-
1. Re: WS-Security Newbie Question...
asoldano Jan 16, 2008 12:37 PM (in response to lafaserem)Did you read this? http://jbws.dyndns.org/mediawiki/index.php?title=User_Guide#WS-Security
-
2. Re: WS-Security Newbie Question...
peterj Jan 16, 2008 1:29 PM (in response to lafaserem)If I recall correctly, this discussion has a complete example http://www.jboss.com/index.html?module=bb&op=viewtopic&t=105580
-
3. Re: WS-Security Newbie Question...
lafaserem Jan 17, 2008 7:51 AM (in response to lafaserem)Alessio.. yes... I've already read that link. Thanks anyway ;)
Peter.. Also I've already read that post, but I'm still lost (sorry.. these are my first days working with web services and I'm getting a bit crazy hehe)
I'm gonna write everything I'm doing (surely there will be a lot of mistakes, but well.. all the beginnings are tough... :P) and I would appreciate a lot if you could give me a hand in this...
First... SERVER
Hello.javapackage wssec; import javax.jws.WebMethod; import javax.jws.WebParam; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import org.jboss.ws.annotation.EndpointConfig; @WebService(name = "Hello", targetNamespace = "urn:ws.sec") @EndpointConfig(configName = "Standard WSSecurity Endpoint") @SOAPBinding(style = SOAPBinding.Style.DOCUMENT) public class Hello { @WebMethod public String echo(@WebParam(name = "param1") String param1) { return param1; } }
I compiled it withjavac -d . -classpath jboss-jaxws.jar;jboss-client.jar *.java
I've made my keystore with the command:keytool -genkey -keystore wsse.keystore -storepass jbossws -keyalg RSA -alias wsse -validity 365
Then I exported the certificate with:keytool -export -file wsse.cer -keystore wsse.keystore -storepass jbossws -alias wsse
And created the truststore withkeytool -import -alias wsse -file wsse.cer -keystore wsse.truststore -storepass jbossws
web.xml<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <display-name>Hello</display-name> <servlet> <servlet-name>Hello</servlet-name> <servlet-class>wssec.Hello</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Hello</servlet-name> <url-pattern>/Hello</url-pattern> </servlet-mapping> </web-app>
jboss-wsse-server.xml<?xml version="1.0" encoding="UTF-8"?> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_ 0.xsd"> <key-store-file>WEB-INF/wsse.keystore</key-store-file> <key-store-password>jbossws</key-store-password> <trust-store-file>WEB-INF/wsse.truststore</trust-store-file> <trust-store-password>jbossws</trust-store-password> <config> <sign type="x509v3" alias="wsse"/> <requires> <signature/> </requires> </config> </jboss-ws-security>
I create my .war withjar cvf Hello.war WEB-INF
and the structure of WEB-INF is
WEB-INF
| jboss-wsse-server.xml
| wsse.keystore
| wsse.truststore
| web.xml
| classes
| | Hello.class
Once done this I copy Hello.war into jboss4-2-2GA\server\default\deploy and everything seems to be OK
Once that I have the WS deployed on the server which are the steps I have to follow for build my client? I only want to transmit signed messages, not interested in encryption...
This might seem a stupid topic, but I'm getting lost, 'cause this is new for me and I'm not able to find any "very very very basic" documents...
Thanks ;) -
4. Re: WS-Security Newbie Question...
peterj Jan 17, 2008 11:43 AM (in response to lafaserem)On the client side, you will need the keystore and truststore. You can use the same ones used at the server, but if that it not possible (or not desireable) you will need to do more work with setting up the server keystore and truststore, and also create client keystore and truststore.
