12 Replies Latest reply on May 28, 2013 8:41 AM by Alessio Soldano

    My ws-security setting doesn't work.

    Joseph Hwang Novice

      My WS-security reference site is https://docs.jboss.org/author/display/JBWS/WS-Security.

       

      I coded interface and bean like below :

       

      @WebService
      public interface IHelloPort {

       

        @WebMethod
        @WebResult
        public String sayHello(@WebParam String name);
      }

       

      @WebService
      @EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
      public class HelloBean implements IHelloPort {

       

        @Override
        @WebMethod
        @WebResult
        public String sayHello(@WebParam String name) {
          // TODO Auto-generated method stub
          return "Hello " + name;
        }

      }

       

      Then I generated WEB-INF/jaxws-endpoint-config.xml

       

      <jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
      xmlns:javaee="http://java.sun.com/xml/ns/javaee"
      xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

        <endpoint-config>   
         <config-name>Custom WS-Security Endpoint</config-name>   
         <property>     
          <property-name>ws-security.signature.properties</property-name>     
          <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>   
         </property>   
        
         <property>     
          <property-name>ws-security.encryption.properties</property-name>     
          <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>   
         </property>   
        
         <property>     
          <property-name>ws-security.signature.username</property-name>     
          <property-value>joseph</property-value>   
         </property>   
        
         <property>     
          <property-name>ws-security.encryption.username</property-name>     
          <property-value>joseph</property-value>   
         </property>   
        
         <property>     
          <property-name>ws-security.callback-handler</property-name>     
          <property-value>com.aaa.ws.KeystorePasswordCallback</property-value>   
         </property> 
        </endpoint-config>
      </jaxws-config>

       

      Next I made ${jboss.server.config.dir}/wssecurity.properties and KeystorePasswordCallback.java like below

       

      -- wssecurity.properties

      org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

      org.apache.ws.security.crypto.merlin.keystore.type=jks

      org.apache.ws.security.crypto.merlin.keystore.password=111111

      org.apache.ws.security.crypto.merlin.keystore.alias=testWSssl

      org.apache.ws.security.crypto.merlin.keystore.file=${jboss.server.config.dir}/jboss7ssl.jks

       

      -- KeystorePasswordCallback.java

      public class KeystorePasswordCallback implements CallbackHandler {

       

      private Map<String, String> passwords = new HashMap<String, String>();

       

      public KeystorePasswordCallback() {
        passwords.put("joseph", "11111");

       

      }

       

      @Override
      public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        // TODO Auto-generated method stub
         for (int i = 0; i < callbacks.length; i++) {
          WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
          String pass = passwords.get(pc.getIdentifier());
         
         if (pass != null) {           
           pc.setPassword(pass);
           return;
         }
        }
      }


      public void setAliasPassword(String alias, String password) {
        passwords.put(alias, password);
      }

      }

       

      Last I generated jboss7ssl.jks file with keytool command

       

      keytool -genkey -alias testWSssl -keystore jboss7ssl.jks -keyalg RSA -validity 180

       

      Deployment threw no exception. But WS-security encryption was not applied to wsdl. Generated soap file was just plain xml file.

      WS-security encryption setting doesn't work. Did i miss anything?

       

      I need your advice. Thanks in advanced !

        • 1. Re: My ws-security setting doesn't work.
          Nicklas Karlsson Master

          Are you following https://docs.jboss.org/author/display/JBWS/WS-Security ? Have you tried making a typo in the xml to make sure it's being picked up?

          • 2. Re: My ws-security setting doesn't work.
            Joseph Hwang Novice

            Thanks for reply, Nicklas. I using Eclipse Juno and jboss 7.1.1

            As you told, I made a typo in WEB-INF/jaxws-endpoint-config.xml and it is invoked well.(It threw exception)

            But wssecurity.properties file seemed not to be picked.

             

            org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

            org.apache.ws.security.crypto.merlin.keystore.type=jks

            org.apache.ws.security.crypto.merlin.keystore.password=111111

            org.apache.ws.security.crypto.merlin.keystore.alias=testWSssl

            org.apache.ws.security.crypto.merlin.keystore.file=${jboss.server.config.dir}/jboss7ssl.jks

            Oops! (typo)

             

            I think there is a problem on these lines of jaxws-endpoint-config.xml

             

            <property>
               <property-name>ws-security.signature.properties</property-name>
               <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>
            </property>

             

             

            <property>

               <property-name>ws-security.encryption.properties</property-name>
               <property-value>${jboss.server.config.dir}/wssecurity.properties</property-value>
            </property>

             

             

            Any idea? Thanks in advanced!

            • 3. Re: My ws-security setting doesn't work.
              Nicklas Karlsson Master

              Are they picked up if you hardcode the file locations?

              • 4. Re: My ws-security setting doesn't work.
                Joseph Hwang Novice

                I made a typo in jaxws-endpoint-config.xml like below :

                 

                <property>
                   <property-name>oops!---ws-security.signature.properties</property-name>
                   <property-value>WEB-INF/wssecurity.properties</property-value>
                </property>

                 

                 

                <property>

                   <property-name>oops!--ws-security.encryption.properties</property-name>
                   <property-value>WEB-INF/wssecurity.properties</property-value>
                </property>

                 

                But the deployment was successful.

