5 Replies Latest reply on Mar 23, 2010 5:00 PM by chubinator

Problem with WS Security

cichykloszard Jan 23, 2010 9:44 AM

Hi everyone,

I`m trying to implement WS server and client with WS Security for several last days.

My server looks like:

package test;

import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService()
public class Calculator {
    @WebMethod
    public int add(int value1, int value2) {
        return value1 + value2;
    }
}

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.4">
    <servlet>
        <display-name>Calculator</display-name>
        <servlet-name>Calculator</servlet-name>
        <servlet-class>
            test.Calculator
        </servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>Calculator</servlet-name>
        <url-pattern>/calculator</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
    </welcome-file-list>
</web-app>

jboss-wsse-server.xml:

<jboss-ws-security
   xmlns="http://www.jboss.com/ws-security/config"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
   <key-store-file>WEB-INF/server.keystore</key-store-file>
   <key-store-password>pass123</key-store-password>
   <key-store-type>jks</key-store-type>
   <trust-store-file>WEB-INF/server.truststore</trust-store-file>
   <trust-store-password>pass123</trust-store-password>
   <trust-store-type>jks</trust-store-type>
   <key-passwords>
      <key-password alias="server" password="pass123" />
   </key-passwords>
   <config>
      <encrypt type="x509v3" alias="client" />
      <requires>
         <encryption />
      </requires>
   </config>
</jboss-ws-security>

I`ve put server.keystore and server.truststore into web-inf direcotry.

My Client:

package test;

import org.jboss.ws.annotation.EndpointConfig;

@EndpointConfig(configName="Standard WSSecurity Endpoint")

public class Client {

    public static void main(String[] args) {

             CalculatorService svc = new CalculatorService();
            Calculator calc = svc.getCalculatorPort();
            System.out.println("2 + 2 = " + calc.add(2, 2));
    }
}

I`ve put client.keystore, client.truststore, jboss-wsse-client.xml and standard-jaxws-client-config.xml to meta-inf directory.

When I deploy server, I can see wsdl file. But when I run the client i get :

Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing.
        at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
        at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
        at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
        at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
        at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
        at $Proxy25.add(Unknown Source)
        at test.Client.main(Client.java:9)

Can anyone help me?

Marcin Ostachowski

1. Re: Problem with WS Security

rinku.garg Feb 27, 2010 12:00 AM (in response to cichykloszard)

Hi Mercin,

I am also facing the same problem. are you able to fix this problem. If yes then please let me know. I need an urgent help on this.
I am using Java 1.5 and Jboss 5.1.0

Thanks

Regards
Rinku Garg
Actions
2. Re: Problem with WS Security

wkubina Mar 4, 2010 7:52 PM (in response to cichykloszard)

I'm having the same problem so I don't have the full solution yet, but I did notice you put @EndpointConfig on the client code. It should be the other way around - @EndpointConfig should be declared just above or below your @WebService annotation on the server code, and no need for the annotation on the client code. 95% sure on that.
Actions
3. Re: Problem with WS Security

asoldano Mar 11, 2010 5:26 AM (in response to wkubina)

Yes, the annotation if for server side. On client side you need to provide the client configuration to use through the StubExt interface:

((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
((StubExt)port).setConfigName("Standard WSSecurity Client");
Actions
4. Re: Problem with WS Security

wkubina Mar 11, 2010 1:12 PM (in response to asoldano)
I got this working, and here are a few suggestions on things to try that worked for me. This is the setup for an EJB web service on JBoss 6.0 M1 with WS-Security features of signing and encryption.

Server:
On the server side you need these files in your META-INF directory if you're doing and EJB web service.
Server truststore and keystore. Assuming you know how to set these up.
jboss-wsse-server.xml (Lacking contents, let me know if you need them)
Then also on the server side you need to annotate your web service at the class level with @EndpointConfig(configName = "Standard WSSecurity Endpoint").
Setup JBoss so it logs the SOAP messages in the $JBOSS_HOME/server/<config>/log/server.log file. To do that go to $JBOSS_HOME/server/<config>/conf/jboss-log4j.xml and find this area and uncomment:

<code>
 <category name="org.jboss.ws.core.MessageTrace"> <priority value="TRACE"/> </category>
</code>

Client:
On the client side you need these files in your META-INF directory.
Client truststore and keystore.
jboss-wsse-client.xml (Lacking contents, let me know if you need them)
standard-jaxws-client.config.xml (Lacking contents, let me know if you need them)
You can generate the classes needed for the WSDL using $JBOSS_HOME/bin/wscompile -k http://localhost:8080/servicejar/ServiceName?WSDL. Then take the classes in the generated output directory and add it to your client.
Then get the service by doing something like MyService service = new MyService_Service().getMyServiceSOAP();. That will contain the methods in your actual web service.
Then add this JVM argument to the client. This is in all likelihood what you're missing.
-Djava.endorsed.dirs=<Replace with $JBOSS_HOME>\lib\endorsed
If it doesn't work you should setup Log4j on the client, because the errors are likely being swallowed as some of the libraries are setup to spit the detailed error information into a log.

Hope that helps at least some.
Actions
5. Re: Problem with WS Security

chubinator Mar 23, 2010 5:00 PM (in response to wkubina)

This helped me out a great deal. I was not able to find documentation stating that the @EndpointConfig annotation was required. Some of the links on the Wiki are broken, so perhaps its burried there but not reachable.

Thanks!
Actions

Go to original post