2 Replies Latest reply on May 25, 2011 8:28 AM by mauro.brasil

    How to enable SSL with JBossWS without "server.xml" ?

    mauro.brasil Newbie

      Hello there!

       

      We have a fully operational client/server application that uses JBossWS at server side and Axis2C at client side to provide Web Service communication.

      We are just using "username autentication" and "timestamp validation" WS-Security features as shown below on "jboss-wsse-server.xml" file:

       

      <?xml version="1.0" encoding="UTF-8"?>
      
      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.jboss.com/ws-security/config
                         http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
      
          <config>
      
              <requires/>
      
              <timestamp ttl="60" />
      
              <authenticate>
                  <usernameAuth />
              </authenticate>
      
              <authorize>
                  <role>AllowedRole01</role>
                  <role>AllowedRole02</role>
              </authorize>
      
          </config>
      
          <timestamp-verification createdTolerance="30" warnCreated="true" expiresTolerance="10" warnExpires="true" />
      
      </jboss-ws-security>
      
      

       

      Now we need to use SSL for all Web Services provided by our application.

       

      Following Alessio Soldano's article at http://community.jboss.org/wiki/JBossWS-SecureTransport#Client_side, we were able to make SSL work changing file "web.xml" accordingly to alternative 2.

       

      The problem is that we want to use the first approach with "@WebContext" annotation.

       

      I've reverted "web.xml" configurations and changed current annotation from just:

       

      @WebService( name = "user" )
      @EndpointConfig( configName = "Standard WSSecurity Endpoint" )
      @SecurityDomain( "SECURITY_DOMAIN" )
      public class UserWSImpl extends AbstractBaseWS implements IUserWS {
      

       

      To:

       

      @WebService( name = "user" )
      @EndpointConfig( configName = "Standard WSSecurity Endpoint" )
      @SecurityDomain( "SECURITY_DOMAIN" )
      @WebContext
      ( 
          contextRoot = "/CONTEXT_ROOT", 
          urlPattern = "/user", 
          transportGuarantee = "CONFIDENTIAL", 
          secureWSDLAccess = false 
      )
      public class UserWSImpl extends AbstractBaseWS implements IUserWS {
      

       

      But it didn't work.

       

      Am I missing something ?

       

      Please let me know if you guys need any more information to figure out the problem.

       

      Thank's a lot and best regards,

      Mauro.

        • 1. Re: How to enable SSL with JBossWS without "server.xml" ?
          mauro.brasil Newbie

          I've noticed the following lines logged:

           

          12:28:55,328 WARN  [JAXWSWebServiceMetaDataBuilder] @WebContext.contextRoot is only valid on EJB endpoints

          12:28:55,328 WARN  [JAXWSWebServiceMetaDataBuilder] @WebContext.urlPattern is only valid on EJB endpoints

          12:28:55,328 WARN  [JAXWSWebServiceMetaDataBuilder] @WebContext.transportGuarantee is only valid on EJB endpoints

           

          So... the annotation option won't work if I'm not using EJB ?

           

          Is there another alternative to enable SSL without using "web.xml" ?

           

          Thanks a lot and best regards,

          Mauro.

          • 2. Re: How to enable SSL with JBossWS without "server.xml" ?
            mauro.brasil Newbie

            Case closed.

             

            I setup an "unsecure region" using "security-constraint" at "web.xml" and got what I wanted at first place.

             

            In fact, besides enabling SSL for all web services, I needed one resource to be accessible directly (used by the client installer to verify if the server is on provided IP), so I've created an unsecure region and put a dummy file on it.