1 2 Previous Next 22 Replies Latest reply on Jan 28, 2014 5:12 AM by radcortez

    How do I rewrite soap:address to always HTTPS

      We have a strange issue here and I must assume that someone else must have run into this before.

       

      We are currently deploying our EJB3-based web service on JBossAS 5.1.0.GA.

      The Session bean that implements our service methods is using annotations to generate all the necessary artifacts upon deployment, especially the WSDL.

       

      As everybody knows, JBoss is generating the service URL in the <soap:address> field every time a WSDL gets re-generated.

      We are also aware that there are certain options to configure how this URL gets generated in the deployers/jbossws.deployer/META-INF/jboss-beans.xml.

       

      However, we have a configuration that just never gives us the correct protocol in the service URL.

       

      We are using a F5 load balancer to front-end our traffic. All traffic up to the F5 is using HTTPS. Based on rules, the F5 is now forwarding the requests to a set of Apache HTTPD server - this traffic is using HTTP. The Apache HTTPD server are now configured to use mod_proxy_ajp to send the request to our individual JBoss server who will then ultimately serve this request.

       

      So, we have multiple options to configure the generation of the service URL:

      1. we configure it statically by setting "webServiceHost" to our public server name, or
      2. we configure it using dynamic rewrite based on the request URL

       

      If we use option #1, JBoss will always generate a service URL with "http" no matter what else we do and if we use option #2, JBoss will also always generate a URL with "http" since the request from the F5 to Apache is actually just HTTP. The only way to force a "https" address in option #1 is to configure our webservice with <transport-guarantee>CONFIDENTIAL</transport-guarantee> in jboss.xml (or in the @WebContext annotation). However, this does not work either because the incoming traffic is actually HTTP and JBossWS is expecting HTTPS so it correctly never responds.

       

      So, our question now would be:

      How can we configure JBossWS to generate a service URL with "https" regardless of whether the service actually expects encrypted requests or not?

       

      I could not find any viable solutions at all yet, so any ideas may be helpful.

        • 1. Re: How do I rewrite soap:address to always HTTPS

          Looks like nobody is willing or able to answer this question and help us here.

          So, I will have to help myself (as most of the times)

           

          I have found the relevant classes in JBossWS and are in the process developing a patch for the ServerConfig. If anybody is interested, I will post it back to this forum once I am done and tested.

          • 2. Re: How do I rewrite soap:address to always HTTPS
            asoldano

            I'll probably have some time to think about this in the next weeks, sorry. Generally speaking I'd really much appreciate a patch in this area; this quite a complex topic, as there're really many different user conditions here, requiring a different behaviour of the stack. Please try running the whole jbossws testsuite once you have the patch, as I recently revisited it to try covering all the usecase we've dealt with regarding soap address rewrite needs.

            Thanks

            • 3. Re: How do I rewrite soap:address to always HTTPS
              radcortez
              I have exactly the same problem. Any solution yet?
              • 4. Re: How do I rewrite soap:address to always HTTPS

                Unfortunately, my solution did not get beyond an initial design stage yet as I am pretty busy with my regular project work.

                 

                We temporarily solved this by taking the generated WSDL, changing it manually to put the URL in we want and then put it on a file system. We then intercept the URL to request the WSDL on the F5 level and redirect to the URI where the static WSDL resides.

                 

                I hope that I have more bandwidth soon to implement an extension of the current configuration allowing more flexibility with this.

                • 5. Re: How do I rewrite soap:address to always HTTPS
                  radcortez
                  Ok. I guess i have to do something similar. A big problem is that i don't have any control around the systems around JBoss, since they are all manage by my provider
                  • 6. Re: How do I rewrite soap:address to always HTTPS
                    crankr

                    Have you seen this, maybe it will help

                     

                    jbossws.deployer/META-INF/jboss-beans.xml

                     

                    <bean name="ServiceEndpointManager" class="org.jboss.ws.server.ServiceEndpointManager">
                          <!--
                            The WSDL, that is a required deployment artifact for an endpoint, has a <soap:address>
                            element which points to the location of the endpoint. JBoss supports rewriting of that SOAP address.
                         
                            If the content of <soap:address> is a valid URL, JBossWS will not rewrite it unless AlwaysModifySOAPAddress is true.
                            If the content of <soap:address> is not a valid URL, JBossWS will rewrite it using the attribute values given below.
                          -->
                          <property name="webServiceHost">${jboss.bind.address}</property>
                          <property name="webServiceSecurePort">8443</property>
                          <property name="webServicePort">8080</property>
                          <property name="alwaysModifySOAPAddress">true</property>
                          ...
                        </bean>

                    • 7. Re: How do I rewrite soap:address to always HTTPS
                      davidl360

                      Did anyone ever find a way to do this? I have an almost identical situation.

                      • 8. Re: How do I rewrite soap:address to always HTTPS
                        asoldano

                        Ulrich Romahn wrote:

                         


                        So, we have multiple options to configure the generation of the service URL:

                        1. we configure it statically by setting "webServiceHost" to our public server name, or
                        2. we configure it using dynamic rewrite based on the request URL

                         

                        If we use option #1, JBoss will always generate a service URL with "http" no matter what else we do

                         

                        Generally speaking, something you can do is provide the wsdl you want to be exposed in your deployment. First you deploy without it, then you save the generated wsdl, modify it as you wish, add it and reference it (@WebService(wsdlLocation = "WEB-INF/...")) in your deployment and finally re-deploy.

                         

                        Something else you might want to try is setting your soap:address to something like "https://REPLACE-ME", that should force the https protocol to be use in the soap:address when rewriting it. I think this probably has the side effect of overwriting the webServicePort you might want to specify though.

                         

                        If nothing of this helps, please create a feature request jira. We might think about adding another configuration option (webServiceProtocol) and achieve what you want throught that.

                        • 9. Re: How do I rewrite soap:address to always HTTPS
                          melaraj1

                          Can anyone help with this.  I am able to replace the WSDL and successfully having it show https, however, clients are getting an exception :

                           

                          "Endpoint not found"

                          • 10. Re: How do I rewrite soap:address to always HTTPS
                            simonpl

                            I guess Robert Crank's hint was the good one. I had situation when there was always localhost in soap adress. To solve this I just commented these two lines out (in document jbossws.deployer/META-INF/jboss-beans.xml):

                             

                            <property name="webServiceHost">${jboss.bind.address}</property>
                            <property name="modifySOAPAddress">true</property>

                            • 11. Re: How do I rewrite soap:address to always HTTPS
                              izgur

                              jbossws.deployer/META-INF/jboss-beans.xml exists only in jboss5.1/server/all and not the configuration used  ?!

                              • 12. Re: How do I rewrite soap:address to always HTTPS
                                jhonny69

                                do it like a servlet. with a "class xxxxxx implements Provider<SOAPMessage>"

                                • 13. Re: How do I rewrite soap:address to always HTTPS
                                  carlo.bonamico

                                  I managed to follow this advice in a simila situation successfully. See also my additional related questions in https://community.jboss.org/thread/205925

                                  • 14. Re: How do I rewrite soap:address to always HTTPS
                                    megha_07

                                    I am having the same problem with the soap address location having http in the wsdl url instead https.

                                    Any help and solution regarding this will be really appreciated.

                                     

                                    Thanks in advance.

                                    1 2 Previous Next