2 Replies Latest reply on Mar 5, 2009 2:08 AM by Dhanush Gopinath

    WS-Security on POJO Endpoint in JBOSSWS 3.1.0

    Dhanush Gopinath Newbie

      Hi,

      I am using the latest jboss 3.1.0 on my JBOSS AS 4.2.3. I have a sample web service which is a POJO Endpoint I made from the WSDL(using top down approach). Do I need to give the @EndpointConfig annotation in this case?

      I gave it and deployed the webservice and when I invoked the service I got a ClassCastException

      java.lang.ClassCastException: org.jboss.ws.core.soap.EnvelopeBuilderDOM


      I then removed this annotationand gave the annotation as per the sample in jboss download(SecureEndpointImpl.java). It deployed successfully but never worked properly. What ever the user name or role it returned successfully.

      Here are my configurations

      jboss-wsse-server.xml
      <?xml version="1.0" encoding="UTF-8"?>
      
      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.jboss.com/ws-security/config
      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
      
       <config>
       <authorize>
       <unchecked />
       <!-- <role>friend</role> -->
      
       </authorize>
       </config>
      
      </jboss-ws-security>
      


      service
      @Stateless(name = "AWFUtilityServicePortType")
      @SecurityDomain("JBossWS")
      @RolesAllowed("friend")
      @WebService(serviceName = "AWFUtilityService", targetNamespace = "http://www.test.com/WF/Framework/AWFUtilityService",
       endpointInterface = "com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType", portName="AWFUtilityServicePort",wsdlLocation="WEB-INF/wsdl/AWFUtilityService.wsdl")
      public class AWFUtilityServiceImpl implements AWFUtilityServicePortType {
      
       public String getID(String id)
       throws GetCorrelationIDFault {
       return "Hello World " + id;
       }
      
      }
      


      Is there something else that needs to be configured? Please let me know

      Thanks
      Dhanush

        • 1. Re: WS-Security on POJO Endpoint in JBOSSWS 3.1.0
          Dhanush Gopinath Newbie

          Seeing no replies here, I guess I might have confused you ppl here.

          This is what I did

          1. Implemented a Web Service in Top Down Approach.
          2. Added Following annotations

          @SecurityDomain("JBossWS")
          @EndpointConfig(configName="Standard WSSecurity Endpoint", configFile="META-INF/standard-jaxws-endpoint-config.xml")
          @WebService(serviceName = "AWFUtilityService", targetNamespace = "http://www.test.com/WF/Framework/AWFUtilityService",
           endpointInterface = "com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType",
           portName="AWFUtilityServicePort",wsdlLocation="WEB-INF/wsdl/AWFUtilityService.wsdl")


          3. Wrote the jboss-wsse-server.xml as per the test suite
          <?xml version="1.0" encoding="UTF-8"?>
          
          <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.jboss.com/ws-security/config
          http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
           <!--
           <config>
           <authorize>
           <unchecked />
           </authorize>
           </config>
           -->
          
           <port name="AWFUtilityServicePort">
           <operation
           name="{http://www.test.com/WF/Framework/AWFUtilityService}getID">
           <config>
           <authorize>
           <role>friend</role>
           </authorize>
           </config>
           </operation>
           </port>
          
          </jboss-ws-security>
          

          4. Edited the jboss-web.xml like this
          <jboss-web>
          
           <security-domain>java:/jaas/JBossWS</security-domain>
           <context-root>/AWFUtilityServiceWSS</context-root>
          </jboss-web>


          5. Edited the web.xml like this
          <web-app xmlns="http://java.sun.com/xml/ns/javaee"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
           <servlet>
           <servlet-name>AWFUtilityService</servlet-name>
           <servlet-class>
           com.test.wf.framework.awfutilityservice.AWFUtilityServiceImpl
           </servlet-class>
           </servlet>
           <servlet-mapping>
           <servlet-name>AWFUtilityService</servlet-name>
           <url-pattern>/AWFUtilityService</url-pattern>
           </servlet-mapping>
          
           <login-config>
           <auth-method>BASIC</auth-method>
           <realm-name>JBossWS</realm-name>
           </login-config>
           <security-role>
           <role-name>friend</role-name>
           </security-role>
           <welcome-file-list>
           <welcome-file>index.jsp</welcome-file>
           </welcome-file-list>
          </web-app>


          And deployed the application. While deploying I see the following entry in the server log
          
          ServerEndpointMetaData:
           type=JAXWS
           qname={http://www.test.com/WF/Framework/AWFUtilityService}AWFUtilityServicePort
           id=jboss.ws:context=AWFUtilityServiceWSS,endpoint=AWFUtilityService
           address=http://192.168.1.97:8080/AWFUtilityServiceWSS/AWFUtilityService
           binding=http://schemas.xmlsoap.org/wsdl/soap/http
           linkName=AWFUtilityService
           implName=com.test.wf.framework.awfutilityservice.AWFUtilityServiceImpl
           seiName=com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType
           serviceMode=null
           portComponentName=null
           contextRoot=/AWFUtilityServiceWSS
           urlPattern=/AWFUtilityService
           configFile=META-INF/standard-jaxws-endpoint-config.xml
           configName=Standard Endpoint
           authMethod=null
           transportGuarantee=NONE
           secureWSDLAccess=false
           properties={}
          
