Need help : JBossWS Security!
xinhua Apr 30, 2008 5:13 AMHi all,
i want to use ssl and signature to protect my WS on Jboss4.2.2GA , ssl works perfectly but when i use client to send a request with signature, i always got an error. My codes, configurations and evn listed as followed:
JBoss4.2.2GA
jdk1.5
SSL keyStore&trustStore file: ksbws.keystore
Signature keyStore&trustStore file: ksbws_security.keystore
Server Side:
@Stateless @SecurityDomain("JBossWS") @RolesAllowed("friend") @WebService(endpointInterface="de.xxx.xxx.KSBService") @WebContext(contextRoot="/KSBService", urlPattern="/*", authMethod="BASIC", transportGuarantee="CONFIDENTIAL", secureWSDLAccess=false) @EndpointConfig(configName = "Standard WSSecurity Endpoint") public class KSBServiceBean implements KSBService,KSBServiceRemote,KSBServiceLocal{ private static final Logger log = Logger.getLogger(KSBServiceBean.class); @EJB KSBManagerLocal ksb; public sting validateLogin(Long userNo, String password) { // doSomething } }
in META-INF/ i putted ksbws_security.keystore and jboss-wsse-server.xml
here is my jboss-wsse-server.xml:
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>META-INF/ksbws_security.keystore</key-store-file> <key-store-password>test</key-store-password> <trust-store-file>META-INF/ksbws_security.keystore</trust-store-file> <trust-store-password>test</trust-store-password> <config> <sign type="x509v3" alias="KSBWS_SECURITY" /> <requires> <signature /> </requires> </config> </jboss-ws-security>
Server side jar deployed without exception
Client:
codes
public static void main(String[] args) { KSBService ksb = null; try { //SSL keystore System.setProperty("javax.net.ssl.keyStore", "c:\\ksbws.keystore"); System.setProperty("javax.net.ssl.trustStore", "c:\\ksbws.keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "test"); System.setProperty("javax.net.ssl.trustStorePassword", "test"); System.setProperty("javax.net.ssl.keyStoreType", "jks"); System.setProperty("javax.net.ssl.trustStoreType", "jks"); System.setProperty("org.jboss.security.ignoreHttpsHost","true"); //Signature keystore System.setProperty("org.jboss.ws.wsse.keyStore","c:\\ksbws_security.keystore"); System.setProperty("org.jboss.ws.wsse.trustStore","c:\\ksbws_security.keystore"); System.setProperty("org.jboss.ws.wsse.keyStorePassword", "test"); System.setProperty("org.jboss.ws.wsse.trustStorePassword", "test"); System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks"); System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks"); Service service = Service.create(new URL("http://localhost:8180/KSBService/KSBServiceBean?wsdl"), new QName("http://xxx.xxx.de/","KSBServiceBeanService") ); ksb= service.getPort(KSBService.class); ((StubExt) ksb).setConfigName("Standard WSSecurity Client"); BindingProvider bp = (BindingProvider)ksb; bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit"); bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog"); } catch (Exception e) { .... ...
also, i putted jboss-wsse-client.xml in META-INF/
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <sign type="x509v3" alias="KSBWS_SECURITY"/> <requires> <signature/> </requires> </config> </jboss-ws-security>
But when i run client , an Exception like this:
java.lang.ClassCastException: $Proxy23 cannot be cast to org.jboss.ws.core.StubExt at dexxxxx.xxxx.xxxx.MultiThreadsTest.main(MultiThreadsTest.java:43) Exception in thread "Thread-1" com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized at com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400) at com.sun.xml.ws.client.Stub.process(Stub.java:235) at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:120) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210) at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103) at $Proxy23.validateLogin(Unknown Source)
It seems that jboss-wsse-client.xml was not readed by client.
If i remove codes and configs for signature, SSL works fine.
can anyone help me???
thanks