2 Replies Latest reply on Jul 15, 2016 3:36 AM by Krashan Brahmanjara

    Getting Subject not created exception - Jax-ws and ws-security using username token profile

    Ram c Newbie

      I'm trying to add an username token profile to the existing jax-ws webservice. I'm following the steps provided in WS-Security - JBoss Web Services - Project Documentation Editor

       

      I have defined the following as per the article.

       

      * added username token policy to wsdl

      * added the following to Webservice implementation java file

                     @EndpointConfig(configFile = "/WEB-INF/wsdl/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")

                     @InInterceptors(interceptors = {

                           "org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor",

                           "com.proton.javaee.ws.security.POJOEndpointAuthorizationInterceptor"}

                     )

       

      * my readRoles method in POJOEndpointAuthorizationInterceptor

       

      private void readRoles()

         {

            //just an example, this might read from a configuration file or such

           setGlobalRoles("ppgwuser");

         }


      * copied the jaxws-endpoint-config.xml to web-inf/wsdl directory


      * added the JBossWS security domain entry reference in jboss-web.xml


       

      * Here is the JBossWS definition in my standalone.xml; I also tried using default 'other' security domain.

                     <security-domain name="JBossWS" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                  <module-option name="unauthenticatedIdentity" value="anonymous"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      * I attached the list of jars I put in my web-inf/lib as an image file..

       

      * Here is my server password callback

       

      import java.io.IOException;

      import java.util.HashMap;

      import java.util.Map;

      import javax.security.auth.callback.Callback;

      import javax.security.auth.callback.CallbackHandler;

      import javax.security.auth.callback.UnsupportedCallbackException;

      import org.apache.ws.security.WSPasswordCallback;

       

       

      public class ServerPasswordCallback implements CallbackHandler {

        

         private Map<String, String> passwords = new HashMap<String, String>();

       

         public ServerPasswordCallback() {

            passwords.put("user2", "test123!");

         }

       

         /**

          * It attempts to get the password from the private

          * alias/passwords map.

          */

         public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

            for (int i = 0; i < callbacks.length; i++) {

               WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

       

       

               String pass = passwords.get(pc.getIdentifier());

               if (pass != null) {

                  pc.setPassword(pass);

                  return;

               }

            }

         }

       

         /**

          * Add an alias/password pair to the callback mechanism.

          */

         public void setAliasPassword(String alias, String password) {

            passwords.put(alias, password);

         }

      }

       

       

       

       

       

      * application-users.properties have

           user2=20f39f473c93bd2e569698d098b702e4

      * application-roles.properties have

           user2=ppgwuser

       

      * And the Exception

       

       

      09:44:47,946 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-11) JBAS015876: Starting deployment of "PPGWEAR.ear" (runtime-name: "PPGWEAR.ear")

      09:44:47,959 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-11) JBAS015876: Starting deployment of "null" (runtime-name: "PPGW.war")

      09:44:49,715 INFO  [org.jboss.ws.cxf.metadata] (MSC service thread 1-12) JBWS024061: Adding service endpoint metadata: id=PPGWPortType

      address=http://myhost:8080/PPGW/PPGWPortType

      implementor=com.proton.ws.PPGW.Impl.PPGWPortTypeImpl

      serviceName={http://ws.proton.com/PPGW}PPGWService

      portName={http://ws.proton.com/PPGW}PPGWSOAPPort

      annotationWsdlLocation=/WEB-INF/wsdl/PPGWServer.wsdl

      wsdlLocationOverride=null

      mtomEnabled=false

      09:44:49,763 INFO  [org.apache.cxf.service.factory.ReflectionServiceFactoryBean] (MSC service thread 1-12) Creating Service {http://ws.proton.com/PPGW}PPGWService from WSDL: /WEB-INF/wsdl/PPGWServer.wsdl

      09:44:49,927 INFO  [org.apache.cxf.endpoint.ServerImpl] (MSC service thread 1-12) Setting the server's publish address to be http://myhost:8080/PPGW/PPGWPortType

      09:44:50,419 INFO  [org.jboss.ws.cxf.deployment] (MSC service thread 1-12) JBWS024074: WSDL published to: file:/C:/jboss-eap-6.2/standalone/data/wsdl/PPGWEAR.ear/PPGW.war/PPGWServer.wsdl

      09:44:50,433 INFO  [org.jboss.as.webservices] (MSC service thread 1-1) JBAS015539: Starting service jboss.ws.port-component-link

      09:44:50,434 INFO  [org.jboss.as.webservices] (MSC service thread 1-1) JBAS015539: Starting service jboss.ws.endpoint."PPGWEAR.ear"."PPGW.war".PPGWPortType

      09:44:50,437 INFO  [org.jboss.web] (ServerService Thread Pool -- 103) JBAS018210: Register web context: /PPGW

      09:44:52,019 INFO  [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018565: Replaced deployment "PPGWEAR.ear" with deployment "PPGWEAR.ear"

      09:46:09,378 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/0.0.0.0:8080-3) Interceptor for {http://ws.proton.com/PPGW}PPGWService#{http://ws.proton.com/PPGW}PPGWStatusReport has thrown exception, unwinding now: java.lang.SecurityException: JBWS024057: Failed Authentication : Subject has not been created

        at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:111)

        at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.handleMessage(SubjectCreatingPolicyInterceptor.java:84)

        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1]

        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1]

        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)

        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:92)

        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:143)

        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]

        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final-redhat-1.jar:2.2.2.Final-redhat-1]

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

        at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_45]

      Caused by: java.lang.SecurityException: JBWS024047: Authentication failed, principal=user2

        at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreator.createSubject(SubjectCreator.java:98)

        at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:107)

        ... 26 more

       

       

       

       

       

      JBoss version: EAP 6.2 GA.

       

      Am I missing something? Any help would be appreciated. Thanks.

       

      Ram C