Unable to verify SOAP packet encryption
kcsavant Feb 27, 2010 5:09 AMHi,
I am trying to create a secured web service with SOAP encryption, I am following JBOSS IN ACTION by Manning, chapter 9. My setup is jboss-5.1.0.GA & jbossws-native-3.2.2.GA.
My service interface is like below
SalesTax.java @EndpointConfig(configName="Standard WSSecurity Endpoint") @SOAPBinding(style=SOAPBinding.Style.RPC) @WebService(name = "SalesTax", targetNamespace = "http://ws.abc.com/") public interface SalesTax { @WebMethod @WebResult(targetNamespace = "") @RequestWrapper(localName = "getRate", targetNamespace = "http://ws.abc.com/", className = "com.abc.ws.GetRate") @ResponseWrapper(localName = "getRateResponse", targetNamespace = "http://ws.abc.com/", className = "com.abc.ws.GetRateResponse") public double getRate( @WebParam(name = "arg0", targetNamespace = "") String arg0); }
My WS Implementation is
SalesTaxImpl.java
@WebService(name = "SalesTaxImpl", serviceName = "SalesTax", endpointInterface = "com.abc.ws.SalesTax", portName="SalesTaxPort") public class SalesTaxImpl implements SalesTax { private Map<String, Double> tax = new HashMap<String, Double>(); public void init() { tax.put("UP", 5.5); tax.put("AP", 8.25); tax.put("PU", 4.95); } public double getRate(String arg0) { init(); return tax.get(arg0) != null ? tax.get(arg0) : 0.0; } }
My WAR setup My Client Setup
I can deploy the web service successfully, now on client side I have below code.
My Client Implementation is as below
Client.java
public class Client { public static void main(String[] arg) { System.setProperty("org.jboss.ws.wsse.keyStore", "C://certificates//client.keystore"); System.setProperty("org.jboss.ws.wsse.keyStorePassword", "{CLASS}org.jboss.security.plugins.FilePassword:C://certificates//client.keystore.password"); System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks" ); System.setProperty("org.jboss.ws.wsse.trustStore", "C://certificates//client.truststore"); System.setProperty("org.jboss.ws.wsse.trustStorePassword", "{CLASS}org.jboss.security.plugins.FilePassword:C://certificates//client.truststore.password"); System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks"); String[] args = {"UP","AP","PU"}; if (args.length > 0) { SalesTax_Service svc = new SalesTax_Service(); SalesTax tax = svc.getSalesTaxPort(); BindingProvider bp = (BindingProvider)tax; Map<String, Object> rc = bp.getRequestContext(); rc.put(BindingProvider.USERNAME_PROPERTY, "keshav"); rc.put(BindingProvider.PASSWORD_PROPERTY, "Pass1@34"); for (int i = 0; i < args.length; i++) { double rate = tax.getRate(args[i]); System.out.println("Sales tax for " + args[i] + " is " + rate); } } } }
I can hit the web service using this client.I also uncommented the message trace for org.jboss.ws.core.MessageTrace class in jboo-log4j.xml file to analyse the SOAP packets.
BUT the problem is,
1. I dont know whether my service has been secured or not, because the SOAP packets(after each hit) in server.log does not show encrypted packet, it shows simply (non encrypted) packets.
Please let me know if I am missing out something. If required I can provide additional code files also.