1 Reply Latest reply on Mar 21, 2008 12:19 PM by Alessio Soldano

    Yet another WS-Security question ...

    Vinicius Carvalho Apprentice

      Hello there! I'm using JBoss 4.2.1.GA with JBoss WS

      Before one can point, I've already read:

      http://jbws.dyndns.org/mediawiki/index.php?title=User_Guide#WS-Security
      http://www.jboss.com/index.html?module=bb&op=viewtopic&t=105580&postdays=0&postorder=asc&start=10
      http://jbws.dyndns.org/mediawiki/index.php?title=WS-Security_options
      http://www.jboss.org/index.html?module=bb&op=viewtopic&t=94406&postdays=0&postorder=asc&start=10

      Although those really helped me getting things started, I could not get security running.

      I have 2 services that need to have an encryption/sign options. I decided to do this using certificates.

      One of the services, is a pure JSR-189 WS:

      @Stateless(name="CSMQueryService")
      @WebService(serviceName="CSMQueryService",targetNamespace="http://www.synos.com.br/CSM/definitions")
      @SOAPBinding(use = SOAPBinding.Use.LITERAL, style = SOAPBinding.Style.DOCUMENT)
      @WebContext(contextRoot="/csm/services",urlPattern="/CSMQueryService")
      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      @HandlerChain(file="resource://META-INF/ServerHandler.xml")
      public class CSMQueryServiceImpl implements CSMQueryService
      
      


      The other, is a bit trick since I've implemented the WSDL from a top-down approach, and it was hand created. But, I can't get even this one working :(

      I have a jar, with jboss-wsse-server.xml, ServerHandler, csm.keystore, csm.truststore inside its META-INF dir.

      During deployment, there's no error, neither warning on the console. But, when I access the service's WSDL I was hoping to find some ws-security related stuff in there, but there was none, this was my first concern.

      So I tried to access it using SOAPUI (I'll not try to run tests using jboss ws clients, since this service will be accessed using other languages like .net). Well, I did not set the certificate on SOAPUI on purpose, but I was expecting an error like "Not allowed", instead, a nullpointer was thrown:

      2008-03-10 17:34:05,463 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerResolverImpl] getHandlerChain: [type=POST,info=[service={http://www.synos.com.br/CSM/definitions}CSMQueryService,port={http://www.synos.com.br/CSM/definitions}CSMQueryServiceImplPort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
      2008-03-10 17:34:05,464 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Create a handler executor: [WSSecurity Handler]
      2008-03-10 17:34:05,464 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Enter: handleIn BoundMessage
      2008-03-10 17:34:05,470 ERROR [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exception during handler processing
      java.lang.NullPointerException
       at org.jboss.ws.extensions.security.Util.matchNode(Util.java:188)
       at org.jboss.ws.extensions.security.Util.matchNode(Util.java:183)
       at org.jboss.ws.extensions.security.Util.findElement(Util.java:89)
       at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:114)
       at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
       at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
       at org.jboss.wsf.spi.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
       at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
       at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
       at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
       at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:115)
       at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:159)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:396)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:260)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:177)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
       at org.jboss.wsf.spi.invocation.EndpointServlet.service(EndpointServlet.java:72)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:595)
      2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exit: handleIn BoundMessage with status: false
      2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.jaxws.handler.MessageContextJAXWS] Begin response processing
      2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.soap.MessageContextAssociation] popMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@1e7879f (Thread http-127.0.0.1-8080-1)
      2008-03-10 17:34:05,481 DEBUG [org.jboss.ws.core.soap.MessageContextAssociation] pushMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@4fe915 (Thread http-127.0.0.1-8080-1)
      2008-03-10 17:34:05,484 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
      javax.xml.ws.WebServiceException: java.lang.NullPointerException
       at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFailure(HandlerChainExecutor.java:276)
       at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:155)
       at org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS.callRequestHandlerChain(HandlerDelegateJAXWS.java:87)
       at org.jboss.ws.core.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:115)
       at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:159)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:396)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:260)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:177)
       at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
       at org.jboss.wsf.spi.invocation.EndpointServlet.service(EndpointServlet.java:72)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: java.lang.NullPointerException
       at org.jboss.ws.extensions.security.Util.matchNode(Util.java:188)
       at org.jboss.ws.extensions.security.Util.matchNode(Util.java:183)
       at org.jboss.ws.extensions.security.Util.findElement(Util.java:89)
       at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:114)
       at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:78)
       at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41)
       at org.jboss.wsf.spi.jaxws.handler.GenericHandler.handleMessage(GenericHandler.java:55)
       at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:295)
       at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(HandlerChainExecutor.java:140)
       ... 27 more
      2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] Cannot obtain fault meta data for: class javax.xml.ws.WebServiceException
      2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callFaultHandlerChain: PRE
      2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callFaultHandlerChain: ENDPOINT
      2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerDelegateJAXWS] callFaultHandlerChain: POST
      2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Enter: handleOutBoundFault
      2008-03-10 17:34:05,503 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Exit: handleOutBoundFault with status: true
      


      It is my first time using WS-Sec on jbossws. I have used it before on glassfish. And the provider added few stuff on the WSDL to let the client know about the extensions to the WSDL.

      I believe that my questions are:

      1st: Does jbossws add this meta-data inside the secured service?
      2nd: How do I get it running?

      Regards[/url]

        • 1. Re: Yet another WS-Security question ...
          Alessio Soldano Master

          Hi,
          regarding your first concern, i.e. nothing related to ws-security in the wsdl, that's right since we currently support ws-security only, not ws-security policy, thus even if the security processing is correctly configured you should not expect it to be advertised in the wsdl.
          Regarding your second issue, i.e. the null pointer exception you're getting, could you please tell me which JBossWS version you are using? Is it the one that ships with JBoss 4.2.1.GA? Btw you might want to try with the latest JBossWS version, since we've been making many fixes and changes to this stuff recently, so your issue might have been already addressed.