3 Replies Latest reply on Nov 9, 2010 2:58 PM by erickjd

    Problem with securing web service with ws security ( username token )

    lmarczuk

      Hello,

       

      I'am trying to secure web service ( from ejb 3.0 stateless bean) and it is not working.

       

      here is my code :

       

      Bean :

       

      @Stateless
      @SOAPBinding(style=SOAPBinding.Style.RPC)
      @SecurityDomain("JBossWS")
      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      @WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
      public class HelloBean implements IHello {
      @WebMethod
      public String sayHello(String aName) {
      return "siemanko " + aName;
      }
      }

      // ... some imports
      
      @Stateless
      @SOAPBinding(style=SOAPBinding.Style.RPC)
      @SecurityDomain("JBossWS")
      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      @WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
      public class HelloBean implements IHello {
      
           @WebMethod
           public String sayHello(String aName) {
                return "siemanko " + aName;
           }
      
      }
      

       

       

      interface :

       

       

      @SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
      @EndpointConfig(configName = "Standard WSSecurity Endpoint")
      @WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService")
      public interface IHello  {
           
           
           String sayHello( String name);
      }
      

       

       

      In my META-INF folder i put jboss-wsse-server.xml file :

       

       

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.jboss.com/ws-security/config
                            http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
           <config>
                <timestamp ttl="300"/>
                <requires/>
           </config>
      </jboss-ws-security>
      

       

      Now i deploy my app on server and i test it from SoapUI.

       

       

      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:test="http://test">
         <soapenv:Header/>
         <soapenv:Body>
            <test:sayHello>
               <arg0>?</arg0>
            </test:sayHello>
         </soapenv:Body>
      </soapenv:Envelope>
      

       

      And anser :

       

       

      <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
         <env:Header>
            <wsse:Security env:mustUnderstand="1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
               <wsu:Timestamp wsu:Id="timestamp">
                  <wsu:Created>2010-09-06T11:41:38.621Z</wsu:Created>
                  <wsu:Expires>2010-09-06T11:46:38.621Z</wsu:Expires>
               </wsu:Timestamp>
            </wsse:Security>
         </env:Header>
         <env:Body>
            <test:sayHelloResponse xmlns:test="http://test">
               <return>siemanko ?</return>
            </test:sayHelloResponse>
         </env:Body>
      </env:Envelope>
      

       

      Got any idea why i can't secure my web service like that? i tryid it on jboss 4.2.3  , 5.01, 5.1, and 6 actually i work on 5.0.1 with JBoss Web Services - Native Server 3.3.1.GA.

       

      Mayby i'm skipping some step or jboss-wsse-server.xml is incorect ?

      when i put to jboss-wsse-server.xml this :

       

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.jboss.com/ws-security/config
                            http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
        <config>
          <username/>
          <authenticate>
            <usernameAuth/>
          </authenticate>
        </config>
      </jboss-ws-security>
      
      

      Also nothing happend and i'am albe to get response without puting principals in header.

       

      JBossWS is good configured in login-config.xml

       

      Please help.