12 Replies Latest reply on Feb 22, 2007 9:45 PM by claprun

wsrp with https

karink Feb 1, 2007 11:03 AM

Hi,
I use JBoss Portal 2.6 DR1.
I would like to access Remote Portlets by means of WSRP over https.
The exposed WSDL contains not https service location but http.

I can access the wsdl by means of https
but the soap address location stays http.

e.g. invoking https://host:httpsport/portal-wsrp/PortletManagementService?wsdl

the shown wsdl looks like:

<wsdl:definitions targetNamespace="urn:oasis:names:tc:wsrp:v1:wsdl">
<wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
?
 <wsdl:service name="WSRPService">
?
 <wsdl:port binding="bind:WSRP_v1_PortletManagement_Binding_SOAP" name="WSRPPortletManagementService">
<soap:address location="http://host:httpport/portal-wsrp/PortletManagementService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_Registration_Binding_SOAP" name="WSRPRegistrationService">
<soap:address location="https://host:httpport/portal-wsrp/RegistrationService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService">
<soap:address location="https://host:httpportportal-wsrp/MarkupService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_ServiceDescription_Binding_SOAP" name="WSRPServiceDescriptionService">
<soap:address location="https://host:httpport/portal-wsrp/ServiceDescriptionService"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>

I did modify it manually in the file portal-wsrp.jse (file wsrp_services.wsdl).
changing <soap:address location="REPLACE_WITH_ACTUAL_URL"/>
to
https//REPLACE_WITH_ACTUAL_URL.
It does not work. I also changed the web.xml file and inserted the following

<security-constraint>
 <web-resource-collection>
 <web-resource-name>all</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>

-> Does not work either?

Any other ideas?
Regards
Karin

1. Re: wsrp with https

julien1 Feb 1, 2007 6:24 PM (in response to karink)
I am not the specialist here but I can try to help you. Chris which is our WSRP lead is currently away for a few days.

You could try to secure the endpoints in web.xml located in : jboss-portal.sar/portal-wsrp.sar/portal-wsrp.war/WEB-INF/web.xml

try with the ServiceDescriptionService endpoint like that

<security-constraint> <web-resource-collection> <web-resource-name>Secure Area</web-resource-name> <url-pattern>/ServiceDescriptionService</url-pattern> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>

and also do it for the 3 other endpoints you can find in the web.xml
Actions

2. Re: wsrp with https

karink Feb 7, 2007 6:28 AM (in response to karink)

Hi Julien,

thanks for your reply.

I added the security constraints to the web.xml file
located in jboss-portal.sar/portal-wsrp.sar/portal-wsrp.jse. There is no portal-wsrp.war directory. It seems to work except for the wsdl:import.

After adding the security-constraints the shown wsdl looks like this:

<wsdl:definitions targetNamespace="urn:oasis:names:tc:wsrp:v1:wsdl">
<wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
?
 <wsdl:service name="WSRPService">
?
 <wsdl:port binding="bind:WSRP_v1_PortletManagement_Binding_SOAP" name="WSRPPortletManagementService">
<soap:address location="https://host:8444/portal-wsrp/PortletManagementService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_Registration_Binding_SOAP" name="WSRPRegistrationService">
<soap:address location="https://host:8444/portal-wsrp/RegistrationService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService">
<soap:address location="https://host:8444/portal-wsrp/MarkupService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_ServiceDescription_Binding_SOAP" name="WSRPServiceDescriptionService">
<soap:address location="https://host:8444/portal-wsrp/ServiceDescriptionService"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>

As you can see the https port is missing in the url of wsdl:import

<wsdl:import location="https://host/portal-wsrp/P....

Regards
Karin

3. Re: wsrp with https

karink Feb 7, 2007 7:32 AM (in response to karink)

Hi Julien,
I just would like to inform you, that I have til now official support
and opened a call in network.jboss.com
ID is 00014082
Regards Karin
Actions
4. Re: wsrp with https

claprun Feb 8, 2007 9:00 PM (in response to karink)
I have been reading the JBoss WS documentation and as far as I can tell, you only need to replace all the soap-address elements in
portal-wsrp.sar/portal-wsrp.jse/WEB-INF/wsdl/wsrp_services.xml
by the correct URL (including port). For example:
<wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService"> <soap:address location="https://localhost:8443/portal-wsrp/ServiceDescriptionService"/> </wsdl:port>