When packaging the client, include in the META-INF directory the files:
* client keystore
* client truststore
* jboss-wsse-client.xml (looks like the server one you listed above)
* standard-jaxws-client-config.xml (get it from deploy/jbossws.sar/META-INF, remove all of the client-config entries except the one named "Standard WSSecurity Client")
I can direct you to a location where the steps to do this are documented, but it is not free. -
5. Re: WS-Security Newbie Question...
asoldano Jan 17, 2008 2:57 PM (in response to lafaserem)"PeterJ" wrote:
* standard-jaxws-client-config.xml (get it from deploy/jbossws.sar/META-INF, remove all of the client-config entries except the one named "Standard WSSecurity Client")
This shouldn't be required, you just need to specify the jbossws conf:((StubExt)port).setConfigName("Standard WSSecurity Client");
I can direct you to a location where the steps to do this are documented, but it is not free.
Otherwise you might take a look at the org.jboss.test.ws.jaxws.samples.wssecurity samples in the src distro. -
6. Re: WS-Security Newbie Question...
peterj Jan 17, 2008 4:00 PM (in response to lafaserem)Just a note to let lafaserem know that the code
((StubExt)port).setConfigName("Standard WSSecurity Client");
is JBossWS-specific. I prefer to keep my Java code generic and place container-specific things into configuration files, make the code easier to port.
Now, if the config name could be set using an annotation, that would be ideal because other containers would ignore the annotation.
I also remembered an excellent description of keystores and truststores, perhaps that will be helpful http://www.jboss.com/index.html?module=bb&op=viewtopic&t=94406 -
7. Re: WS-Security Newbie Question...
lafaserem Jan 18, 2008 6:26 AM (in response to lafaserem)Hi!
Ok.. now actually I'm about getting crazy!! :)
PeterJ, which is that location? I don't mind if it's not free... I have tried to send you a "PM" but it seems it doesn't work...
My problem is implementing the client in Java.. I think I have all the files I have to package.
I'm gonna explain all the things I've done with the client
Hello.javapackage wssec; import javax.jws.WebMethod; import javax.jws.WebParam; import javax.jws.WebService; import javax.jws.soap.SOAPBinding; import org.jboss.ws.annotation.EndpointConfig; @WebService(name = "Hello", targetNamespace = "urn:ws.sec") @EndpointConfig(configName = "Standard WSSecurity Endpoint") @SOAPBinding(style = SOAPBinding.Style.DOCUMENT) public class Hello { @WebMethod public String echo(@WebParam(name = "nombre") String nombre) { return nombre; } }
HelloClient.javapackage wssec; import java.io.File; import java.net.URL; import java.util.Map; import javax.xml.namespace.QName; import javax.xml.ws.BindingProvider; import javax.xml.ws.Service; import org.jboss.ws.core.StubExt; public class HelloClient { public static void main(String args[]) { if (args.length != 1) { System.err.println("usage: HelloClient <message>"); System.exit(1); } System.setProperty("org.jboss.wsse.keyStore", "c:/keys/wsse.keystore"); System.setProperty("org.jboss.wsse.keyStorePassword", "jbossws"); System.setProperty("org.jboss.wsse.keyStoreType", "x509v3"); System.setProperty("org.jboss.wsse.trustStore", "c:/keys/wsse.truststore"); System.setProperty("org.jboss.wsse.trustStorePassword", "jbossws"); System.setProperty("org.jboss.wsse.trustStoreType", "x509v3"); try{ Hello hello = getPort(); System.out.println("Server said: " + hello.echo(args[0])); } catch (Exception e){ e.printStackTrace(); } } private static Hello getPort() throws Exception { URL wsdlURL = new URL("http://127.0.0.1:8080/Hello/Hello?wsdl"); URL securityURL = new File("META-INF/jboss-wsse-client.xml").toURL(); QName serviceName = new QName("urn:ws.sec", "HelloService"); Service service = Service.create(wsdlURL, serviceName); Hello port = (Hello)service.getPort(Hello.class); ((StubExt)port).setSecurityConfig(securityURL.toExternalForm()); ((StubExt)port).setConfigName("Standard WSSecurity Client"); Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext(); reqContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://127.0.0.1:8080/Hello"); return port; } }
jboss-wsse-client.xml<?xml version="1.0" encoding="ISO-8859-1"?> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <sign type="x509v3" alias="wsse"/> <requires> <signature/> </requires> </config> </jboss-ws-security>
The keystore and the truststore are the same as the server's ones.
