1 2 Previous Next 15 Replies Latest reply on Nov 14, 2008 3:31 PM by ab alissa

    Steps for implementing WS-Security in JBoss using Username t

    Pramod Nair Novice

      This posting might be useful for those people trying to implement WS-Security using username toekn authentication. I couldn't find a single document anywhere on the web. I though i will ceate a comrehensive doc.
      Please let me know if you guys see any flaw here,


      Steps for implementing WS-Security in JBoss using Username token Authentication

      I. Server:

      1. Create Endpoint for Web Service (Ex: A stateless session bean)

      Code sample: TestWSEJB.java


      package test;

      import javax.ejb.Stateless;
      import javax.jws.WebService;
      import javax.jws.WebMethod;
      import javax.jws.soap.SOAPBinding;
      import org.jboss.annotation.security.SecurityDomain;
      import org.jboss.ws.annotation.EndpointConfig;

      @Stateless
      @WebService
      (name="TestWSEJB",
      targetNamespace = "http://test",
      serviceName = "TestWSEJBService")
      @SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      @SecurityDomain("JBossWS")

      public class TestWSEJB {
      @WebMethod
      public String ping (String name)
      {
      return "Hello : " + name;
      }
      }


      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      This is the configuration in the {JBOSS_HOME}jboss-4.2.1.GA\server\default\deploy\jbossws.sar\META-INF\standard-jaxws-endpoint-config.xml file

      Portion of standard-jaxws-endpoint-config.xml file:

      <endpoint-config>
      <config-name>Standard WSSecurity Endpoint</config-name>
      <post-handler-chains>
      <javaee:handler-chain>
      <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
      <javaee:handler>
      <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
      <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
      </javaee:handler>
      </javaee:handler-chain>
      </post-handler-chains>
      </endpoint-config>

      @SecurityDomain("JBossWS")

      This is the configuration for security domain for JBossWS in the {JBOSS_HOME} \jboss-4.2.1.GA\server\default\conf\login-config.xml


      Portion of standard-jaxws-endpoint-config.xml file:

      <application-policy name="JBossWS">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag="required">
      <module-option name="usersProperties">props/jbossws-users.properties</module-option>
      <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
      <module-option name="unauthenticatedIdentity">anonymous</module-option>
      </login-module>

      </application-policy>

      2. jboss-wsse-server.xml.
      Create jboss-wsse-server.xml and save in META-INF or WEB-INF folder based on the EJB or Web project)

      Sample file:

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.jboss.com/ws-security/config
      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">





      </jboss-ws-security>


      3. Authentication information
      In the above Security domain (JBossWS) the credentials are in the {JBOSS_HOME} jbossws-user.properties in jboss-4.2.1.GA\server\default\conf\props\jbossws-users.properties. (Default is UsersRolesLoginModule)



      II. Client:

      1. Create the client for Web Service.

      Sample Code:

      Test.java:

      package test;
      import java.io.File;
      import java.net.URL;
      import java.util.Map;

      import javax.xml.namespace.QName;
      import javax.xml.ws.BindingProvider;
      import javax.xml.ws.Service;
      import javax.xml.ws.WebServiceRef;

      import org.jboss.ws.core.StubExt;

      public class Test {

      public static void main(String[] args) {
      try {
      Test client = new Test();
      client.doTest(args);
      } catch(Exception e) {
      e.printStackTrace();
      }
      }

      public void doTest(String[] args) {
      try {
      URL url = new URL("http://localhost:8080/WS_Security_Test/TestWSEJB?wsdl");
      QName qn = new QName("http://test","TestWSEJBService");
      Service s = Service.create(url, qn);
      TestWSEJB port = s.getPort(TestWSEJB.class);
      URL securityURL = new File("ejbModule/META-INF/jboss-wsse-client.xml").toURL();
      ((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
      ((StubExt)port).setConfigName("Standard WSSecurity Client");
      ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");;
      ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");;
      System.out.println("Invoking the sayHello operation on the port.");
      String response = port.ping("Pramod") ;
      System.out.println(response);
      } catch(Exception e) {
      e.printStackTrace();
      }
      }
      }

      ((StubExt)port).setConfigName("Standard WSSecurity Client");
      This is the configuration in the {JBOSS_HOME}jboss-4.2.1.GA\server\default\deploy\jbossws.sar\META-INF\ standard-jaxws-client-config.xml file
      Portion of standard-jaxws-client-config.xml:

      <client-config>
      <config-name>Standard WSSecurity Client</config-name>
      <post-handler-chains>
      <javaee:handler-chain>
      <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
      <javaee:handler>
      <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
      <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
      </javaee:handler>
      </javaee:handler-chain>
      </post-handler-chains>
      </client-config>


      TestWSEJB.java:

      package test;

      import javax.jws.WebMethod;
      import javax.jws.WebParam;
      import javax.jws.WebResult;
      import javax.jws.WebService;
      import javax.xml.ws.RequestWrapper;
      import javax.xml.ws.ResponseWrapper;


      /**
      * This class was generated by the JAX-WS RI.
      * JAX-WS RI 2.1.1-b03-
      * Generated source version: 2.0
      *
      */
      @WebService(name = "TestWSEJB", targetNamespace = "http://test")
      public interface TestWSEJB {


      /**
      *
      * @param arg0
      * @return
      * returns java.lang.String
      */
      @WebMethod
      @WebResult(targetNamespace = "")
      @RequestWrapper(localName = "ping", targetNamespace = "http://test", className = "test.Ping")
      @ResponseWrapper(localName = "pingResponse", targetNamespace = "http://test", className = "test.PingResponse")
      public String ping(
      @WebParam(name = "arg0", targetNamespace = "")
      String arg0);

      }


      2. jboss-wsse-client.xml.
      Create jboss-wsse-client.xml and save in META-INF or WEB-INF folder based on the EJB or Web project – based on the client)

      Sample file:


      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.jboss.com/ws-security/config
      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">



      </jboss-ws-security>


      III. Tools Used:

      JBoss Application Server  www.jboss.org
      Eclipse IDE  www.eclipse.org
      SoapUI for testing Web Services  www.soapui.org
      Ws-Consume  Jboss tool (I jboss bin folder)
      WireShark (TCP-IP monitoring tool)  http://www.wireshark.org

      Output from Wireshark (any other TCPIP monitoring tools can be used) -> This is the SOAP-Envelope that actually goes from the client to the server.

      <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
      <env:Header>
      <wsse:Security env:mustUnderstand='1'
      xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
      xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
      <wsse:UsernameToken
      wsu:Id='token-1-1205175076833-11112467'>
      <wsse:Username>admin</wsse:Username>
      <wsse:Password>admin</wsse:Password>
      </wsse:UsernameToken>
      </wsse:Security>
      </env:Header>
      <env:Body>
      <ns2:ping xmlns:ns2="http://test">
      <arg0>Pramod</arg0>
      </ns2:ping>
      </env:Body>
      </env:Envelope>

        1 2 Previous Next