the WS and client source code and the trace errors for the server and client.

Thanks in advance and best regards

The Web Service Code

package pkg;

import java.security.Principal;

import javax.annotation.Resource;
import javax.jws.HandlerChain;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
import javax.jws.soap.SOAPBinding.Style;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;

import org.jboss.ws.annotation.EndpointConfig;

@WebService(name = "TestEndpoint", serviceName = "TestEndpointService",
targetNamespace = "http://org.jboss.ws/jaxws/context")
@SOAPBinding(style = Style.DOCUMENT)
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
public class EndpointJSE {

 @Resource
 WebServiceContext wsCtx;

 @WebMethod
 public String hello(Person p) {
 return "Hello " + p.getFirstName() + " " + p.getLastName();
 }
}

public class Person implements Serializable {

 private String firstName;
 private String lastName;

 public String getFirstName() {
 return firstName;
 }

 public void setFirstName(String firstName) {
 this.firstName = firstName;
 }

 public String getLastName() {
 return lastName;
 }

 public void setLastName(String lastName) {
 this.lastName = lastName;
 }
}

The Client Code

public class Test {

 public static void testWSWeb() {
 setSystemProperties();
 try {
 pruebaInicial();
 } catch (Exception ex) {
 ex.printStackTrace();
 }
 try {
 llamadoDinamico();
 } catch (Exception ex) {
 ex.printStackTrace();
 }
 }

 private static void pruebaInicial() {
 TestEndpointService service = new TestEndpointService();
 TestEndpoint port = service.getTestEndpointPort();
 BindingProvider provider = (BindingProvider) port;

 provider.getRequestContext()
 .put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
 "http://127.0.0.1:8888/M3_Ejemplo03_WSWeb");

 /*
 * Agrego handler standard para WS-Security en JBoss Alternativa
 * que le camina por arriba a los otros handlers
 */
 ((StubExt) port).setConfigName("Standard WSSecurity Client");

 Person p = new Person();
 p.setFirstName("Emiliano");
 p.setLastName("Sacchi");
 System.out.println(port.hello(p));
 }


 private static void llamadoDinamico() throws IOException,
 DatatypeConfigurationException {
 URL url = new URL("http://127.0.0.1:8888/M3_Ejemplo03_WSWeb?wsdl");
 URL securityURL = new File(

"/home/esacchi/desarrollo/workspace/M3_Ejemplo03_WSWebClient/src/META-INF/jboss-wsse-client.xml")
 .toURL();

 QName serviceName = new QName("http://org.jboss.ws/jaxws/context",
 "TestEndpointService");
 Service service = Service.create(url, serviceName);
 Iterator<QName> i = service.getPorts();

 QName name = null;
 while (i.hasNext()) {
 name = (QName) i.next();
 System.out.println(name);
 }

 // service.getPort();

 Dispatch<Source> sourceDispatch = null;
 sourceDispatch = service.createDispatch(name, Source.class,
 Service.Mode.PAYLOAD);


 ((ConfigProvider) sourceDispatch).setSecurityConfig(securityURL
 .toExternalForm());
 ((ConfigProvider) sourceDispatch)
 .setConfigName("Standard WSSecurity Client");

 String request = "<ns1:hello xmlns:ns1='http://org.jboss.ws/jaxws/context'><arg0><firstName>Emiliano</firstName><lastName>Sacchi</lastName></arg0></ns1:hello>";
 System.out.println("\nInvoking xml request: " + request);
 Source result = sourceDispatch.invoke(new StreamSource(
 new StringReader(request)));

 System.out.println("Received xml response: " + result);

 Element docElement = DOMUtils.sourceToElement(result);
 Element retElement = DOMUtils.getFirstChildElement(docElement);
 String retPayload = DOMWriter.printNode(retElement, false);
 System.out.println("Received response: " + retPayload);
 }
}

Client Output

pruebaInicial()

01-abr-2008 16:47:43 org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#element-1-1207079263166-18667724"
01-abr-2008 16:47:43 org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#timestamp"
Hello Emiliano Sacchi

llamadoDinamico()

