12 Replies Latest reply on Feb 22, 2007 9:45 PM by Chris Laprun

    wsrp with https

    karin k Newbie

      Hi,
      I use JBoss Portal 2.6 DR1.
      I would like to access Remote Portlets by means of WSRP over https.
      The exposed WSDL contains not https service location but http.

      I can access the wsdl by means of https
      but the soap address location stays http.

      e.g. invoking https://host:httpsport/portal-wsrp/PortletManagementService?wsdl

      the shown wsdl looks like:

      <wsdl:definitions targetNamespace="urn:oasis:names:tc:wsrp:v1:wsdl">
      <wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
      ?
       <wsdl:service name="WSRPService">
      ?
       <wsdl:port binding="bind:WSRP_v1_PortletManagement_Binding_SOAP" name="WSRPPortletManagementService">
      <soap:address location="http://host:httpport/portal-wsrp/PortletManagementService"/>
      </wsdl:port>
      ?
       <wsdl:port binding="bind:WSRP_v1_Registration_Binding_SOAP" name="WSRPRegistrationService">
      <soap:address location="https://host:httpport/portal-wsrp/RegistrationService"/>
      </wsdl:port>
      ?
       <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService">
      <soap:address location="https://host:httpportportal-wsrp/MarkupService"/>
      </wsdl:port>
      ?
       <wsdl:port binding="bind:WSRP_v1_ServiceDescription_Binding_SOAP" name="WSRPServiceDescriptionService">
      <soap:address location="https://host:httpport/portal-wsrp/ServiceDescriptionService"/>
      </wsdl:port>
      </wsdl:service>
      </wsdl:definitions>




      I did modify it manually in the file portal-wsrp.jse (file wsrp_services.wsdl).
      changing <soap:address location="REPLACE_WITH_ACTUAL_URL"/>
      to
      https//REPLACE_WITH_ACTUAL_URL.
      It does not work. I also changed the web.xml file and inserted the following



      <security-constraint>
       <web-resource-collection>
       <web-resource-name>all</web-resource-name>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
       </security-constraint>


      -> Does not work either?

      Any other ideas?
      Regards
      Karin

        • 1. Re: wsrp with https
          Viet Master

          I am not the specialist here but I can try to help you. Chris which is our WSRP lead is currently away for a few days.

          You could try to secure the endpoints in web.xml located in : jboss-portal.sar/portal-wsrp.sar/portal-wsrp.war/WEB-INF/web.xml

          try with the ServiceDescriptionService endpoint like that

          <security-constraint>
           <web-resource-collection>
           <web-resource-name>Secure Area</web-resource-name>
           <url-pattern>/ServiceDescriptionService</url-pattern>
           <http-method>POST</http-method>
           </web-resource-collection>
           <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
           </user-data-constraint>
          </security-constraint>


          and also do it for the 3 other endpoints you can find in the web.xml

          • 2. Re: wsrp with https
            karin k Newbie

            Hi Julien,

            thanks for your reply.

            I added the security constraints to the web.xml file
            located in jboss-portal.sar/portal-wsrp.sar/portal-wsrp.jse. There is no portal-wsrp.war directory. It seems to work except for the wsdl:import.

            After adding the security-constraints the shown wsdl looks like this:

            <wsdl:definitions targetNamespace="urn:oasis:names:tc:wsrp:v1:wsdl">
            <wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
            ?
             <wsdl:service name="WSRPService">
            ?
             <wsdl:port binding="bind:WSRP_v1_PortletManagement_Binding_SOAP" name="WSRPPortletManagementService">
            <soap:address location="https://host:8444/portal-wsrp/PortletManagementService"/>
            </wsdl:port>
            ?
             <wsdl:port binding="bind:WSRP_v1_Registration_Binding_SOAP" name="WSRPRegistrationService">
            <soap:address location="https://host:8444/portal-wsrp/RegistrationService"/>
            </wsdl:port>
            ?
             <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService">
            <soap:address location="https://host:8444/portal-wsrp/MarkupService"/>
            </wsdl:port>
            ?
             <wsdl:port binding="bind:WSRP_v1_ServiceDescription_Binding_SOAP" name="WSRPServiceDescriptionService">
            <soap:address location="https://host:8444/portal-wsrp/ServiceDescriptionService"/>
            </wsdl:port>
            </wsdl:service>
            </wsdl:definitions>


            As you can see the https port is missing in the url of wsdl:import
            <wsdl:import location="https://host/portal-wsrp/P....


            Regards
            Karin



            • 3. Re: wsrp with https
              karin k Newbie

              Hi Julien,
              I just would like to inform you, that I have til now official support
              and opened a call in network.jboss.com
              ID is 00014082
              Regards Karin

              • 4. Re: wsrp with https
                Chris Laprun Master

                I have been reading the JBoss WS documentation and as far as I can tell, you only need to replace all the soap-address elements in

                portal-wsrp.sar/portal-wsrp.jse/WEB-INF/wsdl/wsrp_services.xml
                by the correct URL (including port). For example:
                <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService">
                 <soap:address location="https://localhost:8443/portal-wsrp/ServiceDescriptionService"/>
                </wsdl:port>

                You also need to perform the usual configuration steps to enable SSL support on AS as detailed in http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch9.chapt.html#d0e21962 and http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#d0e20970. Then, configure your consumer to use the https port. You will need to use JBoss WS 1.0.4.GA for this to work properly, by the way.
                For the complete procedure, see http://wiki.jboss.org/wiki/Wiki.jsp?page=WSRPUseSSL.

