2 Replies Latest reply on Mar 26, 2010 4:44 AM by kamaze

    JBossWS Native + WS-Security - missing WS-SecurityPolicy info in WSDL

      Hi all,

       

      I wonder why the generated WSDL of my JBossWS Native Web Service does not contain any WS-SecurityPolicy information?! I configured WS-Security (without using any JAAS security) with the following server-side configuration:

       

      The Service Endpoint Interface implementation:

       

      @WebService

      @BindingType(SOAPBinding.SOAP11HTTP_BINDING)

      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      public class ModificationLsdImport {

         
          public void doImport(List<ModCanLsdPair> data) {
              // todo
          }

       

      }

       

       

      The jboss-wsse-server.xml:

       

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
                         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                         xsi:schemaLocation="http://www.jboss.com/ws-security/config
                         http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
          <key-store-file>WEB-INF/keystore.jks</key-store-file>
           <key-store-password>password</key-store-password>
          <key-store-type>jks</key-store-type>
          <trust-store-file>WEB-INF/cacerts.jks</trust-store-file>
          <trust-store-password>password</trust-store-password>
          <trust-store-type>jks</trust-store-type>
          <key-passwords>
              <key-password alias="alias" password="password" />
          </key-passwords>
          <config>
               <encrypt type="x509v3" alias="alias" />
                 <requires>
                     <encryption/>     
                </requires>
           </config>
      </jboss-ws-security>

       

      My endpoint is a servlet endpoint, so the jboss-wsse-server.xml is contained in the WEB-INF directory - besides keystore.jks, cacerts.jks and the web.xml. The WAR is deployed into a JBoss 5.1.0.GA with default JBossWS Native 3.1.2.GA (I also tested it with JBossWS Native 3.2.2.GA). The JDK (SUN) is 1.6.0_12 (Windows Vista 32 Bit). The WAR is contained in an EAR and seems to by deployed correctly. I can get the WSDL by using Firefox pointed to http://127.0.0.1:1977/TestApp/modificationLsdImportService/invoke?wsdl.

       

      The WSDL looks like this:

       

      <?xml version='1.0' encoding='UTF-8'?>
      <definitions name='ModificationLsdImportService' targetNamespace='http://server.modLsdImport.webservice.masp.com/' xmlns='http://schemas.xmlsoap.org/wsdl/' xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/' xmlns:tns='http://server.modLsdImport.webservice.masp.com/' xmlns:xsd='http://www.w3.org/2001/XMLSchema'>
      <types>
        <xs:schema targetNamespace='http://server.modLsdImport.webservice.masp.com/' version='1.0' xmlns:tns='http://server.modLsdImport.webservice.masp.com/' xmlns:xs='http://www.w3.org/2001/XMLSchema'>
         <xs:element name='doImport' type='tns:doImport'/>
         <xs:element name='doImportResponse' type='tns:doImportResponse'/>
         <xs:complexType name='doImport'>
          <xs:sequence>
           <xs:element maxOccurs='unbounded' minOccurs='0' name='arg0' type='tns:modCanLsdPair'/>
          </xs:sequence>
         </xs:complexType>
         <xs:complexType name='modCanLsdPair'>
          <xs:sequence>
           <xs:element minOccurs='0' name='lsd' type='xs:string'/>
           <xs:element minOccurs='0' name='modCan' type='xs:string'/>
          </xs:sequence>
         </xs:complexType>
         <xs:complexType name='doImportResponse'>
          <xs:sequence/>
         </xs:complexType>
        </xs:schema>
      </types>
      <message name='ModificationLsdImport_doImport'>
        <part element='tns:doImport' name='doImport'></part>
      </message>
      <message name='ModificationLsdImport_doImportResponse'>
        <part element='tns:doImportResponse' name='doImportResponse'></part>
      </message>
       <portType name='ModificationLsdImport'>
        <operation name='doImport' parameterOrder='doImport'>
         <input message='tns:ModificationLsdImport_doImport'></input>
         <output message='tns:ModificationLsdImport_doImportResponse'></output>
        </operation>
      </portType>
      <binding name='ModificationLsdImportBinding' type='tns:ModificationLsdImport'>
        <soap:binding style='document' transport='http://schemas.xmlsoap.org/soap/http'/>
        <operation name='doImport'>
         <soap:operation soapAction=''/>
         <input>
          <soap:body use='literal'/>
         </input>
         <output>
          <soap:body use='literal'/>
         </output>
        </operation>
      </binding>
       <service name='ModificationLsdImportService'>
        <port binding='tns:ModificationLsdImportBinding' name='ModificationLsdImportPort'>
         <soap:address location='http://127.0.0.1:1977/TestApp/modificationLsdImportService/invoke'/>
        </port>
      </service>
      </definitions>

       

       

      My question is - why doesn't the generated WSDL contain any security related information? How should the Web Service client know that it has to encrypt the message? The WSDL I generated explicitely with wsprovide looks the same.

       

      I already used the JBossWS Metro stack and WS-Security configured (WSIT). The generated WSDL did contain security requirements in this case.

       

      Thanking you in anticipation.

        • 1. Re: JBossWS Native + WS-Security - missing WS-SecurityPolicy info in WSDL
          kcsavant

          The security informations and configurations are majorly on the server side. On the server we have the XML files (jboss-wsse-server.xml & $JBOSS_HOME\server\xxx\deploy\jbossws.sar\META-INF\standard-jaxws-endpoint-config.xml) along with the certificates. And then we have annotations to make the web service encrypted.

           

          On the client side we have our xmls (jboss-wsse-client.xml & standard-jaxws-client-config.xml) along with certificates (fPublic Key) so that our client has encryptaion details also.

          1 of 1 people found this helpful
          • 2. Re: JBossWS Native + WS-Security - missing WS-SecurityPolicy info in WSDL

            Thanks for your response. Which security related annotations do you refer to? I only know the @EndpointConfig on the SEI. I use this annotation like this:

            @EndpointConfig(configName = "Standard WSSecurity Endpoint")

             

            The "Standard WSSecurity Endpoint" is defined in:

            [JBOSS_HOME]\server\default\deployers\jbossws.deployer\META-INF\standard-jaxws-endpoint-config.xml

             

            I did not change this configuration in any way:

             

            <endpoint-config>
                <config-name>Standard WSSecurity Endpoint</config-name>
                <post-handler-chains>
                  <javaee:handler-chain>
                    <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
                    <javaee:handler>
                      <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
                      <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
                    </javaee:handler>
                    <javaee:handler>
                      <javaee:handler-name>Recording Handler</javaee:handler-name>
                      <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class>
                    </javaee:handler>
                  </javaee:handler-chain>
                </post-handler-chains>
              </endpoint-config>

             

            So I don't know what is missing to get the encryption started.

             

            Does it only work in combination with a JAAS configuration?

             

            Does JBoss 5.1.0.GA including JBossWS Native 3.1.2.GA or 3.2.2.GA (JDK 6) support rendering WS-SecurityPolicy in the WSDL at all, when WS-Security is configured on the server side? (I do only want to figure out this issue at the moment. Did not try a client side security configuration (jboss-wsse-client.xml etc.) yet!)


            If this should work, could you please post me the relevant snippets or point to wrong or missing aspects of my setup described so far in this thread?

             

            Any help highly appreciated.