Question about wildfly CertificateRoles configuration?
aupres Nov 17, 2014 7:07 AMThis is my wildfly sample CertificateRoles configuration but it throws exception.
> keytool -genkey -alias server -keyalg RSA –keystore server.jks
....
CN=Joseph Hwang, OU=DEP, O=my home, L=Seoul, ST=Seoul, C=KR이(가) 맞습니까?
[아니오]: y
> keytool -genkey -alias client -keyalg RSA -keystore client.jks
...
CN=Jina Kim, OU=DEP, O=my home, L=Seoul, ST=Seoul, C=KR이(가) 맞습니까?
[아니오]: y
> keytool -export –file server.cert -keystore server.jks -storepass password -alias server
> keytool -export –file client.cert -keystore client.jks -storepass password -alias client
> keytool -import –file client.cert -keystore server.jks -storepass password -alias client
> keytool -import –file server.cert -keystore client.jks -storepass password -alias server
All key generation process works well. And I create security-realm and security domain in wildfly standalone.xml file like below :
...
<security-realm name="CertRequiredRealm">
<authentication>
<truststore path="${jboss.server.config.dir}/client.jks" keystore-password="password"/>
</authentication>
</security-realm>
</security-realms>
.....
<security-domain name="my_secure_domain" cache-type="default">
<authentication>
<login-module code="CertificateRoles" flag="required">
<module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
<module-option name="usersProperties" value="${jboss.server.config.dir}/sample-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/sample-roles.properties"/>
</login-module>
</authentication>
<jsse keystore-password="password" keystore-url="file:/${jboss.server.config.dir}/client.jks" truststore-password="password" truststore-url="file:/${jboss.server.config.dir}/server.jks" server-alias="server" protocols="TLS"/>
</security-domain>
</security-domains>
=== sample-users.properties
admin=password
=== sample-roles.properties
CN\=Jina\ Kim,\ OU\=DEP,\ O\=my\ home,\ L\=Seoul,\ ST\=Seoul,\ C\=KR=administrator
In eclipse ide I create dynamic web project including jboss-web.xml and web.xml which conatin following codes :
=== jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/my_secure_domain</security-domain>
</jboss-web>
=== web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>administrator</role-name>
</security-role>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>CertRequiredRealm</realm-name>
</login-config>
</web-app>
And I finally make client codes
public class SOAPClient {
private final String serviceURL = "http://localhost:8080/SOAPSecureWeb/HelloWorld";
private IHelloWorld port;
public SOAPClient() {
try {
QName serviceName = new QName("http://soap.aaa.com/", "HelloWorldService");
URL wsdlURL = new URL(serviceURL + "?wsdl");
Service service = Service.create(wsdlURL, serviceName);
port = (IHelloWorld) service.getPort(IHelloWorld.class);
...
But the client codes throws exception.
javax.xml.ws.WebServiceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:151)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:101)
at javax.xml.ws.Service.<init>(Unknown Source)
at javax.xml.ws.Service.create(Unknown Source)
at com.aaa.soap.SOAPClient.<init>(SOAPClient.java:23)
at com.aaa.soap.SOAPClient.main(SOAPClient.java:43)
Caused by: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:100)
at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:204)
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:149)
... 5 more
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'http://localhost:8080/SOAPSecureWeb/HelloWorld?wsdl'.: java.io.IOException: Server returned HTTP response code: 403 for URL: http://localhost:8080/SOAPSecureWeb/HelloWorld?wsdl
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:263)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:206)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:98)
... 7 more
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: http://localhost:8080/SOAPSecureWeb/HelloWorld?wsdl
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)
... 12 more
It seems there are some problems in my wildfly CertificateRoles configuration. However I have no idea what is my mis-configuration.
Your help will be deeply appreciated. Thanks