Webservice migration from JBossws Native 3.0.4 (JBoss 4.2.3)
eduardo.mello.cantu Mar 25, 2013 2:38 PMI have a Webservice deployed under JBossws native 3.0.4 (JBoss AS 4.2.3) and now I need to migrate it to JBoss AS 7.2.
The service authentication relies on WS Security in order to assert username, password and signing.
After changing packages, configuration files, etc, my service keep complaining about some security policies, such as HttpsToken, TransportToken, IncludeTimestamp, etc. In the previous version (the one on ws native 3.0.4) everithing was working accordingly (the client code was made using jbossws native 3.0.4).
Here's my standard-jaxws-endpoint-config.xml:
<endpoint-config> <config-name>WSSecurity Endpoint</config-name> <property> <property-name>ws-security.validate.token</property-name> <property-value>false</property-value> </property> <property> <property-name>ws-security.signature.username</property-name> <property-value>server</property-value> </property> <property> <property-name>ws-security.signature.properties</property-name> <property-value>META-INF/ws.properties</property-value> </property> <property> <property-name>ws-security.encryption.properties</property-name> <property-value>META-INF/ws.properties</property-value> </property> <post-handler-chains> <javaee:handler-chain> <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP_MTOM</javaee:protocol-bindings> </javaee:handler-chain> </post-handler-chains> </endpoint-config> </jaxws-config>
Here's my ws.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=changeit org.apache.ws.security.crypto.merlin.keystore.file=META-INF/ws.keystore org.apache.ws.security.crypto.merlin.keystore.alias=server org.apache.ws.security.crypto.merlin.truststore.type=jks org.apache.ws.security.crypto.merlin.truststore.password=changeit org.apache.ws.security.crypto.merlin.truststore.file=META-INF/ws.truststore
Here's my stack:
14:13:24,774 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-localhost/127.0.0.1:8080-1) Interceptor for {urn:SecureWS}SecureWSImplService#{urn:SecureWS}listFiles has thrown exception, unwinding now: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportBinding: TLS is not enabled {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}TransportToken {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IncludeTimestamp {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedEndorsingSupportingTokens: The received token does not match the signed endorsing supporting token requirement at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:167) [cxf-rt-ws-policy-2.6.6.jar:2.6.6] at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:101) [cxf-rt-ws-policy-2.6.6.jar:2.6.6] at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) [cxf-rt-ws-policy-2.6.6.jar:2.6.6] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [cxf-api-2.6.6.jar:2.6.6] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.6.6.jar:2.6.6] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) [cxf-rt-transports-http-2.6.6.jar:2.6.6] at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95) [jbossws-cxf-server-4.1.3.Final.jar:4.1.3.Final] at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156) [jbossws-cxf-server-4.1.3.Final.jar:4.1.3.Final] at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) [jbossws-cxf-server-4.1.3.Final.jar:4.1.3.Final] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:225) [cxf-rt-transports-http-2.6.6.jar:2.6.6] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:145) [cxf-rt-transports-http-2.6.6.jar:2.6.6] at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final] at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) [jbossws-cxf-server-4.1.3.Final.jar:4.1.3.Final] at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.1.1.Final.jar:2.1.1.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_14]
Thanks!