0 Replies Latest reply on Jan 10, 2017 3:09 PM by greg29

    JAX-WS WS-Security POJO Web App Client Configuration


      I am having trouble getting WS Security configured for a web app based client.  Basically, I need to know what are the configuration files/annotations, and where they need to be placed?


      I have a WSDL with a security policy configured and the same WSDL without a security policy.  Using JBoss Developer Studio 10.2.0 GA, I generated a JAX-WS server, JAX-WS web app POJO client and an Apache CXF standalone POJO client with and without the security policy.  The web app POJO clients were created as a part of generating the server by right clicking on the server projects, New --> Other... --> Web Service. Likewise, the standalone POJO clients were generated by right clicking on the client project, New --> Other... --> Web Service Client.


      I have successfully gotten the no WS Security standalone and web clients to work with their server and the WS Security enabled standalone client working with its server.  So, I know the WS Security enabled server is properly working, and aside from my WS Security problems, the web client works.  For the standalone clients, I am using an external copy of Apache CXF version 3.1.8.


      For reverence, the working WS Security standalone client is configured with a cxf.xml:


      <beans xmlns="http://www.springframework.org/schema/beans"








          <jaxws:client name="{http://localhost:8080/imswsdl/}MyTransactionServicePort"



                  <entry key="ws-security.callback-handler" value="ims.clientsample.ClientKeystorePasswordCallback"/>       

                  <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/>

                  <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>

                  <entry key="ws-security.encryption.username" value="myservicekey"/>





      And, the clientKeystore.properties:







      I found a post in the forum on this subject: https://developer.jboss.org/thread/152040  The key part of the code is:


      URL securityURL = Main.class.getResource("META-INF/jboss-wsse-client.xml"); 


      ((StubExt) port).setSecurityConfig(securityURL.toExternalForm()); 

      ((StubExt) port).setConfigName("Standard WSSecurity Client", "META-INF/standard-jaxws-client-config.xml");


      Unfortunately, my copy of JBoss, version 7.0.0 GA, does not have StubExt defined in any of the JARs within it.  Since the other post was from 2010, I am thinking this way of configuration was removed from JBoss in favor of something better?