WS-Security on POJO Endpoint
dhanushgopinath Feb 12, 2009 12:49 AMHi,
I am trying to implement WS-Security on a POJO Endpoint using JBOSS WS. I want to use the UserName token authentication. This is already a Jira Issue with 3.0.5 (https://jira.jboss.org/jira/browse/JBWS-1999) and since I saw the Jira Issue as resolved, I got the latest code from the site and built the Web Service stack and tried to implement it. I am implementing based on this
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=131719&postdays=0&postorder=asc&start=0
But while deploying the Web Service the endpoint configuration is shown as Standard Endpoint in the logs . Shouldn't it be Standard WSSecurity Endpoint. Given below is the excerpt from log.
ServerEndpointMetaData: type=JAXWS qname={http://www.test.com/WF/Framework/AWFUtilityService}AWFUtilityServicePortTypePort id=jboss.ws:context=TestUtility,endpoint=AWFUtilityService address=http://127.0.0.1:8180/TestUtility/AWFUtilityService binding=http://schemas.xmlsoap.org/wsdl/soap/http linkName=AWFUtilityService implName=com.test.wf.framework.awfutilityservice.AWFUtilityServiceImpl seiName=com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType serviceMode=null portComponentName=null contextRoot=/TestUtility urlPattern=/AWFUtilityService configFile=META-INF/standard-jaxws-endpoint-config.xml configName=Standard Endpoint authMethod=null transportGuarantee=null secureWSDLAccess=false properties={}
Now I run the client and the SOAP Message is properly built using the wsse:security headers, but at the server side its throwing a class cast exception
2009-02-11 20:12:52,153 DEBUG [org.jboss.ws.core.soap.MessageFactoryImpl] createMessage: [contentType=text/xml; charset=UTF-8] 2009-02-11 20:12:52,247 DEBUG [org.jboss.ws.metadata.umdm.EndpointMetaData] Configure SOAPBinding 2009-02-11 20:12:52,247 ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception java.lang.ClassCastException: org.jboss.ws.core.soap.EnvelopeBuilderDOM at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:278) at org.jboss.ws.core.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:193) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:455) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131) at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
Here is my Web Service and the server side config files.
@WebService(name="AWFUtilityServicePortType", serviceName = "AWFUtilityService", targetNamespace = "http://www.test.com/WF/Framework/AWFUtilityService", endpointInterface = "com.test.wf.framework.awfutilityservice.AWFUtilityServicePortType" ) @EndpointConfig(configFile="META-INF/standard-jaxws-endpoint-config.xml", configName = "Standard WSSecurity Endpoint") public class AWFUtilityServiceImpl implements AWFUtilityServicePortType { public String getCorrelationID(String CorrelationID) throws GetCorrelationIDFault { String strCorrValue = Calendar.getInstance().getTime().toString(); return CorrelationID + "_" + strCorrValue; } }
Server config file jboss-wsse-server.xml
<?xml version="1.0" encoding="UTF-8"?> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <authorize> <unchecked /> </authorize> </config> <port name="AWFUtilityServicePort"> <operation name="{http://www.test.com/WF/Framework/AWFUtilityService}getCorrelationID"> <config> <authorize> <unchecked /> </authorize> </config> </operation> </port> </jboss-ws-security>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd"> <jboss-web> <security-domain>java:/jaas/JBossWS</security-domain> <context-root>/TestUtility</context-root> </jboss-web>
Please help why this service is not getting deployed as a WS Security Endpoint. Do I need to enable it some where ? Or is it that the latest code doesn't contain the fix?
Thanks in Advance.
Dhanush