The structure is
wssec
| Hello.class
| HelloClient.class
META-INF
| wsse.keystore
| wsse.truststore
| jboss-wsse-client.xml
When I run the client, I do it like this:wsrunclient prueba.HelloClient "Hello"
What am I missing? Shall I do anything more? Or maybe less? :)
Thanks a lot.. ;) -
8. Re: WS-Security Newbie Question...
lafaserem Jan 18, 2008 6:30 AM (in response to lafaserem)Ups... I forgot to say that of course wsse.keystore and wsse.truststore are placed at c:\keys
Thanks ;) -
9. Re: WS-Security Newbie Question...
asoldano Jan 18, 2008 6:48 AM (in response to lafaserem)"lafaserem" wrote:
System.setProperty("org.jboss.wsse.keyStoreType", "x509v3"); System.setProperty("org.jboss.wsse.trustStoreType", "x509v3");
Why "x509v3"? Try with "jks" that should be the type of key stores you generated.
This said, what's the problem you have? your conf seems OK, are you getting any exception? How do you understand something is wrong? Please post some log/error here so that we can better understand. -
10. Re: WS-Security Newbie Question...
lafaserem Jan 18, 2008 7:06 AM (in response to lafaserem)This is the error that it's giving to me when I run
wsrunclient wssec.HelloClient "Hello"
[Fatal Error] :1:1: Content is not allowed in prolog. org.jboss.ws.WSException: java.io.IOException: org.xml.sax.SAXParseException: Co ntent is not allowed in prolog. at org.jboss.ws.metadata.config.JBossWSConfigFactory.getNamespaceURI(JBo ssWSConfigFactory.java:116) at org.jboss.ws.metadata.config.JBossWSConfigFactory.parse(JBossWSConfig Factory.java:80) at org.jboss.ws.metadata.config.JBossWSConfigFactory.getConfig(JBossWSCo nfigFactory.java:134) at org.jboss.ws.metadata.umdm.EndpointMetaData.initEndpointConfig(Endpoi ntMetaData.java:704) at org.jboss.ws.metadata.umdm.EndpointMetaData.setConfigNameInternal(End pointMetaData.java:695) at org.jboss.ws.metadata.umdm.EndpointMetaData.setConfigName(EndpointMet aData.java:679) at org.jboss.ws.metadata.builder.jaxws.JAXWSClientMetaDataBuilder.proces sEndpointConfig(JAXWSClientMetaDataBuilder.java:323) at org.jboss.ws.metadata.builder.jaxws.JAXWSClientMetaDataBuilder.rebuil dEndpointMetaData(JAXWSClientMetaDataBuilder.java:287) at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.getPortInternal(Servi ceDelegateImpl.java:262) at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.getPort(ServiceDelega teImpl.java:233) at javax.xml.ws.Service.getPort(Service.java:185) at wssec.HelloClient.getPort(HelloClient.java:46) at wssec.HelloClient.main(HelloClient.java:31) Caused by: java.io.IOException: org.xml.sax.SAXParseException: Content is not al lowed in prolog. at org.jboss.wsf.common.DOMUtils.parse(DOMUtils.java:156) at org.jboss.ws.metadata.config.JBossWSConfigFactory.getNamespaceURI(JBo ssWSConfigFactory.java:111) ... 12 more
The WSDL file is taken directly from the server. It seems to be an error with some XML file structure, but I don't know which one can be the one that is giving me the mistake...
Thanks ;)
P.d: I've changed the keyStore and trustStore Type to "jks" -
11. Re: WS-Security Newbie Question...
asoldano Jan 18, 2008 8:00 AM (in response to lafaserem)Last time I didn't noticed this: on the client side you should have the interface of you web service, not the implementation. This applies for every webservice client.
