12 Replies Latest reply on May 28, 2013 8:41 AM by asoldano

My ws-security setting doesn't work.

aupres May 16, 2013 4:22 AM

My WS-security reference site is https://docs.jboss.org/author/display/JBWS/WS-Security.

I coded interface and bean like below :

@WebService
public interface IHelloPort {

@WebMethod
@WebResult
public String sayHello(@WebParam String name);
}

@WebService
@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
public class HelloBean implements IHelloPort {

@Override
@WebMethod
@WebResult
public String sayHello(@WebParam String name) {
// TODO Auto-generated method stub
return "Hello " + name;
}

}

Then I generated WEB-INF/jaxws-endpoint-config.xml

<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

<endpoint-config>
   <config-name>Custom WS-Security Endpoint</config-name>
   <property>
    <property-name>ws-security.signature.properties</property-name>
    <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>
   </property>

   <property>
    <property-name>ws-security.encryption.properties</property-name>
    <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>
   </property>

   <property>
    <property-name>ws-security.signature.username</property-name>
    <property-value>joseph</property-value>
   </property>

   <property>
    <property-name>ws-security.encryption.username</property-name>
    <property-value>joseph</property-value>
   </property>

   <property>
    <property-name>ws-security.callback-handler</property-name>
    <property-value>com.aaa.ws.KeystorePasswordCallback</property-value>
   </property>
</endpoint-config>
</jaxws-config>

Next I made ${jboss.server.config.dir}/wssecurity.properties and KeystorePasswordCallback.java like below

-- wssecurity.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=111111

org.apache.ws.security.crypto.merlin.keystore.alias=testWSssl

org.apache.ws.security.crypto.merlin.keystore.file=${jboss.server.config.dir}/jboss7ssl.jks

-- KeystorePasswordCallback.java

public class KeystorePasswordCallback implements CallbackHandler {

private Map<String, String> passwords = new HashMap<String, String>();

public KeystorePasswordCallback() {
passwords.put("joseph", "11111");

}

@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
// TODO Auto-generated method stub
   for (int i = 0; i < callbacks.length; i++) {
    WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
    String pass = passwords.get(pc.getIdentifier());

   if (pass != null) {
     pc.setPassword(pass);
     return;
   }
}
}

public void setAliasPassword(String alias, String password) {
passwords.put(alias, password);
}

}

Last I generated jboss7ssl.jks file with keytool command

keytool -genkey -alias testWSssl -keystore jboss7ssl.jks -keyalg RSA -validity 180

Deployment threw no exception. But WS-security encryption was not applied to wsdl. Generated soap file was just plain xml file.

WS-security encryption setting doesn't work. Did i miss anything?

I need your advice. Thanks in advanced !

1. Re: My ws-security setting doesn't work.

nickarls May 17, 2013 5:06 AM (in response to aupres)

Are you following https://docs.jboss.org/author/display/JBWS/WS-Security ? Have you tried making a typo in the xml to make sure it's being picked up?
Actions
2. Re: My ws-security setting doesn't work.

aupres May 17, 2013 8:38 AM (in response to nickarls)

Thanks for reply, Nicklas. I using Eclipse Juno and jboss 7.1.1
As you told, I made a typo in WEB-INF/jaxws-endpoint-config.xml and it is invoked well.(It threw exception)
But wssecurity.properties file seemed not to be picked.

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=111111
org.apache.ws.security.crypto.merlin.keystore.alias=testWSssl
org.apache.ws.security.crypto.merlin.keystore.file=${jboss.server.config.dir}/jboss7ssl.jks
Oops! (typo)

I think there is a problem on these lines of jaxws-endpoint-config.xml

<property>
   <property-name>ws-security.signature.properties</property-name>
   <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>
</property>

<property>
   <property-name>ws-security.encryption.properties</property-name>
   <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>
</property>

Any idea? Thanks in advanced!
Actions
3. Re: My ws-security setting doesn't work.

nickarls May 17, 2013 9:01 AM (in response to aupres)

Are they picked up if you hardcode the file locations?
Actions
4. Re: My ws-security setting doesn't work.

aupres May 19, 2013 11:28 PM (in response to nickarls)

I made a typo in jaxws-endpoint-config.xml like below :

<property>
   <property-name>oops!---ws-security.signature.properties</property-name>
   <property-value>WEB-INF/wssecurity.properties</property-value>
</property>

<property>
   <property-name>oops!--ws-security.encryption.properties</property-name>
   <property-value>WEB-INF/wssecurity.properties</property-value>
</property>

But the deployment was successful.
The value of property-name element is just a string but calls nothing. I think jaxws-endpoint-config.xml file does not recognize 'property-name' elements.
So i coded like this