          OperationMetaData:
           qname={http://www.test.com/WF/Framework/AWFUtilityService}GetID
           javaName=getID
           style=document/literal/BARE
           oneWay=false
           soapAction=http://www.test.com/WF/Framework/AWFUtilityService/GetID
          ParameterMetaData:
           xmlName={http://www.test.com/WF/Framework/AWFUtilityService}CorrelationID
           partName=CorrelationID
           xmlType={http://www.w3.org/2001/XMLSchema}string
           javaType=java.lang.String
           mode=IN
           inHeader=false
           index=0
          ReturnMetaData:
           xmlName={http://www.test.com/WF/Framework/AWFUtilityService}CorrelationIDValue
           partName=CorrelationIDValue
           xmlType={http://www.w3.org/2001/XMLSchema}string
           javaType=java.lang.String
           mode=OUT
           inHeader=false
           index=-1
          FaultMetaData
           xmlName={http://www.test.com/WF/Framework/AWFUtilityService}GetIDFault
           xmlType={http://www.test.com/WF/Framework/AWFUtilityService}GetIDFault
           javaType=com.test.wf.framework.awfutilityservice.GetIDFault
           faultBean=com.test.wf.framework.faultschema.GetIDComplexType
          
          HandlerMetaDataJAXWS:
           type=POST
           name=WSSecurity Handler
           class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer
           params=[]
           protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
           services=null
           ports=null
          
          


          Why is the item in bold(configName=Standard Endpoint
          ) like that? Shouldn't that value be Standard WSSecurity Endpoint?

          I then called the Service with my WS Sec Client code given below
          public static void main(String[] args) {
           try { // Call Web Service Operation
          
           String url = "http://192.168.1.97:8070/AWFUtilityServiceWSS/AWFUtilityService?wsdl";
          
           URL wsdlURL = new URL(url);
           URL securityURL = new File("F:\\Workflow_Code\\Sample-EPM-FW-BasedWorkflows\\WSSecClient\\src\\wssecclient\\jboss-wsse-client.xml").toURL();
           QName serviceName = new QName("http://www.test.com/WF/Framework/AWFUtilityService", "AWFUtilityService");
           Service service = Service.create(wsdlURL, serviceName);
           AWFUtilityServicePortType port = (AWFUtilityServicePortType) service.getPort(AWFUtilityServicePortType.class);
           ((StubExt) port).setSecurityConfig(securityURL.toExternalForm());
           ((StubExt) port).setConfigName("Standard WSSecurity Client");
          
          
           Map<String, Object> reqContext = ((BindingProvider) port).getRequestContext();
           reqContext.put(BindingProvider.USERNAME_PROPERTY, "kermit");
           reqContext.put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
          
           reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, url);
          
           java.lang.String partGetIDRequest = "hello";
           java.lang.String result = port.getID(partGetIDRequest);
           System.out.println("Result = " + result);



          When I call the service I get the following exception at the server side.
          2009-03-03 19:04:52,547 DEBUG [org.jboss.ws.core.soap.MessageFactoryImpl] createMessage: [contentType=text/xml; charset=UTF-8]
          2009-03-03 19:04:52,594 DEBUG [org.jboss.ws.metadata.umdm.EndpointMetaData] Configure SOAPBinding
          2009-03-03 19:04:52,594 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
          java.lang.ClassCastException: org.jboss.ws.core.soap.EnvelopeBuilderDOM
           at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:285)
           at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:193)
           at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:455)
           at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)
           at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
           at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
           at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
           at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
           at java.lang.Thread.run(Thread.java:595)
          2009-03-03 19:04:52,610 DEBUG [org.jboss.wsf.stack.jbws.RequestHandlerImpl] END handleRequest: jboss.ws:context=AWFUtilityServiceWSS,endpoint=AWFUtilityService
          2009-03-03 19:04:52,610 DEBUG [org.jboss.ws.core.soap.MessageContextAssociation] popMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@1383942 (Thread http-192.168.1.97-8080-1)
          2009-03-03 19:04:52,610 ERROR [org.jboss.wsf.stack.jbws.RequestHandlerImpl] Error processing web service request
          org.jboss.ws.WSException: java.lang.ClassCastException: org.jboss.ws.core.soap.MessageFactoryImpl
           at org.jboss.ws.WSException.rethrow(WSException.java:68)
           at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:336)
           at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
           at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
           at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
          


          I understand this is because of the presence of the jboss-native-core.jar in my web service application. But I need that to add the @EndpointConfig annotation. Is it possible to remove the jar and retain the annotation? Or is there any other way to avoid the class cast exception. More than that is the way I am implementing this correct ?

          Please help. Many thanks in advance

          • 2. Re: WS-Security on POJO Endpoint in JBOSSWS 3.1.0
            Dhanush Gopinath Newbie

            Guys,

            I got it working. I will write a detailed document on the same and update it here.

            Thanks
            Dhanush