missing <wsse:Security> tag in WS-Security
t.himaja Jan 12, 2011 4:18 AMHi,
I made ejb module as web service. And i want to encrypt SOAP message based on WS-Security for that web service.
I followed Jboss in Action to configure WS-Security in Jboss server.
At Server side:
Server.java
import javax.jws.WebService; import javax.ejb.Stateless; import org.jboss.ws.annotation.EndpointConfig; @WebService() @EndpointConfig(configName="Standard WSSecurity Endpoint") @Stateless() public class Server { public String message(){ return "hello"; } }
I added jboss-wsse-server.xml, wsse.keystore, wsse.truststore in META-INF folder.
jboss-wsse-server.xml
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>META-INF/wsse.keystore</key-store-file> <key-store-type>jks</key-store-type> <key-store-password>wsseServer</key-store-password> <trust-store-file>META-INF/wsse.truststore</trust-store-file> <trust-store-type>jks</trust-store-type> <trust-store-password>wsseServer</trust-store-password> <config> <encrypt type="x509v3" alias="wsseClient"/> <requires> <encryption /> </requires> </config> </jboss-ws-security>
wsse.keystore
Your keystore contains 2 entries Alias name: wsseserver Creation date: 5 Jan, 2011 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in Issuer: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in Serial number: 4d23ffdf Valid from: Wed Jan 05 10:51:35 IST 2011 until: Tue Apr 05 10:51:35 IST 2011 Certificate fingerprints: MD5: 8D:6A:3E:C2:5C:B4:70:E1:18:E6:FB:97:4A:9B:74:A1 SHA1: FE:7A:8A:EF:29:18:C4:42:75:E4:1E:18:C5:94:92:FE:D3:FC:41:3F Signature algorithm name: SHA1withRSA Version: 3 Alias name: wsseclient Creation date: 5 Jan, 2011 Entry type: trustedCertEntry Owner: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in Issuer: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in Serial number: 4d2403fc Valid from: Wed Jan 05 11:09:08 IST 2011 until: Tue Apr 05 11:09:08 IST 2011 Certificate fingerprints: MD5: 82:09:26:68:DC:AE:FC:47:1E:C8:C5:A8:61:5A:EA:87 SHA1: 0C:02:AE:FA:66:64:38:8F:39:6F:B9:C6:F4:E4:12:7F:AF:78:EF:EE Signature algorithm name: SHA1withRSA Version: 3
in wsse.truststore
Your keystore contains 1 entry Alias name: wsseserver Creation date: 5 Jan, 2011 Entry type: trustedCertEntry Owner: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in Issuer: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in Serial number: 4d23ffdf Valid from: Wed Jan 05 10:51:35 IST 2011 until: Tue Apr 05 10:51:35 IST 2011 Certificate fingerprints: MD5: 8D:6A:3E:C2:5C:B4:70:E1:18:E6:FB:97:4A:9B:74:A1 SHA1: FE:7A:8A:EF:29:18:C4:42:75:E4:1E:18:C5:94:92:FE:D3:FC:41:3F Signature algorithm name: SHA1withRSA Version: 3
i added jbossws-core.jar
At Client side:
My client is a stand-alone application and i didnot include any jars at this side
public class Main { public static void main(String[] args) { try { // Call Web Service Operation com.ServerService service = new com.ServerService(); com.Server port = service.getServerPort(); java.lang.String result = port.message(); System.out.println("Result = "+result); } catch (Exception ex) { ex.printStackTrace(); } } }
jboss-wsse-client.xml
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file> META-INF/wsseClient.keystore</key-store-file> <key-store-type>jks</key-store-type> <key-store-password>wsseClient</key-store-password> <trust-store-file> META-INF/wsseClient.truststore</trust-store-file> <trust-store-type>jks</trust-store-type> <trust-store-password>wsseClient</trust-store-password> <config> <encrypt type="x509v3" alias="wsseServer"/> <requires> <encryption/> </requires> </config> </jboss-ws-security>
standard-jaxws-client-config.xml(copied this file from jboss server deployers/jbossws.deployer/META-INF/standard-jaxws-client-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd"> <client-config> <config-name>Standard WSSecurity Client</config-name> <post-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings> <javaee:handler> <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name> <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class> </javaee:handler> </javaee:handler-chain> </post-handler-chains> </client-config> </jaxws-config>
wsseClient.keystore
Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: wsseserver Creation date: 5 Jan, 2011 Entry type: trustedCertEntry Owner: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in Issuer: CN=wsseServer, OU=esm, O=mq, L=hyd, ST=ap, C=in Serial number: 4d23ffdf Valid from: Wed Jan 05 10:51:35 IST 2011 until: Tue Apr 05 10:51:35 IST 2011 Certificate fingerprints: MD5: 8D:6A:3E:C2:5C:B4:70:E1:18:E6:FB:97:4A:9B:74:A1 SHA1: FE:7A:8A:EF:29:18:C4:42:75:E4:1E:18:C5:94:92:FE:D3:FC:41:3F Signature algorithm name: SHA1withRSA Version: 3 Alias name: wsseclient Creation date: 5 Jan, 2011 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in Issuer: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in Serial number: 4d2403fc Valid from: Wed Jan 05 11:09:08 IST 2011 until: Tue Apr 05 11:09:08 IST 2011 Certificate fingerprints: MD5: 82:09:26:68:DC:AE:FC:47:1E:C8:C5:A8:61:5A:EA:87 SHA1: 0C:02:AE:FA:66:64:38:8F:39:6F:B9:C6:F4:E4:12:7F:AF:78:EF:EE Signature algorithm name: SHA1withRSA Version: 3
wsseClient.truststore
Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: wsseclient Creation date: 5 Jan, 2011 Entry type: trustedCertEntry Owner: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in Issuer: CN=wsseClient, OU=esm, O=mq, L=hyd, ST=ap, C=in Serial number: 4d2403fc Valid from: Wed Jan 05 11:09:08 IST 2011 until: Tue Apr 05 11:09:08 IST 2011 Certificate fingerprints: MD5: 82:09:26:68:DC:AE:FC:47:1E:C8:C5:A8:61:5A:EA:87 SHA1: 0C:02:AE:FA:66:64:38:8F:39:6F:B9:C6:F4:E4:12:7F:AF:78:EF:EE Signature algorithm name: SHA1withRSA Version: 3
i included all these configuration files in META-INF folder.
but i am getting error as
at client-side
javax.xml.ws.soap.SOAPFaultException: This service requires <wsse:Security>, which is missing. at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178) at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
at server-side
Exception during handler processing org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing. at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault(WSSecurityDispatcher.java:264) at org.jboss.ws.extensions.security.WSSecurityDispatcher.decodeMessage(WSSecurityDispatcher.java:94) at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:81)
when i checked server.log, either incoming soap message or outgoing soap message not encrypted.
Do i need to add any more files or do any modifications?
please help me in solving out this issue.
I need to solve it as soon as possible.
U can also specify any references, so that i can follow
Thanks in advance.