0 Replies Latest reply on Jan 13, 2006 3:49 PM by Kyle Duncan

    WSSecurity - need EJB to be invoked by WSCompile-Tie so Secu

    Kyle Duncan Newbie

      I am trying to modify an existing web service to use WSSecurity
      features. My problem is that my previous setup did not use WSCompile
      generated stubs and ties to communicate, and it is these stubs and
      ties which call the security environment handler if a security
      configuration file is given to WSCompile. I have changed the client to
      use a stub to call the WS and the security environment handler is
      invoked, but I can't figure out how to get the server side to use the
      WSCompile generated Tie.

      My original setup was as follows:

      I supplied a hand written WSDL and schemas,a webservices.xml, and a
      configuration file, and used WSCompile with import="true" to import
      the WSDL and generate java classes for the XML types. I wrote an EJB
      with XDoclet annotations specifying the EJB as the endpoint for the
      service. I then used XDoclet to generate type mappings, an ejb-jar.xml
      file, and a jboss.xml file. These were bundled in an ejb-jar and
      deployed on JBoss 4.0.2.

      Clients contacted the webservice by using a ServiceFactory to look up
      the service endpoint, as opposed to a WSCompile generated stub.

      Intending to encrypt and sign traffic belonging to this WS, I added
      a security environment handler, and added the -secure option to my
      WSCompile ant task, and gave WSCompile a security configuration file
      from JWSDP 1.6 (slightly modified to point to my security handler).

      After some digging around in JWSDP 1.6 code and comparing it to my
      own, I discovered that WSCompile does nothing with the security option
      unless you tell it to generate the client or server side artifacts. A
      second run of WSCompile with client="true" generates a stub class
      which uses the security environment handler, and calling this stub
      from a client will successfully use the handler to perform the
      requested security operations (at first I just used dumptraffic="true"
      and no encryption or signing). This message is successfully received
      by my EJB, and the traffic on the client side is dumped, as desired.

      Hopeful that getting the server side to use the security handler would
      be as simple, I ran WSCompile with server="true" to generate a Tie
      class that uses the security handler. Bundling the newly generated
      classes and the security environment handler into the ejb-jar file and
      deploying the webservices, I find the Tie is not invoked. The messages
      are still arriving at my EJB the same way they were before - a JNDI
      lookup facilitated by XDoclet's generated files and my

      What I need is a way to force my webservice traffic to be directed to
      my EJB via the Tie (I gather this is the way things usually work when
      WSDeploy is used to deploy a web service in a WAR), but I need to
      deploy as an ejb-jar from within an EAR.

      Any help would be most appreciated. Especially information regarding
      1. how my EJB is actually serializing/deserializing data and receiving
      messages without the help of WSCompile's Tie and generated
      de/serializers (my understanding here is fuzzy, just that somehow JNDI
      is involved), and 2. how other webservices deploy EJBs that are
      invoked by WSCompile generated Ties.

      -Kyle Duncan