0 Replies Latest reply on Sep 30, 2015 8:28 AM by Matic Balantic

    Wildfly 8.2 and SOAP web service secured with client-cert - sending files

    Matic Balantic Newbie

      SERVER: I have a SOAP Web service. Some of the methods of a web service handle receiving and saving files to db. The web service requires that it it called with a client-cert for authentication. The authentication is resolved by a custom login module.


      @MTOM(enabled = true)
      @WebContext(authMethod = "CLIENT-CERT", secureWSDLAccess = false,
      public class EDVWs implements IEDVWS

      CLIENT: I created a unit tests which calls the WS. Before I secured the web service (HTTPS + client-cert) I was able to call all of its methods from tests. I then added the security and am still able to call the services that do not handle files. When I try to send the files to services, I get an 403 Forbidden error. I do not get that error for small files (less than 1MB).


      Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '403: Forbidden' when communicating with https://localhost:8443/Jedro-EDV/EDVWs
      at org
      at org
      at org
      at org
      at org
      at org
      ... 33 more


      The weird thing is that if I add file to the call it is rejected even before it gets into login module. I tried to set max-post-size but with no luck.

      <https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm" max-post-size="52428800"/>


      public static void initServicePort(String endpoint, URL wsdlLocation)
      TLSClientParameters tlsClientParameters = initTLSClientParameters();

      = new EDVWsService(wsdlLocation);
      = service.getEDVWsPort();
      BindingProvider bp = (BindingProvider) edvWs;
      SOAPBinding binding = (SOAPBinding) bp.getBinding();


      (tlsClientParameters, ClientProxy.getClient(edvWs));

      private static void configureClient(TLSClientParameters tlsClientParameters, Client client)
      HTTPConduit http = (HTTPConduit) client.getConduit();

      HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
      .setConnectionTimeout(new Long(30000));
      .setReceiveTimeout(new Long(30000));


      And this is how I set the data to SOAP request

      File file = new File(TestConstants.EDV_UPLOAD_DIR + d.getNazivDokumenta());


              DataHandler dh = new DataHandler(new FileDataSource(file));