0 Replies Latest reply on Oct 23, 2012 2:01 PM by soulshunter

    JBoss 5.1 Cannot find security resource

    soulshunter

      Hi all,

       

      i'm re-writing an application developped for JBoss 4.3 fro a new environment in JBoss 5.1.

      In this application (EAR) we've a WAR with some Web Services with WS-Security and X509 Token.

      In the first environment (Jboss 4.3) my jboss-wsse-server.xml look as:

       

      {code:xml}

      <jboss-ws-security

         xmlns="http://www.jboss.com/ws-security/config"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://www.jboss.com/ws-security/config

                                                           http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

       

                 <!-- PRODUCTION    -->

          <key-store-file>/mydirectory/keystore/server.keystore</key-store-file>

          <key-store-password>xxx</key-store-password>

          <key-store-type>jks</key-store-type>

          <trust-store-file>/mydirectory/keystore/server.truststore</trust-store-file>

          <trust-store-password>xxx</trust-store-password>

          <trust-store-type>jks</trust-store-type>

       

          <!-- timestamp tolerance -->

          <timestamp-verification createdTolerance="600" warnCreated="true" expiresTolerance="600" warnExpires="true" />

       

          <config>

              <!-- <timestamp ttl="1000"/>  -->

              <sign type="x509v3" alias="server" />

       

              <requires>

                  <signature/>

              </requires>

              <authenticate>

                  <signatureCertAuth certificatePrincipal="com.examples.service.jbossws.MyCertificatePrincipal"/>

              </authenticate>

          </config>

      </jboss-ws-security>

      {code}

       

      And my Jboss-service.xml as:

       

      {code:xml}

      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"

             name="jboss.security:service=SanferSecurityDomain">

          <constructor>

           <arg type="java.lang.String" value="SanferWSCert"/>

          </constructor>

          <attribute name="KeyStoreURL">/mydirectory/keystore/server.keystore</attribute>

          <attribute name="KeyStorePass">xxx</attribute>

          <attribute name="KeyStoreType">jks</attribute>

          <depends>jboss.security:service=JaasSecurityManager</depends>

        </mbean>

       

        <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"

          name="whatever:service=SanferLogin">

          <attribute name="AuthConfig">my-login-config.xml</attribute>

          <depends optional-attribute-name="LoginConfigService">

            jboss.security:service=XMLLoginConfig</depends>

          <depends optional-attribute-name="SecurityManagerService">

            jboss.security:service=JaasSecurityManager</depends>

        </mbean>

      </server>

      {code}

       

      I highlighted in red the absolute path of my keystore and truststore.

       

      When i deploy this EAR in Jboss 4.3 everything it's ok, but in Jboss 5.1 i've the error message above:

       

      {code}

      Caused by: org.jboss.ws.WSException: Cannot find required security resource: /mydirectory/keystore/server.keystore

                at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.getResource(WSSecurityConfigFactory.java:114)

                at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.initKeystorePath(WSSecurityConfigFactory.java:89)

                at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.createConfiguration(WSSecurityConfigFactory.java:72)

                at org.jboss.ws.metadata.builder.jaxws.JAXWSWebServiceMetaDataBuilder.buildWebServiceMetaData(JAXWSWebServiceMetaDataBuilder.java:132)

                at org.jboss.ws.metadata.builder.jaxws.JAXWSServerMetaDataBuilder.setupProviderOrWebService(JAXWSServerMetaDataBuilder.java:52)

                at org.jboss.ws.metadata.builder.jaxws.JAXWSMetaDataBuilderJSE.buildMetaData(JAXWSMetaDataBuilderJSE.java:61)

                at org.jboss.wsf.stack.jbws.UnifiedMetaDataDeploymentAspect.start(UnifiedMetaDataDeploymentAspect.java:64)

                at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:129)

                at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:76)

                at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)

                at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:55)

                at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179)

                ... 30 more

      {code}

      The WSSecurityConfig can't locate the keystore from the absolute path, but the JaasSecurityDomain however locate it.

       

      I've tried another different way putting the Keystore and Trustore inside the WEB-INF folder of WAR, and i've a similar scenario.

      In this case the WSSecurityConfig locate the Kesytsore/Trustore but the JaasSecurityDomain throw the error "Can't locate resource: WEB-INF/server.keystore".

       

      I think i've some Deployment issue, can you help me to fix it?

       

      Thanks for the help.