And of course the interface you use on the client side (which can be generated by wsconsume, otherwise you can code it manually, it is easy for your service) should not have the @EndpointConfig with the server endpoint configuration ;-) -
12. Re: WS-Security Newbie Question...
lafaserem Jan 18, 2008 8:22 AM (in response to lafaserem)Ups... Ok... That's was consecuence of so many "copy-paste"s that I have done during all these days :)
My Hello.java file is now like this:package wssec; import javax.jws.WebMethod; import javax.jws.WebParam; import javax.jws.WebResult; import javax.jws.WebService; import javax.xml.ws.RequestWrapper; import javax.xml.ws.ResponseWrapper; /** * This class was generated by the JAX-WS RI. * JAX-WS RI 2.1.1-b03- * Generated source version: 2.0 * */ @WebService(name = "Hello", targetNamespace = "urn:ws.sec") public interface Hello { /** * * @param nombre * @return * returns java.lang.String */ @WebMethod @WebResult(targetNamespace = "") @RequestWrapper(localName = "echo", targetNamespace = "urn:ws.sec", className = "sec.ws.Echo") @ResponseWrapper(localName = "echoResponse", targetNamespace = "urn:ws.sec", className = "sec.ws.EchoResponse") public String echo( @WebParam(name = "nombre", targetNamespace = "") String nombre); }
but now I have this error:Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/xml/securi ty/Init at org.jboss.ws.extensions.security.SecurityEncoder.<init>(SecurityEncod er.java:47) at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleOutbound( WSSecurityDispatcher.java:302) at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleOutbou ndSecurity(WSSecurityHandler.java:95) at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient.handle Outbound(WSSecurityHandlerClient.java:45) at org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericH andler.java:55) at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha ndlerChainExecutor.java:295) at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha ndlerChainExecutor.java:140) at org.jboss.ws.core.jaxws.client.ClientImpl.callRequestHandlerChain(Cli entImpl.java:160) at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:297) at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243) at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:16 4) at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:15 0) at $Proxy15.echo(Unknown Source) at wssec.HelloClient.main(HelloClient.java:32)
I don't know what's happening now.. I'm with it, but if you see something, i'll be grateful for your advices ;)
At least now I see errors refering to WSSecurity and that makes me happy hehe :)
Thanks ;) -
13. Re: WS-Security Newbie Question...
asoldano Jan 18, 2008 8:26 AM (in response to lafaserem)You need xmlsec.jar in your classpath.
-
14. Re: WS-Security Newbie Question...
lafaserem Jan 18, 2008 8:33 AM (in response to lafaserem)Ok... I have now added xmlsec.jar into "JBOSS_HOME/lib/endorsed" and recompile (just in case...) and the wsrunclient again... and I got this error:
javax.xml.ws.WebServiceException: org.jboss.ws.core.CommonSOAPFaultException: An internal WS-Security error occurred. See log for details at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.processHandlerFa ilure(HandlerChainExecutor.java:276) at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha ndlerChainExecutor.java:155) at org.jboss.ws.core.jaxws.client.ClientImpl.callRequestHandlerChain(Cli entImpl.java:160) at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:297) at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243) at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:16 4) at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:15 0) at $Proxy15.echo(Unknown Source) at prueba.HelloClient.main(HelloClient.java:32) Caused by: org.jboss.ws.core.CommonSOAPFaultException: An internal WS-Security e rror occurred. See log for details at org.jboss.ws.extensions.security.WSSecurityDispatcher.convertToFault( WSSecurityDispatcher.java:105) at org.jboss.ws.extensions.security.WSSecurityDispatcher.handleOutbound( WSSecurityDispatcher.java:311) at org.jboss.ws.extensions.security.jaxws.WSSecurityHandler.handleOutbou ndSecurity(WSSecurityHandler.java:95) at org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient.handle Outbound(WSSecurityHandlerClient.java:45) at org.jboss.ws.core.jaxws.handler.GenericHandler.handleMessage(GenericH andler.java:55) at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha ndlerChainExecutor.java:295) at org.jboss.ws.core.jaxws.handler.HandlerChainExecutor.handleMessage(Ha ndlerChainExecutor.java:140)
Thanks again for your interest :)