{http://org.jboss.ws/jaxws/context}TestEndpointPort

Invoking xml request: <ns1:hello
xmlns:ns1='http://org.jboss.ws/jaxws/context'><arg0><firstName>Emiliano</firstName><lastName>Sacchi</lastName></arg0></ns1:hello>
javax.xml.ws.soap.SOAPFaultException:
org.jboss.ws.core.CommonSOAPFaultException: Signature is invalid.
 at
org.jboss.ws.core.jaxws.client.DispatchSOAPBinding.getReturnObject(DispatchSOAPBinding.java:165)
 at
org.jboss.ws.core.jaxws.client.DispatchImpl.getReturnObject(DispatchImpl.java:447)
 at
org.jboss.ws.core.jaxws.client.DispatchImpl.invokeInternalSOAP(DispatchImpl.java:249)
 at
org.jboss.ws.core.jaxws.client.DispatchImpl.invokeInternal(DispatchImpl.java:168)
 at
org.jboss.ws.core.jaxws.client.DispatchImpl.invoke(DispatchImpl.java:132)
 at test.Test.llamadoDinamico(Test.java:135)
 at test.Test.testWSWeb(Test.java:55)
 at test.Test.main(Test.java:39)

Server Output

pruebaInicial()

16:47:42,826 INFO [Reference] Verification successful for URI
"#element-1-1207079261680-33340097"
16:47:42,827 INFO [Reference] Verification successful for URI "#timestamp"

llamadoDinamico()

16:47:47,267 WARN [Reference] Verification failed for URI
"#element-4-1207079267194-23838383"
16:47:47,268 INFO [Reference] Verification successful for URI "#timestamp"
16:47:47,269 ERROR [WSSecurityDispatcher] Internal error occured
handling inbound message:
org.jboss.ws.extensions.security.exception.FailedCheckException:
Signature is invalid.
 at
org.jboss.ws.extensions.security.SignatureVerificationOperation.process(SignatureVerificationOperation.java:61)
 at
org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:124)
 at
org.jboss.ws.extensions.security.SecurityDecoder.decode(SecurityDecoder.java:186)
 at
org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:149)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
 at
org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
 at
org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:128)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:418)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:274)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:191)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:124)
 at
org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
 at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
 at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
 at java.lang.Thread.run(Thread.java:595)
16:47:47,270 ERROR [HandlerChainExecutor] Exception during handler
processing
org.jboss.ws.core.CommonSOAPFaultException: Signature is invalid.
 at
org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:107)
 at
org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:179)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
 at
org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
 at
org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:128)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:418)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:274)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:191)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:124)
 at
org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
 at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
 at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
 at java.lang.Thread.run(Thread.java:595)
16:47:47,446 ERROR [SOAPFaultHelperJAXWS] SOAP request exception
javax.xml.ws.WebServiceException:
org.jboss.ws.core.CommonSOAPFaultException: Signature is invalid.
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFailure(HandlerChainExecutor.java:276)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:155)
 at
org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:128)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:418)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:274)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:191)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:124)
 at
org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
 at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
 at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
 at java.lang.Thread.run(Thread.java:595)
Caused by: org.jboss.ws.core.CommonSOAPFaultException: Signature is invalid.
 at
org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:107)
 at
org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:179)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
 at
org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
 ... 27 more
16:47:47,588 ERROR [SOAPFaultHelperJAXWS] SOAP request exception
javax.xml.ws.WebServiceException:
org.jboss.ws.core.CommonSOAPFaultException: Signature is invalid.
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFailure(HandlerChainExecutor.java:276)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:155)
 at
org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:128)
 at
org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:172)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:418)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:274)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:191)
 at
org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:124)
 at
org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
 at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
 at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
 at java.lang.Thread.run(Thread.java:595)
Caused by: org.jboss.ws.core.CommonSOAPFaultException: Signature is invalid.
 at
org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:107)
 at
org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:179)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
 at
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
 at
org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
 at
org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
 ... 27 more

1. Re: WS-Security and Dispatch

cavani Apr 1, 2008 5:56 PM (in response to esacchi)

There is a bug in 2.0.2 and 2.0.3 that result in not decryptation of response message. 2.0.4 fix this.

http://jira.jboss.org/jira/browse/JBWS-1966

http://www.jboss.com/index.html?module=bb&op=viewtopic&t=128353

Thanks,
Actions
2. Re: WS-Security and Dispatch

esacchi Apr 1, 2008 10:06 PM (in response to esacchi)

thanks
obrigado
gracias
Actions

Go to original post