5 Replies Latest reply on Mar 23, 2010 5:00 PM by Mark Lassiter

    Problem with WS Security

    Marcin Ostachowski Newbie

      Hi everyone,

      I`m trying to implement WS server and client with WS Security for several last days.

       

      My server looks like:

       

      package test;

       


      import javax.jws.WebMethod;
      import javax.jws.WebService;
      @WebService()
      public class Calculator {
          @WebMethod
          public int add(int value1, int value2) {
              return value1 + value2;
          }
      }

       

       

      web.xml:

       

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.4">
          <servlet>
              <display-name>Calculator</display-name>
              <servlet-name>Calculator</servlet-name>
              <servlet-class>
                  test.Calculator
              </servlet-class>
          </servlet>
         
          <servlet-mapping>
              <servlet-name>Calculator</servlet-name>
              <url-pattern>/calculator</url-pattern>
          </servlet-mapping>   
          <welcome-file-list>
              <welcome-file>index.html</welcome-file>
              <welcome-file>index.htm</welcome-file>
              <welcome-file>index.jsp</welcome-file>
              <welcome-file>default.html</welcome-file>
              <welcome-file>default.htm</welcome-file>
              <welcome-file>default.jsp</welcome-file>
          </welcome-file-list>
      </web-app>

       

      jboss-wsse-server.xml:

       

      <jboss-ws-security
         xmlns="http://www.jboss.com/ws-security/config"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.jboss.com/ws-security/config
      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
         <key-store-file>WEB-INF/server.keystore</key-store-file>
         <key-store-password>pass123</key-store-password>
         <key-store-type>jks</key-store-type>
         <trust-store-file>WEB-INF/server.truststore</trust-store-file>
         <trust-store-password>pass123</trust-store-password>
         <trust-store-type>jks</trust-store-type>
         <key-passwords>
            <key-password alias="server" password="pass123" />
         </key-passwords>
         <config>
            <encrypt type="x509v3" alias="client" />
            <requires>
               <encryption />
            </requires>
         </config>
      </jboss-ws-security>

       

       

      I`ve put server.keystore and server.truststore into web-inf direcotry.

       

      My Client:

       

      package test;

       

      import org.jboss.ws.annotation.EndpointConfig;


      @EndpointConfig(configName="Standard WSSecurity Endpoint")

      public class Client {

       

          public static void main(String[] args) {
             
                   CalculatorService svc = new CalculatorService();
                  Calculator calc = svc.getCalculatorPort();
                  System.out.println("2 + 2 = " + calc.add(2, 2));
          }
      }

       

      I`ve put client.keystore, client.truststore, jboss-wsse-client.xml and standard-jaxws-client-config.xml to meta-inf directory.

      When I deploy server, I can see wsdl file. But when I run the client i get :

       

      Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing.
              at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
              at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
              at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
              at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
              at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
              at $Proxy25.add(Unknown Source)
              at test.Client.main(Client.java:9)

       

      Can anyone help me?

      Marcin Ostachowski

        • 1. Re: Problem with WS Security
          rinku GARG Newbie

          Hi Mercin,

           

          I am also facing the same problem. are you able to fix this problem. If yes then please let me know. I need an urgent help on this.

          I am using Java 1.5 and Jboss 5.1.0

           

          Thanks

           

          Regards

          Rinku Garg

          • 2. Re: Problem with WS Security
            Scott Kubina Newbie
            I'm having the same problem so I don't have the full solution yet, but I did notice you put @EndpointConfig on the client code. It should be the other way around - @EndpointConfig should be declared just above or below your @WebService annotation on the server code, and no need for the annotation on the client code. 95% sure on that.
            • 3. Re: Problem with WS Security
              Alessio Soldano Master

              Yes, the annotation if for server side. On client side you need to provide the client configuration to use through the StubExt interface:

               

              ((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
              ((StubExt)port).setConfigName("Standard WSSecurity Client");
              • 4. Re: Problem with WS Security
                Scott Kubina Newbie

                I got this working, and here are a few suggestions on things to try that worked for me. This is the setup for an EJB web service on JBoss 6.0 M1 with WS-Security features of signing and encryption.

                 

                Server:

                1. On the server side you need these files in your META-INF directory if you're doing and EJB web service.
                  • Server truststore and keystore. Assuming you know how to set these up.
                  • jboss-wsse-server.xml (Lacking contents, let me know if you need them)
                2. Then also on the server side you need to annotate your web service at the class level with @EndpointConfig(configName = "Standard WSSecurity Endpoint").
                3. Setup JBoss so it logs the SOAP messages in the $JBOSS_HOME/server/<config>/log/server.log file. To do that go to $JBOSS_HOME/server/<config>/conf/jboss-log4j.xml and find this area and uncomment:

                 

                <code>

                <!-- Enable JBossWS message tracing -->   <category name="org.jboss.ws.core.MessageTrace">     <priority value="TRACE"/>   </category>

                </code>

                 

                Client:

                1. On the client side you need these files in your META-INF directory.
                  • Client truststore and keystore.
                  • jboss-wsse-client.xml (Lacking contents, let me know if you need them)
                  • standard-jaxws-client.config.xml (Lacking contents, let me know if you need them)
                2. You can generate the classes needed for the WSDL using $JBOSS_HOME/bin/wscompile -k http://localhost:8080/servicejar/ServiceName?WSDL. Then take the classes in the generated output directory and add it to your client.
                3. Then get the service by doing something like MyService service = new MyService_Service().getMyServiceSOAP();. That will contain the methods in your actual web service.
                4. Then add this JVM argument to the client. This is in all likelihood what you're missing.
                  • -Djava.endorsed.dirs=<Replace with $JBOSS_HOME>\lib\endorsed
                5. If it doesn't work you should setup Log4j on the client, because the errors are likely being swallowed as some of the libraries are setup to spit the detailed error information into a log.

                 

                Hope that helps at least some.

                        

                • 5. Re: Problem with WS Security
                  Mark Lassiter Newbie

                  This helped me out a great deal.  I was not able to find documentation stating that the @EndpointConfig annotation was required.  Some of the links on the Wiki are broken, so perhaps its burried there but not reachable.

                   

                  Thanks!