Wildfly 8.2 and SOAP web service secured with client-cert - sending files
mougli Sep 30, 2015 8:28 AMSERVER: I have a SOAP Web service. Some of the methods of a web service handle receiving and saving files to db. The web service requires that it it called with a client-cert for authentication. The authentication is resolved by a custom login module.
@Stateless
@WebService
@MTOM(enabled = true)
@WebContext(authMethod = "CLIENT-CERT", secureWSDLAccess = false,
transportGuarantee = "CONFIDENTIAL")
@RolesAllowed("meo_ws")
public class EDVWs implements IEDVWS
{
...
CLIENT: I created a unit tests which calls the WS. Before I secured the web service (HTTPS + client-cert) I was able to call all of its methods from tests. I then added the security and am still able to call the services that do not handle files. When I try to send the files to services, I get an 403 Forbidden error. I do not get that error for small files (less than 1MB).
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '403: Forbidden' when communicating with https://localhost:8443/Jedro-EDV/EDVWs
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1577)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1532)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:652)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
... 33 more
The weird thing is that if I add file to the call it is rejected even before it gets into login module. I tried to set max-post-size but with no luck.
<https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm" max-post-size="52428800"/>
CLIENT CONFIGURATION:
public static void initServicePort(String endpoint, URL wsdlLocation)
{
TLSClientParameters tlsClientParameters = initTLSClientParameters();
service = new EDVWsService(wsdlLocation);
edvWs = service.getEDVWsPort();
BindingProvider bp = (BindingProvider) edvWs;
SOAPBinding binding = (SOAPBinding) bp.getBinding();
binding.setMTOMEnabled(true);
log.debug("Success!");
configureClient(tlsClientParameters, ClientProxy.getClient(edvWs));
}
private static void configureClient(TLSClientParameters tlsClientParameters, Client client)
{
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsClientParameters);
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(new Long(30000));
httpClientPolicy.setReceiveTimeout(new Long(30000));
http.setClient(httpClientPolicy);
}
And this is how I set the data to SOAP request
File file = new File(TestConstants.EDV_UPLOAD_DIR + d.getNazivDokumenta());
DataHandler dh = new DataHandler(new FileDataSource(file));
dokument.setPodatki(dh);