@WebService(
...
)
@EndpointProperties(value = {
   @EndpointProperty(key = "ws-security.signature.properties", value = "WEB-INF/ws-security.properties"),
   @EndpointProperty(key = "ws-security.encryption.properties", value = "WEB-INF/ws-security.properties"),
   @EndpointProperty(key = "ws-security.signature.username", value = "joseph"),
   @EndpointProperty(key = "ws-security.encryption.username", value = "joseph"),
   @EndpointProperty(key = "ws-security.callback-handler", value = "com.aaa.KeystorePasswordCallback")
   }
)
HelloBean implements IHelloPort {
...
}

But the same results. How can I make my bean file pick up wssecurity.properties files?
I need your advice, desperately!
Actions
5. Re: My ws-security setting doesn't work.

nickarls May 20, 2013 2:00 AM (in response to aupres)

Where is the properties file in the final WAR? In classes root?
Actions
6. Re: My ws-security setting doesn't work.

aupres May 20, 2013 3:26 AM (in response to nickarls)

The properties file in WEB-INF folder of final WAR. And I copy this properties file in classes root, too But the same result...
Nicklas! I found endpoint-config element in standalone.xml like below :

<subsystem xmlns="urn:jboss:domain:webservices:1.1">
            <modify-wsdl-address>true</modify-wsdl-address>
            <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
            <endpoint-config name="Standard-Endpoint-Config"/>
            <endpoint-config name="Recording-Endpoint-Config">
                <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
                    <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
                </pre-handler-chain>
            </endpoint-config>
</subsystem>

Is there any editing of this element?
Actions
7. Re: My ws-security setting doesn't work.

nickarls May 20, 2013 3:40 AM (in response to aupres)

Sure you can edit if you want but those are global settings and you are probably looking to override those(?)
Actions
8. Re: My ws-security setting doesn't work.

aupres May 20, 2013 4:33 AM (in response to nickarls)

My problem is that 'property-name' and 'property-value' element of jaxws-endpoint-config.xml do nothing. In my WAR project those elements are just a set of string, nothing..

<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
<endpoint-config>
   <config-name>Custom WS-Security Endpoint</config-name>
      <property>
         <property-name>ws-security.signature.properties</property-name> =>can't be recognized and invoked.
         <property-value>WEB-INF/wssecurity.properties</property-value> =>can't be recognized and invoked.
      </property>

      <property>
         <property-name>ws-security.encryption.properties</property-name>
         <property-value>WEB-INF/wssecurity.properties</property-value>
     </property>

I don't know why. Any idea? Nicklas!
Actions
9. Re: My ws-security setting doesn't work.

nickarls May 21, 2013 2:36 AM (in response to aupres)

Can you pick them up programmatically like in

https://docs.jboss.org/author/display/JBWS/Predefined+client+and+endpoint+configurations (Client Configuration Assignment)?

And you are really, really sure that the properties file is included in the final WAR at the chosen location?
Actions
10. Re: My ws-security setting doesn't work.

aupres May 21, 2013 3:05 AM (in response to nickarls)

I put the properties file in all possible localtion. See my attached image. But same result.
In JBoss 5, I used @EndpointConfig(configName="Standard WSSecurity Endpoint") annotation and set its properties in jboss-wsse-server.xml as you know.

I think I have to do somthing with below elements in standalone.xml of jboss 7.

<subsystem xmlns="urn:jboss:domain:webservices:1.1">
   <modify-wsdl-address>true</modify-wsdl-address>
   <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
   <endpoint-config name="Standard-Endpoint-Config"/>
   <endpoint-config name="Recording-Endpoint-Config">
      <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
         <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
      </pre-handler-chain>
   </endpoint-config>
</subsystem>

I think there is another endpoint-config name related to ws-security and i can set ws-security properties like jboss-wsse-server.xml of jboss 5.
Am i right? If i am, pls, inform me of any doc or referenece site.

Thank you for your reply.
Actions
11. Re: My ws-security setting doesn't work.

nickarls May 21, 2013 3:45 AM (in response to aupres)

I'll see if I can catch Alessio Soldano on IRC
Actions
12. Re: My ws-security setting doesn't work.

asoldano May 28, 2013 8:41 AM (in response to nickarls)

Nicklas, thanks for the help. Joseph, please consider having a look at the jbossws-cxf 4.1.1 binary distribution (you can download it at http://www.jboss.org/jbossws/downloads ) and in particular at its samples. Look at the wsse/policy ones, there're many test deployment using ws-security policy. Build the samples by running the testsuite and have a look at the test jar/war archives.
Generally speaking, the endpoint-config configuration in standalone.xml are system wide configurations and you can't expect to reference deployment descriptors from that.
1 of 1 people found this helpful
Actions

Go to original post