1 Reply Latest reply on Oct 24, 2014 9:05 AM by laispuru

    webservice encryption not working (jbossws-cxf)

    laispuru

      Hi, i am trying to get WS-Security encryption working on Wildfly. I read this doc: https://docs.jboss.org/author/display/WFLY8/WS-Security.

      I want  my soap messages to travel encrypted from client to server and vice-versa.

       

      I followed the steps for server and client but the message are not encrypted and the server do not complaint about de unencrypted message that it receives.

      The unique difference with the doc example is that we do not use WSDL contract enforcing(Our wsdl does not include information about encryption).

      Webservice server and client both works like the encryption is not configured.

       

      1) Webservice Implementation

       

      @WebService(serviceName = "IMDService",

                  portName="IMDServicePort",

                  targetNamespace="http://ws.prueba.com")

      @SOAPBinding(style = SOAPBinding.Style.RPC)

      @Remote(IMDService.class)

      @Stateless

      @EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")

      public class IMDServiceImpl implements IMDService {

      ...

      }

       

      2) The file jaxws-endpoint-config.xml:

       

      <?xml version="1.0" encoding="UTF-8"?>

      <jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">

        <endpoint-config>

          <config-name>Custom WS-Security Endpoint</config-name>

          <property>

            <property-name>ws-security.signature.properties</property-name>

            <property-value>bob.properties</property-value>

          </property>

          <property>

            <property-name>ws-security.encryption.properties</property-name>

            <property-value>bob.properties</property-value>

          </property>

          <property>

            <property-name>ws-security.signature.username</property-name>

            <property-value>bob</property-value>

          </property>

          <property>

            <property-name>ws-security.encryption.username</property-name>

            <property-value>alice</property-value>

          </property>

          <property>

            <property-name>ws-security.callback-handler</property-name>

            <property-value>ar.com.condortech.business.KeystorePasswordCallback</property-value>

          </property>

        </endpoint-config>

      </jaxws-config>

       

      3) Here we have bob.properties and alice.properties files content:

       

      alice.properties

      ================

      org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

      org.apache.ws.security.crypto.merlin.keystore.type=jks

      org.apache.ws.security.crypto.merlin.keystore.password=password

      org.apache.ws.security.crypto.merlin.keystore.alias=alice

      org.apache.ws.security.crypto.merlin.keystore.file=alice.jks

       

      bob.properties

      ==============

      org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

      org.apache.ws.security.crypto.merlin.keystore.type=jks

      org.apache.ws.security.crypto.merlin.keystore.password=password

      org.apache.ws.security.crypto.merlin.keystore.alias=bob

      org.apache.ws.security.crypto.merlin.keystore.file=bob.jks

       

      We have generated both keytores correctly.

       

      4) In the client side i put properties into Service interface:

       

      IMDService imdService = this.getService(); //We call to own method for obtain the service...

                     

      ((BindingProvider)imdService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());

      ((BindingProvider)imdService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,

           Thread.currentThread().getContextClassLoader().getResource("alice.properties"));

      ((BindingProvider)imdService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

           Thread.currentThread().getContextClassLoader().getResource("alice.properties"));

      ((BindingProvider)imdService).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "alice");

      ((BindingProvider)imdService).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, "bob");

       

      5) I managed dependencies with maven and all are in the provided scope in order to not be indcluded in the final war:

      - org.jboss.ws.native (jbossws-native-core) - 4.2.0.Final

      - org.apache.ws.security (wss4j) - 1.6.17

      - org.apache.cxf (cxf-rt-ws-security, cxf-rt-frontend-jaxws, cxf-rt-transports-http, cxf-rt-transports-http-jetty) - 2.2.3

       

      6) MANIFEST file content is:

       

      Manifest-Version: 1.0

      Built-By: laispuru

      Build-Jdk: 1.8.0_05

      Created-By: Maven Integration for Eclipse

      Dependencies: org.apache.ws.security

       

       

      Thanks in andvanced!

        • 1. Re: webservice encryption not working (jbossws-cxf)
          laispuru

          Hi again!

           

          I found out that my problem was that my wsdl contract did not include WSS policy.

          So i have added @policyset to my webservice and encryption started to work.

           

          My client requierements does not allow to include policy in wsdl contract.

          Does anyone know how to use cxf interceptors approach with jbossws-cxf in order to not include policies in wsdl and apply encryption ?

          Are there any example on the web about this topic?

           

          Thanks in advance,

          Leandro.