You also need to perform the usual configuration steps to enable SSL support on AS as detailed in http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch9.chapt.html#d0e21962 and http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#d0e20970. Then, configure your consumer to use the https port. You will need to use JBoss WS 1.0.4.GA for this to work properly, by the way.
For the complete procedure, see http://wiki.jboss.org/wiki/Wiki.jsp?page=WSRPUseSSL.
Actions
5. Re: wsrp with https

julien1 Feb 9, 2007 11:46 AM (in response to karink)

thanks Chris for the update, this wiki needs to be added to the documentation too.
Actions
6. Re: wsrp with https

claprun Feb 9, 2007 2:08 PM (in response to karink)

It's on my todo list... ;)
Actions

7. Re: wsrp with https

karink Feb 13, 2007 11:53 AM (in response to karink)

hi,
setting the hostname and port directly in the file

portal-wsrp.sar/portal-wsrp.jse/WEB-INF/wsdl/wsrp_services.xml

has the same effect than the solution with the security-constraints (as Julien told me first).

Means that my wsdl looks like this

<wsdl:definitions targetNamespace="urn:oasis:names:tc:wsrp:v1:wsdl">
<wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
?
 <wsdl:service name="WSRPService">
?
 <wsdl:port binding="bind:WSRP_v1_PortletManagement_Binding_SOAP" name="WSRPPortletManagementService">
<soap:address location="https://host:8444/portal-wsrp/PortletManagementService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_Registration_Binding_SOAP" name="WSRPRegistrationService">
<soap:address location="https://host:8444/portal-wsrp/RegistrationService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService">
<soap:address location="https://host:8444/portal-wsrp/MarkupService"/>
</wsdl:port>
?
 <wsdl:port binding="bind:WSRP_v1_ServiceDescription_Binding_SOAP" name="WSRPServiceDescriptionService">
<soap:address location="https://host:8444/portal-wsrp/ServiceDescriptionService"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>

Again in the WSDL import there is no port specified:
see

<wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>

Shouldn't it look like:

<wsdl:import location="https://host:8444/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>

Furthermore, I would like to have a way by not setting port and host
manually in a WSRP internal file. We have more than 40 applications having their own port. They should just use WSRP as a deployed service and not to have to modify internal WSRP files by themselfes.

regards
Karin

8. Re: wsrp with https

claprun Feb 13, 2007 6:37 PM (in response to karink)

Which version of JBoss WS are you using? The solution provided in the Wiki will only work with JBoss WS 1.0.4.GA...

As far as having to modify the internal file manually, I totally agree with you. However, I haven't been able to find how to have JBoss WS to pick up the port automatically without having to modify the wsrp_services.xml file. See: http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html. I will ask the WS team to see if there is a better way.
Actions
9. Re: wsrp with https

karink Feb 14, 2007 1:46 AM (in response to karink)

Hi Chris,
I use
jbossws-1.0.4.GA (date=200611151648)
(as the log file stated).

Do you not have the problem with the missing port in the wsdl:import?
Actually will it hurt? I can access JBoss Portlet by means of WSRP (over SSL, simplest case just encrypted communication, without client authentification or trust to a specific server). I have problems doing it when using SAP Portal as consumer portal.
Therefore I would like to make sure, that this is not a JBoss problem.

regards
Karin
Actions
10. Re: wsrp with https

claprun Feb 14, 2007 12:54 PM (in response to karink)

When I checked the other day, I didn't have the problem with the missing port in the WSDL file. I'll check again.
Actions
11. Re: wsrp with https

karink Feb 22, 2007 9:01 AM (in response to karink)
Hi Chris,
I finally found the problem.
It was caused by the configuration of the https connector from tomcat.

I used this configuration
<Connector port="9100" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" proxyPort="443" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/jboss.p12" keystorePass="asfsdf" keystoreType="PKCS12" sslProtocol = "TLS" />

The parameter called proxyPort is the problem. Specifiying it causes
that the wsdl:import url is generated without url (I suppose because 443
is the default port for https).

I think this is a JBossWS Bug, because either all generated urls should
be with the current port or should use the proxy port. Currently it is mixed.
We will report this issue as bug.

Regards Karin
Actions
12. Re: wsrp with https

claprun Feb 22, 2007 9:45 PM (in response to karink)

A servlet filter has been implemented to rewrite incorrect ports in the WSDL file that JBoss WS publishes. This is availble for both 2.6 and 2.4 in Subversion...
Actions

Go to original post