                The value of property-name element is just a string but calls nothing. I think jaxws-endpoint-config.xml file does not recognize 'property-name' elements.

                So i coded like this

                 

                @WebService(
                ...
                )
                @EndpointProperties(value = {
                   @EndpointProperty(key = "ws-security.signature.properties", value = "WEB-INF/ws-security.properties"),
                   @EndpointProperty(key = "ws-security.encryption.properties", value = "WEB-INF/ws-security.properties"),
                   @EndpointProperty(key = "ws-security.signature.username", value = "joseph"),
                   @EndpointProperty(key = "ws-security.encryption.username", value = "joseph"),
                   @EndpointProperty(key = "ws-security.callback-handler", value = "com.aaa.KeystorePasswordCallback")
                   }
                )
                HelloBean implements IHelloPort {
                ...
                }
                But the same results. How can I make my bean file pick up wssecurity.properties files?
                I need your advice, desperately!
                • 5. Re: My ws-security setting doesn't work.
                  Nicklas Karlsson Master

                  Where is the properties file in the final WAR? In classes root?

                  • 6. Re: My ws-security setting doesn't work.
                    Joseph Hwang Novice

                    The properties file in WEB-INF folder of final WAR. And I copy this properties file in classes root, too But the same result...

                    Nicklas! I found endpoint-config element in standalone.xml like below :

                     

                    <subsystem xmlns="urn:jboss:domain:webservices:1.1">
                                <modify-wsdl-address>true</modify-wsdl-address>
                                <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
                                <endpoint-config name="Standard-Endpoint-Config"/>
                                <endpoint-config name="Recording-Endpoint-Config">
                                    <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
                                        <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
                                    </pre-handler-chain>
                                </endpoint-config>
                    </subsystem>

                     

                    Is there any editing of this element?

                    • 7. Re: My ws-security setting doesn't work.
                      Nicklas Karlsson Master

                      Sure you can edit if you want but those are global settings and you are probably looking to override those(?)

                      • 8. Re: My ws-security setting doesn't work.
                        Joseph Hwang Novice

                        My problem is that 'property-name' and 'property-value' element of jaxws-endpoint-config.xml do nothing. In my WAR project those elements are just a set of string, nothing..

                         

                        <jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
                        xmlns:javaee="http://java.sun.com/xml/ns/javaee"
                        xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

                          <endpoint-config>   
                           <config-name>Custom WS-Security Endpoint</config-name>

                              <property>
                                 <property-name>ws-security.signature.properties</property-name> =>can't be recognized and invoked.
                                 <property-value>WEB-INF/wssecurity.properties</property-value> =>can't be recognized and invoked.
                              </property>

                         

                              <property>

                                 <property-name>ws-security.encryption.properties</property-name>
                                 <property-value>WEB-INF/wssecurity.properties</property-value>
                             </property>

                         

                        I don't know why. Any idea? Nicklas!

                        • 9. Re: My ws-security setting doesn't work.
                          Nicklas Karlsson Master

                          Can you pick them up programmatically like in

                           

                          https://docs.jboss.org/author/display/JBWS/Predefined+client+and+endpoint+configurations (Client Configuration Assignment)?

                           

                          And you are really, really sure that the properties file is included in the final WAR at the chosen location?

                          • 10. Re: My ws-security setting doesn't work.
                            Joseph Hwang Novice

                            I put the properties file in all possible localtion. See my attached image. But same result.

                            image1.jpg

                            In JBoss 5, I used @EndpointConfig(configName="Standard WSSecurity Endpoint") annotation and set its properties in jboss-wsse-server.xml as you know.

                             

                            I think I have to do somthing with below elements in standalone.xml of jboss 7.

                             

                            <subsystem xmlns="urn:jboss:domain:webservices:1.1">
                               <modify-wsdl-address>true</modify-wsdl-address>
                               <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
                               <endpoint-config name="Standard-Endpoint-Config"/>
                               <endpoint-config name="Recording-Endpoint-Config">
                                  <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
                                     <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
                                  </pre-handler-chain>
                               </endpoint-config>
                            </subsystem>

                             

                            I think there is another endpoint-config name related to ws-security and i can set ws-security properties like jboss-wsse-server.xml of jboss 5.

                            Am i right? If i am, pls, inform me of any doc or referenece site.

                             

                            Thank you for your reply.

                            • 11. Re: My ws-security setting doesn't work.
                              Nicklas Karlsson Master

                              I'll see if I can catch Alessio Soldano on IRC

                              • 12. Re: My ws-security setting doesn't work.
                                Alessio Soldano Master

                                Nicklas, thanks for the help. Joseph, please consider having a look at the jbossws-cxf 4.1.1 binary distribution (you can download it at http://www.jboss.org/jbossws/downloads ) and in particular at its samples. Look at the wsse/policy ones, there're many test deployment using ws-security policy. Build the samples by running the testsuite and have a look at the test jar/war archives.

                                Generally speaking, the endpoint-config configuration in standalone.xml are system wide configurations and you can't expect to reference deployment descriptors from that.

                                1 of 1 people found this helpful