7 Replies Latest reply on Oct 8, 2012 11:39 AM by ju-sepul

    JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem

    ju-sepul

      Im am testing JBossWS 4.0.2 over JBoss 7.1.1, i'm trying to run the Signing and Encritpting example but won't work JCE 6 installed, java.security edited for add Bouncy-Castle Provider and Bouncy-Castle provider added to WS client, im stucked still with exeption:

      javax.xml.ws.soap.SOAPFaultException: These policy alternatives can not be satisfied: 
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received Timestamp does not match the requirements
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
          at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:178)
          at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:111)
          at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
          at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
          at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
          at $Proxy27.sayHello(Unknown Source)
          at jboss.wsse.client.Client.sayHello(Client.java:43)
          at jboss.wsse.client.Client.main(Client.java:28)
      

      and in server

       

       

      [org.apache.cxf.phase.PhaseInterceptorChain] (http-localhost-127.0.0.1-8080-1) Interceptor for {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService#{http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}sayHello has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: These policy alternatives can not be satisfied: 
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received Timestamp does not match the requirements
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
          at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:47)
          at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
          at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
          at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
          at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)
          at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)
          at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
          at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
          at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
          at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
          at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi.jar:2.0.3.GA]
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
          at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
          at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_33]
      Caused by: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: 
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Received Timestamp does not match the requirements
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp: Received Timestamp does not match the requirements
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not SIGNED
      {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts: {http://schemas.xmlsoap.org/soap/envelope/}Body not ENCRYPTED
          at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:162)
          at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:99)
          at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45)
          ... 25 more
      

       

      is like still bare request is being sent, than you in advance

        • 1. Re: JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem
          vrlgohel

          Hi,

           

          How are you making the WS call and configuring the WS-Security ? Can you please post the soap message that you are sending ?

          • 2. Re: JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem
            asoldano

            Please also see the discussion on https://community.jboss.org/message/762796

            • 3. Re: JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem
              ju-sepul

              this is what wireshark found:

               

              eviclient1.jpeg

              is obvius that SOAP request is traveling as bare request while server is waiting chipered request, but i dont know where's the error

              here is the call:

               

              eviclient2.jpeg

              the main method is:

               

                  private static final String serviceURL = "http://localhost:8080/WSSecureTest";

               

                  public static void main(String args[]){

                      Security.addProvider(new BouncyCastleProvider());

                      sayHello();

                  }

               

              thank you i followed the instructions of JBossWS examples, is the same code and is not working...

              i a'm attaching client proyect in netbeans 7.2 for help.

              • 4. Re: JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem
                asoldano

                I can't say a lot from the wireshark image you posted, as that does not show the actual soap body contents (the signature and encrypted stuff should be in there if provided). Anyway, I still assume the ws-security (signature, etc) stuff is missing in there and I believe the reason is that while you're properly setting the apache cxf properties in the message context, the client is running using the JAXWS RI (see com.sun.xml.internal... in the client stacktrace), while you should be using the JBossWS / Apache CXF client. Please double check you're properly setting the classpath to have the jaxws provider from JBossWS-CXF resolved; consider setting the java.endorsed.dirs to a folder containing the jaxws 2.2 api jar and the jbossws-cxf-factories jar.

                1 of 1 people found this helpful
                • 5. Re: JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem
                  ju-sepul

                  thank you Alessio, i did what you told i included:

                   

                  1. cfx-api.jar
                  2. cfx-common-utilitites.jar
                  3. cfx-rt-core.jar
                  4. cfx-rt-frontend-jaxws.jar
                  5. cfx-rt-ws-security.jar
                  6. jaxws-api-2.2.jar
                  7. jbossws-cfx-client.jar
                  8. jbossws-cfx-factories.jar

                   

                  in the endorsed directory and run de wsclient with the jvm option -Djava.endorsed.dirs=$ENDORSED_DIR those libraries were included in JBossWS 4.0.2

                   

                  but it still not working, but the error has changed, google says that it could be a version problem, or a manifest folder problem, here is the output:

                   

                   

                  Exception in thread "main" java.lang.ExceptionInInitializerError
                      at org.apache.cxf.bus.extension.ExtensionManagerBus.<init>(ExtensionManagerBus.java:113)
                      at org.jboss.wsf.stack.cxf.client.configuration.JBossWSNonSpringBusFactory.createBus(JBossWSNonSpringBusFactory.java:61)
                      at org.apache.cxf.bus.CXFBusFactory.createBus(CXFBusFactory.java:36)
                      at org.apache.cxf.bus.CXFBusFactory.createBus(CXFBusFactory.java:32)
                      at org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory.createBus(JBossWSBusFactory.java:58)
                      at org.apache.cxf.BusFactory.getDefaultBus(BusFactory.java:98)
                      at org.apache.cxf.BusFactory.createThreadBus(BusFactory.java:164)
                      at org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:154)
                      at org.apache.cxf.BusFactory.getThreadDefaultBus(BusFactory.java:139)
                      at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:89)
                      at javax.xml.ws.Service.<init>(Service.java:92)
                      at javax.xml.ws.Service.create(Service.java:722)
                      at jboss.wsse.client.Client.sayHello(Client.java:38)
                      at jboss.wsse.client.Client.main(Client.java:28)
                  Caused by: java.lang.NullPointerException
                      at java.util.ResourceBundle.getBundle(ResourceBundle.java:950)
                      at org.apache.cxf.common.i18n.BundleUtils.getBundle(BundleUtils.java:80)
                      at org.apache.cxf.transport.DestinationFactoryManagerImpl.<clinit>(DestinationFactoryManagerImpl.java:41)
                      ... 14 more
                  Java Result: 1
                  

                   

                   

                  any idea? thank you

                  • 6. Re: JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem
                    asoldano

                    Juan, you also need the jbossws-cxf-server.jar, which is what contains the resource bundle that seems to be missing there.

                    This said, only jbossws-cxf-factories and jaxws-api-2.2 have to be in the endorsed dirs, the rest is to stay in the classpath but not endorsed.

                    • 7. Re: JBossWS 4.0.2 and AS 7.1.1 WS-Security Sign and Encrypt Test Problem
                      ju-sepul

                      Alessio,

                       

                      I have included de new library:

                       

                      1. first i test will all libraries in endorsed ibraries dir, and still throwing the same exception "Intializer Error".

                       

                      2. then i test putting the libraries not in the endorsed dir but in the runtime classpath and the client begin to throw "ClassNotFoundException" errors of classes that are

                      in the libraries.

                       

                      i am coping all libraries in endorsed dir cause is the unique way it seem to be working or will work. do you know another way to do number 2?

                       

                      but i still having the boundle error? any ohet idea?

                       

                       

                      thank you so much.