                • 5. Re: wsrp with https
                  Viet Master

                  thanks Chris for the update, this wiki needs to be added to the documentation too.

                  • 6. Re: wsrp with https
                    Chris Laprun Master

                    It's on my todo list... ;)

                    • 7. Re: wsrp with https
                      karin k Newbie

                      hi,
                      setting the hostname and port directly in the file

                      portal-wsrp.sar/portal-wsrp.jse/WEB-INF/wsdl/wsrp_services.xml


                      has the same effect than the solution with the security-constraints (as Julien told me first).

                      Means that my wsdl looks like this

                      <wsdl:definitions targetNamespace="urn:oasis:names:tc:wsrp:v1:wsdl">
                      <wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
                      ?
                       <wsdl:service name="WSRPService">
                      ?
                       <wsdl:port binding="bind:WSRP_v1_PortletManagement_Binding_SOAP" name="WSRPPortletManagementService">
                      <soap:address location="https://host:8444/portal-wsrp/PortletManagementService"/>
                      </wsdl:port>
                      ?
                       <wsdl:port binding="bind:WSRP_v1_Registration_Binding_SOAP" name="WSRPRegistrationService">
                      <soap:address location="https://host:8444/portal-wsrp/RegistrationService"/>
                      </wsdl:port>
                      ?
                       <wsdl:port binding="bind:WSRP_v1_Markup_Binding_SOAP" name="WSRPBaseService">
                      <soap:address location="https://host:8444/portal-wsrp/MarkupService"/>
                      </wsdl:port>
                      ?
                       <wsdl:port binding="bind:WSRP_v1_ServiceDescription_Binding_SOAP" name="WSRPServiceDescriptionService">
                      <soap:address location="https://host:8444/portal-wsrp/ServiceDescriptionService"/>
                      </wsdl:port>
                      </wsdl:service>
                      </wsdl:definitions>


                      Again in the WSDL import there is no port specified:
                      see
                      <wsdl:import location="https://host/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
                      


                      Shouldn't it look like:
                      <wsdl:import location="https://host:8444/portal-wsrp/PortletManagementService?wsdl&resource=wsrp_v1_bindings.wsdl" namespace="urn:oasis:names:tc:wsrp:v1:bind"/>
                      



                      Furthermore, I would like to have a way by not setting port and host
                      manually in a WSRP internal file. We have more than 40 applications having their own port. They should just use WSRP as a deployed service and not to have to modify internal WSRP files by themselfes.

                      regards
                      Karin

                      • 8. Re: wsrp with https
                        Chris Laprun Master

                        Which version of JBoss WS are you using? The solution provided in the Wiki will only work with JBoss WS 1.0.4.GA...

                        As far as having to modify the internal file manually, I totally agree with you. However, I haven't been able to find how to have JBoss WS to pick up the port automatically without having to modify the wsrp_services.xml file. See: http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html. I will ask the WS team to see if there is a better way.

                        • 9. Re: wsrp with https
                          karin k Newbie

                          Hi Chris,
                          I use
                          jbossws-1.0.4.GA (date=200611151648)
                          (as the log file stated).

                          Do you not have the problem with the missing port in the wsdl:import?
                          Actually will it hurt? I can access JBoss Portlet by means of WSRP (over SSL, simplest case just encrypted communication, without client authentification or trust to a specific server). I have problems doing it when using SAP Portal as consumer portal.
                          Therefore I would like to make sure, that this is not a JBoss problem.

                          regards
                          Karin

                          • 10. Re: wsrp with https
                            Chris Laprun Master

                            When I checked the other day, I didn't have the problem with the missing port in the WSDL file. I'll check again.

                            • 11. Re: wsrp with https
                              karin k Newbie

                              Hi Chris,
                              I finally found the problem.
                              It was caused by the configuration of the https connector from tomcat.

                              I used this configuration

                               <Connector port="9100" address="${jboss.bind.address}"
                               maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
                               emptySessionPath="true" proxyPort="443"
                               scheme="https" secure="true" clientAuth="false"
                               keystoreFile="${jboss.server.home.dir}/conf/jboss.p12"
                               keystorePass="asfsdf" keystoreType="PKCS12" sslProtocol = "TLS" />
                              


                              The parameter called proxyPort is the problem. Specifiying it causes
                              that the wsdl:import url is generated without url (I suppose because 443
                              is the default port for https).

                              I think this is a JBossWS Bug, because either all generated urls should
                              be with the current port or should use the proxy port. Currently it is mixed.
                              We will report this issue as bug.

                              Regards Karin




                              • 12. Re: wsrp with https
                                Chris Laprun Master

                                A servlet filter has been implemented to rewrite incorrect ports in the WSDL file that JBoss WS publishes. This is availble for both 2.6 and 2.4 in Subversion...