2 Replies Latest reply on Jul 15, 2016 3:36 AM by krokodylowy

Getting Subject not created exception - Jax-ws and ws-security using username token profile

ct_ram Jul 10, 2014 10:42 AM

I'm trying to add an username token profile to the existing jax-ws webservice. I'm following the steps provided in WS-Security - JBoss Web Services - Project Documentation Editor

I have defined the following as per the article.

* added username token policy to wsdl

* added the following to Webservice implementation java file

@EndpointConfig(configFile = "/WEB-INF/wsdl/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")

@InInterceptors(interceptors = {

"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor",

"com.proton.javaee.ws.security.POJOEndpointAuthorizationInterceptor"}

)

* my readRoles method in POJOEndpointAuthorizationInterceptor

private void readRoles()

{

//just an example, this might read from a configuration file or such

setGlobalRoles("ppgwuser");

}

* copied the jaxws-endpoint-config.xml to web-inf/wsdl directory

* added the JBossWS security domain entry reference in jboss-web.xml

* Here is the JBossWS definition in my standalone.xml; I also tried using default 'other' security domain.

<security-domain name="JBossWS" cache-type="default">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

<module-option name="unauthenticatedIdentity" value="anonymous"/>

</login-module>

</authentication>

</security-domain>

* I attached the list of jars I put in my web-inf/lib as an image file..

* Here is my server password callback

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class ServerPasswordCallback implements CallbackHandler {

private Map<String, String> passwords = new HashMap<String, String>();

public ServerPasswordCallback() {

passwords.put("user2", "test123!");

}

/**

* It attempts to get the password from the private

* alias/passwords map.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

for (int i = 0; i < callbacks.length; i++) {

WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

String pass = passwords.get(pc.getIdentifier());

if (pass != null) {

pc.setPassword(pass);

return;

}

/**

* Add an alias/password pair to the callback mechanism.

public void setAliasPassword(String alias, String password) {

passwords.put(alias, password);

}

* application-users.properties have

user2=20f39f473c93bd2e569698d098b702e4

* application-roles.properties have

user2=ppgwuser

* And the Exception

09:44:47,946 INFO [org.jboss.as.server.deployment] (MSC service thread 1-11) JBAS015876: Starting deployment of "PPGWEAR.ear" (runtime-name: "PPGWEAR.ear")

09:44:47,959 INFO [org.jboss.as.server.deployment] (MSC service thread 1-11) JBAS015876: Starting deployment of "null" (runtime-name: "PPGW.war")

09:44:49,715 INFO [org.jboss.ws.cxf.metadata] (MSC service thread 1-12) JBWS024061: Adding service endpoint metadata: id=PPGWPortType

address=http://myhost:8080/PPGW/PPGWPortType

implementor=com.proton.ws.PPGW.Impl.PPGWPortTypeImpl

serviceName={http://ws.proton.com/PPGW}PPGWService

portName={http://ws.proton.com/PPGW}PPGWSOAPPort

annotationWsdlLocation=/WEB-INF/wsdl/PPGWServer.wsdl

wsdlLocationOverride=null

mtomEnabled=false

09:44:49,763 INFO [org.apache.cxf.service.factory.ReflectionServiceFactoryBean] (MSC service thread 1-12) Creating Service {http://ws.proton.com/PPGW}PPGWService from WSDL: /WEB-INF/wsdl/PPGWServer.wsdl

09:44:49,927 INFO [org.apache.cxf.endpoint.ServerImpl] (MSC service thread 1-12) Setting the server's publish address to be http://myhost:8080/PPGW/PPGWPortType

09:44:50,419 INFO [org.jboss.ws.cxf.deployment] (MSC service thread 1-12) JBWS024074: WSDL published to: file:/C:/jboss-eap-6.2/standalone/data/wsdl/PPGWEAR.ear/PPGW.war/PPGWServer.wsdl

09:44:50,433 INFO [org.jboss.as.webservices] (MSC service thread 1-1) JBAS015539: Starting service jboss.ws.port-component-link

09:44:50,434 INFO [org.jboss.as.webservices] (MSC service thread 1-1) JBAS015539: Starting service jboss.ws.endpoint."PPGWEAR.ear"."PPGW.war".PPGWPortType

09:44:50,437 INFO [org.jboss.web] (ServerService Thread Pool -- 103) JBAS018210: Register web context: /PPGW

09:44:52,019 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018565: Replaced deployment "PPGWEAR.ear" with deployment "PPGWEAR.ear"

09:46:09,378 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/0.0.0.0:8080-3) Interceptor for {http://ws.proton.com/PPGW}PPGWService#{http://ws.proton.com/PPGW}PPGWStatusReport has thrown exception, unwinding now: java.lang.SecurityException: JBWS024057: Failed Authentication : Subject has not been created

at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:111)

at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.handleMessage(SubjectCreatingPolicyInterceptor.java:84)

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1]

at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1]

at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)

at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:92)

at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:143)

at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]

at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final-redhat-1.jar:2.2.2.Final-redhat-1]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_45]

Caused by: java.lang.SecurityException: JBWS024047: Authentication failed, principal=user2

at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreator.createSubject(SubjectCreator.java:98)

at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:107)

... 26 more

JBoss version: EAP 6.2 GA.

Am I missing something? Any help would be appreciated. Thanks.

Ram C

library.JPG 24.3 KB

1. Re: Getting Subject not created exception - Jax-ws and ws-security using username token profile

krokodylowy Jul 13, 2016 8:27 AM (in response to ct_ram)

Did you resolved this error?
Actions
2. Re: Getting Subject not created exception - Jax-ws and ws-security using username token profile

krokodylowy Jul 15, 2016 3:36 AM (in response to ct_ram)

Hi

Section "Authentication and authorization" in JBossWS documentation is outdated.
For WildFly10 with 'JBossWS - CXF 5.1.3.Final' correct information you can find in comments on page https://docs.jboss.org/author/display/WFLY10/WS-Security
Actions

Go to original post