1 Reply Latest reply on Jan 11, 2011 5:57 AM by t.himaja

WS-Security on POJO Endpoint

dhanushgopinath Feb 12, 2009 12:49 AM

Hi,

I am trying to implement WS-Security on a POJO Endpoint using JBOSS WS. I want to use the UserName token authentication. This is already a Jira Issue with 3.0.5 (https://jira.jboss.org/jira/browse/JBWS-1999) and since I saw the Jira Issue as resolved, I got the latest code from the site and built the Web Service stack and tried to implement it. I am implementing based on this

http://www.jboss.org/index.html?module=bb&op=viewtopic&t=131719&postdays=0&postorder=asc&start=0

But while deploying the Web Service the endpoint configuration is shown as Standard Endpoint in the logs . Shouldn't it be Standard WSSecurity Endpoint. Given below is the excerpt from log.

ServerEndpointMetaData:
 type=JAXWS
 qname={http://www.test.com/WF/Framework/AWFUtilityService}AWFUtilityServicePortTypePort
 id=jboss.ws:context=TestUtility,endpoint=AWFUtilityService
 address=http://127.0.0.1:8180/TestUtility/AWFUtilityService
 binding=http://schemas.xmlsoap.org/wsdl/soap/http
 linkName=AWFUtilityService
 implName=com.test.wf.framework.awfutilityservice.AWFUtilityServiceImpl
 seiName=com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType
 serviceMode=null
 portComponentName=null
 contextRoot=/TestUtility
 urlPattern=/AWFUtilityService
 configFile=META-INF/standard-jaxws-endpoint-config.xml
 configName=Standard Endpoint
 authMethod=null
 transportGuarantee=null
 secureWSDLAccess=false
 properties={}

Now I run the client and the SOAP Message is properly built using the wsse:security headers, but at the server side its throwing a class cast exception

2009-02-11 20:12:52,153 DEBUG [org.jboss.ws.core.soap.MessageFactoryImpl] createMessage: [contentType=text/xml; charset=UTF-8]
2009-02-11 20:12:52,247 DEBUG [org.jboss.ws.metadata.umdm.EndpointMetaData] Configure SOAPBinding
2009-02-11 20:12:52,247 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
java.lang.ClassCastException: org.jboss.ws.core.soap.EnvelopeBuilderDOM
 at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:278)
 at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:193)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:455)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
 at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
 at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)

Here is my Web Service and the server side config files.

@WebService(name="AWFUtilityServicePortType", serviceName = "AWFUtilityService", targetNamespace = "http://www.test.com/WF/Framework/AWFUtilityService",
 endpointInterface = "com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType"
 )
@EndpointConfig(configFile="META-INF/standard-jaxws-endpoint-config.xml", configName = "Standard WSSecurity Endpoint")

public class AWFUtilityServiceImpl implements AWFUtilityServicePortType {

 public String getCorrelationID(String CorrelationID)
 throws GetCorrelationIDFault
 {
 String strCorrValue = Calendar.getInstance().getTime().toString();
 return CorrelationID + "_" + strCorrValue;
 }

}

Server config file jboss-wsse-server.xml

<?xml version="1.0" encoding="UTF-8"?>

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/ws-security/config
 http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

 <config>
 <authorize>
 <unchecked />
 </authorize>
 </config>

 <port name="AWFUtilityServicePort">
 <operation
 name="{http://www.test.com/WF/Framework/AWFUtilityService}getCorrelationID">
 <config>
 <authorize>
 <unchecked />
 </authorize>
 </config>
 </operation>
 </port>
</jboss-ws-security>

jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">


<jboss-web>

 <security-domain>java:/jaas/JBossWS</security-domain>
 <context-root>/TestUtility</context-root>

</jboss-web>

Please help why this service is not getting deployed as a WS Security Endpoint. Do I need to enable it some where ? Or is it that the latest code doesn't contain the fix?

Thanks in Advance.
Dhanush

1. Re: WS-Security on POJO Endpoint

t.himaja Jan 11, 2011 5:57 AM (in response to dhanushgopinath)

Hi,

Even i am getting same error if i am calling web service in web application from stand-alone client. Did u solve this problem?
Please reply, i need to know how the solve this issue

Thanks in advance.
Actions