2 Replies Latest reply on Oct 9, 2007 10:16 AM by Luis Fonseca

    Dispatch + wssecurity

    Luis Fonseca Newbie

      Hi,

      I'm having a bit of trouble figuring this out - I'm trying to create a simple standalone dispatch for communication with an already set up webservice. I got everything working as expected if I use no security system - the problem arises when trying to invoke a request message involving an WSSecurityHandlerClient, resulting in a:

      javax.xml.ws.soap.SOAPFaultException: org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing.
       at org.jboss.ws.core.jaxws.client.DispatchSOAPBinding.getReturnObject(DispatchSOAPBinding.java:165)
       at org.jboss.ws.core.jaxws.client.DispatchImpl.getReturnObject(DispatchImpl.java:290)
       at org.jboss.ws.core.jaxws.client.DispatchImpl.invokeInternal(DispatchImpl.java:141)
       at org.jboss.ws.core.jaxws.client.DispatchImpl.invoke(DispatchImpl.java:102)
      


      The server looks all good, and is expecting security information (encryption) which for some reason the client isn't sending.

      In my client, I have:

      ...
      System.setProperty("org.jboss.ws.wsse.keyStore", [...]);
      System.setProperty("org.jboss.ws.wsse.keyStorePassword", [...]);
      System.setProperty("org.jboss.ws.wsse.trustStore", [...]);
      System.setProperty("org.jboss.ws.wsse.trustStorePassword", [...]);
      
      URL serverURL = new URL(store.getString(PreferenceConstants.SERVER_URL));
      URL serviceURL = new URL(serverURL, "services/testService");
      
      service = new TestService(TestClient.class.getClassLoader().getResource("META-INF/TestService.wsdl"), new QName(namespace, "TestService"));
      port = service.getTestPort();
      
      BindingProvider bindingProvider = (BindingProvider) port;
      List<Handler> handlerChain = new ArrayList<Handler>();
      handlerChain.add(new WSSecurityHandlerClient());
      bindingProvider.getBinding().setHandlerChain(handlerChain);
      
      Map<String, Object> reqContext = bindingProvider.getRequestContext();
       reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceURL.toString());
      reqContext.put(BindingProvider.USERNAME_PROPERTY, SecurityService.instance().getID());
      reqContext.put(BindingProvider.PASSWORD_PROPERTY, "");
      
      
      dispatch = service.createDispatch(new QName(namespace, "TestPort"), StreamSource.class, Mode.PAYLOAD);
      dispatch.getBinding().setHandlerChain(handlerChain);
      
      StreamSource response = dispatch.invoke(new StreamSource(new StringReader(request))); //request is a simple payload string
      



      META-INF/jboss-wsse-client.xml

      <jboss-ws-security
       xmlns="http://www.jboss.com/ws-security/config"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
      
       <config>
       <username/>
       <encrypt type="x509v3" alias="key"/>
       <requires>
       <encryption/>
       </requires>
       </config>
      </jboss-ws-security>
      


      META-INF/standard-jaxws-client-config.xml

      <jaxws-config xmlns="urn:jboss:jaxws-config:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
       xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
      
       <client-config>
       <config-name>Standard WSSecurity Client</config-name>
       <post-handler-chains>
       <javaee:handler-chain>
       <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
       <javaee:handler>
       <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
       <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
       </javaee:handler>
       </javaee:handler-chain>
       </post-handler-chains>
       </client-config>
      
      </jaxws-config>
      


      Am I wrong to assume dispatch.invoke is responsible for appending the security tags in my message?

      Any help is appreciated.