0 Replies Latest reply on Sep 30, 2015 8:28 AM by mougli

    Wildfly 8.2 and SOAP web service secured with client-cert - sending files

    mougli
    mougli Sep 30, 2015 8:28 AM

      SERVER: I have a SOAP Web service. Some of the methods of a web service handle receiving and saving files to db. The web service requires that it it called with a client-cert for authentication. The authentication is resolved by a custom login module.

       

      @Stateless
      @WebService
      @MTOM(enabled = true)
      @WebContext(authMethod = "CLIENT-CERT", secureWSDLAccess = false,
      transportGuarantee       = "CONFIDENTIAL")
      @RolesAllowed("meo_ws")
      public class EDVWs implements IEDVWS
      {
      ...


      CLIENT: I created a unit tests which calls the WS. Before I secured the web service (HTTPS + client-cert) I was able to call all of its methods from tests. I then added the security and am still able to call the services that do not handle files. When I try to send the files to services, I get an 403 Forbidden error. I do not get that error for small files (less than 1MB).

       

      Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '403: Forbidden' when communicating with https://localhost:8443/Jedro-EDV/EDVWs
      at org      .apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1577)
      at org      .apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1532)
      at org      .apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
      at org      .apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
      at org      .apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:652)
      at org      .apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
      ... 33 more

       

      The weird thing is that if I add file to the call it is rejected even before it gets into login module. I tried to set max-post-size but with no luck.


      <https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm" max-post-size="52428800"/>


      CLIENT CONFIGURATION:


      public static void initServicePort(String endpoint, URL wsdlLocation)
      {
               TLSClientParameters tlsClientParameters = initTLSClientParameters();

        service       = new EDVWsService(wsdlLocation);
        edvWs       = service.getEDVWsPort();
               BindingProvider bp = (BindingProvider) edvWs;
               SOAPBinding binding = (SOAPBinding) bp.getBinding();
        binding      .setMTOMEnabled(true);

        log      .debug("Success!");

        configureClient      (tlsClientParameters, ClientProxy.getClient(edvWs));
      }

      private static void configureClient(TLSClientParameters tlsClientParameters, Client client)
      {
               HTTPConduit http = (HTTPConduit) client.getConduit();
        http      .setTlsClientParameters(tlsClientParameters);

               HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
        httpClientPolicy      .setConnectionTimeout(new Long(30000));
        httpClientPolicy      .setReceiveTimeout(new Long(30000));
        http      .setClient(httpClientPolicy);
      }

       

      And this is how I set the data to SOAP request

      File file = new File(TestConstants.EDV_UPLOAD_DIR + d.getNazivDokumenta());

       

              DataHandler dh = new DataHandler(new FileDataSource(file));

              dokument.setPodatki(dh);