0 Replies Latest reply on Oct 10, 2013 3:00 PM by georgemathias

How do i make wsse username and password token work :( ?

georgemathias Oct 10, 2013 3:00 PM

Hello, I am sure this has been asked before But i am not able to find a clear tutorial as to how do I get this to work. I have spent two whole days on this, trying to dig out any documentation that explains in layman's terms, am yet to find one. My hope is i get some answers here. Appreciate it much.

I have a simple webservice and I need to provide WSSecurity support for this. Just the username token and password in text format. I would appreciate if you can list the steps I need to do and code sample is even better.

I have latest jboss studio (7.0), jboss7.1.1 final and java1.7.40. I have the following artifacts, am not even sure If I need this much just to support basic username/password validation.

My Interface looks like this...

@WebService(targetNamespace = "http://service.dms.ctl.com/", name = "IpmsAdapterPortType")

@XmlSeeAlso({ObjectFactory.class})

@SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.BARE)

public interface IpmsAdapterPortType {

My Implementation class looks like this...

import javax.xml.bind.annotation.XmlSeeAlso;

import com.ctl.ipmsadapter.service.*;

import javax.jws.WebService;

import org.jboss.ws.api.annotation.EndpointConfig;

@WebService(serviceName = "IpmsAdapter",

endpointInterface = "com.ctl.ipmsadapter.service.IpmsAdapterPortType",

targetNamespace = "http://service.dms.ctl.com/",

wsdlLocation="/WEB-INF/wsdl/ipmsadapter.wsdl",

portName="IpmsAdapterPort")

@EndpointConfig(configFile="/WEB-INF/jaxws-endpoint-config.xml",

configName = "Custom-JAXWS-WS-SecurityEndpoint")

public class IpmsAdapterPortTypeImpl implements IpmsAdapterPortType {

/WEB-INF/jaxws-endpoint-config.xml looks like this:

<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

<endpoint-config>

<config-name>Custom-JAXWS-WS-SecurityEndpoint</config-name>

<!-- <property>

<property-name>ws-security.callback-handler</property-name>

<property-value>com.ctl.ipmsadapter.service.handler.ClientPasswordCallpack

</property-value>

</property>

-->

<post-handler-chains>

<javaee:handler-chain>

<javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>

<javaee:handler>

<javaee:handler-name>WSSecurity Handler</javaee:handler-name>

<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>

</javaee:handler>

</javaee:handler-chain>

</post-handler-chains>

</endpoint-config>

</jaxws-config>

my jboss-wsse-server.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

</authorize>

</config>

</jboss-ws-security>

jboss-web.xml looks like this.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

<jboss-web>

<security-domain>java:/jaas/other</security-domain>

<context-root>/IpmsAdapterPortType</context-root>

</jboss-web>

I want to be able to send the following xml request and make it validate the username and password...

<soapenv:Envelope xmlns:ser="http://service.dms.ctl.com/"xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header>

<wsse:Security soapenv:mustUnderstand="1"xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsse:UsernameToken wsu:Id="UsernameToken-3">

<wsse:Username>ipms</wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">it212l1HK0R92Nh-dxfirx</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soapenv:Header>

<soapenv:Body>

<ser:findCustomerRequest>

</senderInfo>

</ser:findCustomerRequest>

</soapenv:Body>

</soapenv:Envelope>

I get following exception

14:49:46,773 WARNING [org.apache.cxf.jaxws.handler.HandlerChainInvoker] (http-localhost-127.0.0.1-8080-2) HANDLER_RAISED_RUNTIME_EXCEPTION: java.lang.ClassCastException: org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl cannot be cast to org.jboss.ws.core.CommonMessageContext

at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.getSecurityConfiguration(WSSecurityHandler.java:154) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:88) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer.handleInbound(WSSecurityHandlerServer.java:41) [jbossws-native-core-4.0.2.GA.jar:4.0.2.GA]

at org.jboss.ws.api.handler.GenericHandler.handleMessage(GenericHandler.java:58) [jbossws-api-1.0.0.GA.jar:1.0.0.GA]

at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.java:335)

at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.java:253)

at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvoker.java:131)

at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandlerInterceptor.java:168)

at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:123)

at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:70)

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)

at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169)

at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)

at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.GA.jar:2.0.3.GA]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_40]

14:49:46,786 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-localhost-127.0.0.1-8080-2) Interceptor for {http://service.dms.ctl.com/}IpmsAdapter#{http://service.dms.ctl.com/}findCustomer has thrown exception, unwinding now: java.lang.ClassCastException: org.apache.cxf.jaxws.handler.soap.SOAPMessageContextImpl cannot be cast to org.jboss.ws.core.CommonMessageContext