0 Replies Latest reply on Oct 10, 2013 3:00 PM by George Mathias

    How do i make wsse username and password token work :( ?

    George Mathias Newbie

      Hello, I am sure this has been asked before But i am not able to find a clear tutorial as to how do I get this to work. I have spent two whole days on this, trying to dig out any documentation that explains in layman's terms, am yet to find one. My hope is i get some answers here. Appreciate it much.


      I have a simple webservice and I need to provide WSSecurity support for this. Just the username token and password in text format. I would appreciate if you can list the steps I need to do and code sample is even better.


      I have latest jboss studio (7.0), jboss7.1.1 final and java1.7.40. I have the following artifacts, am not even sure If I need this much just to support basic username/password validation.


      My Interface looks like this...

      @WebService(targetNamespace = "http://service.dms.ctl.com/", name = "IpmsAdapterPortType")

      @XmlSeeAlso({ObjectFactory.class})

      @SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.BARE)

      public interface IpmsAdapterPortType {

       

      My Implementation class looks like this...

      import javax.xml.bind.annotation.XmlSeeAlso;

      import com.ctl.ipmsadapter.service.*;

      import javax.jws.WebService;

      import org.jboss.ws.api.annotation.EndpointConfig;

      @WebService(serviceName = "IpmsAdapter",

      endpointInterface = "com.ctl.ipmsadapter.service.IpmsAdapterPortType",

      targetNamespace = "http://service.dms.ctl.com/",

      wsdlLocation="/WEB-INF/wsdl/ipmsadapter.wsdl",

      portName="IpmsAdapterPort")

      @EndpointConfig(configFile="/WEB-INF/jaxws-endpoint-config.xml",

        configName = "Custom-JAXWS-WS-SecurityEndpoint")

      public class IpmsAdapterPortTypeImpl implements IpmsAdapterPortType {

       

      /WEB-INF/jaxws-endpoint-config.xml looks like this:

      <jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0"

      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

        <endpoint-config>

          <config-name>Custom-JAXWS-WS-SecurityEndpoint</config-name>

        <!-- <property>

        <property-name>ws-security.callback-handler</property-name>

        <property-value>com.ctl.ipmsadapter.service.handler.ClientPasswordCallpack

        </property-value>

        </property>

        -->

        <post-handler-chains> 

        <javaee:handler-chain> 

        <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings> 

        <javaee:handler> 

        <javaee:handler-name>WSSecurity Handler</javaee:handler-name> 

        <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class> 

        </javaee:handler> 

        </javaee:handler-chain> 

        </post-handler-chains> 

        </endpoint-config>

      </jaxws-config>

       

      my jboss-wsse-server.xml looks like this:

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

        <config>

        <authorize>

        <unchecked />

        </authorize>

        </config>

      </jboss-ws-security> 

       

      jboss-web.xml looks like this.

      <?xml version="1.0" encoding="UTF-8"?> 

      <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

      <jboss-web>

        <security-domain>java:/jaas/other</security-domain>

        <context-root>/IpmsAdapterPortType</context-root>

      </jboss-web> 

       

      I want to be able to send the following xml request and make it validate the username and password...

      <soapenv:Envelope xmlns:ser="http://service.dms.ctl.com/"xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

         <soapenv:Header>

            <wsse:Security soapenv:mustUnderstand="1"xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

               <wsse:UsernameToken wsu:Id="UsernameToken-3">

                  <wsse:Username>ipms</wsse:Username>

                  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">it212l1HK0R92Nh-dxfirx</wsse:Password>

               </wsse:UsernameToken>

            </wsse:Security>

         </soapenv:Header>

         <soapenv:Body>

            <ser:findCustomerRequest>

               <customerIdentifier>CTL100158142</customerIdentifier>

               <ipversion>IPv4</ipversion>

               <!--Optional:-->

               <senderInfo>

                  <applicationId>test</applicationId>

                  <userId>test</userId>

               </senderInfo>

            </ser:findCustomerRequest>

         </soapenv:Body>

      </soapenv:Envelope>

       

      I get following exception

      14:49:46,773 WARNING [org.apache.cxf.jaxws.handler.HandlerChainInvoker] (http-localhost-127.0.0.1-8080-2) HANDLER_RAISED_RUNTIME_EXCEPTION: java.lang.ClassCastException: org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl cannot be cast to org.jboss.ws.core.CommonMessageContext

        at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.getSecurityConfiguration(WSSecurityHandler.java:154) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

        at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:88) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

        at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

        at org.jboss.ws.api.handler.GenericHandler.handleMessage(GenericHandler.java:58) [jbossws-api-1.0.0.GA.jar:1.0.0.GA]

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.java:335)

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.java:253)

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvoker.java:131)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandlerInterceptor.java:168)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:123)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:70)

        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

        at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_40]

       

       

      14:49:46,786 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-localhost-127.0.0.1-8080-2) Interceptor for {http://service.dms.ctl.com/}IpmsAdapter#{http://service.dms.ctl.com/}findCustomer has thrown exception, unwinding now: java.lang.ClassCastException: org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl cannot be cast to org.jboss.ws.core.CommonMessageContext

        at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.getSecurityConfiguration(WSSecurityHandler.java:154) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

        at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:88) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

        at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

        at org.jboss.ws.api.handler.GenericHandler.handleMessage(GenericHandler.java:58) [jbossws-api-1.0.0.GA.jar:1.0.0.GA]

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.java:335)

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.java:253)

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvoker.java:131)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandlerInterceptor.java:168)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:123)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:70)

        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

        at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_40]