Getting Subject not created exception - Jax-ws and ws-security using username token profile
ct_ram Jul 10, 2014 10:42 AMI'm trying to add an username token profile to the existing jax-ws webservice. I'm following the steps provided in WS-Security - JBoss Web Services - Project Documentation Editor
I have defined the following as per the article.
* added username token policy to wsdl
* added the following to Webservice implementation java file
@EndpointConfig
(configFile =
"/WEB-INF/wsdl/jaxws-endpoint-config.xml"
, configName =
"Custom WS-Security Endpoint"
)
@InInterceptors
(interceptors = {
"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"
,
"com.proton.javaee.ws.security.POJOEndpointAuthorizationInterceptor"
}
)
* my readRoles method in POJOEndpointAuthorizationInterceptor
private void readRoles()
{
//just an example, this might read from a configuration file or such
setGlobalRoles("ppgwuser");
}
* copied the jaxws-endpoint-config.xml to web-inf/wsdl directory
* added the JBossWS security domain entry reference in jboss-web.xml
* Here is the JBossWS definition in my standalone.xml; I also tried using default 'other' security domain.
<security-domain name="JBossWS" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="unauthenticatedIdentity" value="anonymous"/>
</login-module>
</authentication>
</security-domain>
* I attached the list of jars I put in my web-inf/lib as an image file..
* Here is my server password callback
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
private Map<String, String> passwords = new HashMap<String, String>();
public ServerPasswordCallback() {
passwords.put("user2", "test123!");
}
/**
* It attempts to get the password from the private
* alias/passwords map.
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
String pass = passwords.get(pc.getIdentifier());
if (pass != null) {
pc.setPassword(pass);
return;
}
}
}
/**
* Add an alias/password pair to the callback mechanism.
*/
public void setAliasPassword(String alias, String password) {
passwords.put(alias, password);
}
}
* application-users.properties have
user2=20f39f473c93bd2e569698d098b702e4
* application-roles.properties have
user2=ppgwuser
* And the Exception
09:44:47,946 INFO [org.jboss.as.server.deployment] (MSC service thread 1-11) JBAS015876: Starting deployment of "PPGWEAR.ear" (runtime-name: "PPGWEAR.ear")
09:44:47,959 INFO [org.jboss.as.server.deployment] (MSC service thread 1-11) JBAS015876: Starting deployment of "null" (runtime-name: "PPGW.war")
09:44:49,715 INFO [org.jboss.ws.cxf.metadata] (MSC service thread 1-12) JBWS024061: Adding service endpoint metadata: id=PPGWPortType
address=http://myhost:8080/PPGW/PPGWPortType
implementor=com.proton.ws.PPGW.Impl.PPGWPortTypeImpl
serviceName={http://ws.proton.com/PPGW}PPGWService
portName={http://ws.proton.com/PPGW}PPGWSOAPPort
annotationWsdlLocation=/WEB-INF/wsdl/PPGWServer.wsdl
wsdlLocationOverride=null
mtomEnabled=false
09:44:49,763 INFO [org.apache.cxf.service.factory.ReflectionServiceFactoryBean] (MSC service thread 1-12) Creating Service {http://ws.proton.com/PPGW}PPGWService from WSDL: /WEB-INF/wsdl/PPGWServer.wsdl
09:44:49,927 INFO [org.apache.cxf.endpoint.ServerImpl] (MSC service thread 1-12) Setting the server's publish address to be http://myhost:8080/PPGW/PPGWPortType
09:44:50,419 INFO [org.jboss.ws.cxf.deployment] (MSC service thread 1-12) JBWS024074: WSDL published to: file:/C:/jboss-eap-6.2/standalone/data/wsdl/PPGWEAR.ear/PPGW.war/PPGWServer.wsdl
09:44:50,433 INFO [org.jboss.as.webservices] (MSC service thread 1-1) JBAS015539: Starting service jboss.ws.port-component-link
09:44:50,434 INFO [org.jboss.as.webservices] (MSC service thread 1-1) JBAS015539: Starting service jboss.ws.endpoint."PPGWEAR.ear"."PPGW.war".PPGWPortType
09:44:50,437 INFO [org.jboss.web] (ServerService Thread Pool -- 103) JBAS018210: Register web context: /PPGW
09:44:52,019 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018565: Replaced deployment "PPGWEAR.ear" with deployment "PPGWEAR.ear"
09:46:09,378 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/0.0.0.0:8080-3) Interceptor for {http://ws.proton.com/PPGW}PPGWService#{http://ws.proton.com/PPGW}PPGWStatusReport has thrown exception, unwinding now: java.lang.SecurityException: JBWS024057: Failed Authentication : Subject has not been created
at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:111)
at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.handleMessage(SubjectCreatingPolicyInterceptor.java:84)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:92)
at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:143)
at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)
at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final-redhat-1.jar:2.2.2.Final-redhat-1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_45]
Caused by: java.lang.SecurityException: JBWS024047: Authentication failed, principal=user2
at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreator.createSubject(SubjectCreator.java:98)
at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:107)
... 26 more
JBoss version: EAP 6.2 GA.
Am I missing something? Any help would be appreciated. Thanks.
Ram C
-
library.JPG 24.3 KB