1 2 Previous Next 16 Replies Latest reply on Mar 5, 2010 6:02 AM by kcsavant

    Unable to verify SOAP packet encryption

    kcsavant

      Hi,

       

      I am trying to create a secured web service with SOAP encryption, I am following JBOSS IN ACTION by Manning, chapter 9. My setup is jboss-5.1.0.GA & jbossws-native-3.2.2.GA.

       

      My service interface is like below

       

      SalesTax.java
      
      @EndpointConfig(configName="Standard WSSecurity Endpoint")
      @SOAPBinding(style=SOAPBinding.Style.RPC)
      @WebService(name = "SalesTax", targetNamespace = "http://ws.abc.com/")
      public interface SalesTax {
          @WebMethod
          @WebResult(targetNamespace = "")
          @RequestWrapper(localName = "getRate", targetNamespace = "http://ws.abc.com/", className = "com.abc.ws.GetRate")
          @ResponseWrapper(localName = "getRateResponse", targetNamespace = "http://ws.abc.com/", className = "com.abc.ws.GetRateResponse")
          public double getRate(
              @WebParam(name = "arg0", targetNamespace = "")
              String arg0);
      }
      

       

      My WS Implementation is

      SalesTaxImpl.java

       

      @WebService(name = "SalesTaxImpl", serviceName = "SalesTax", endpointInterface = "com.abc.ws.SalesTax", portName="SalesTaxPort")
      public class SalesTaxImpl implements SalesTax {
           private Map<String, Double> tax = new HashMap<String, Double>();
           public void init() {
                tax.put("UP", 5.5);
                tax.put("AP", 8.25);
                tax.put("PU", 4.95);
           }
           public double getRate(String arg0) {
                init();
                return tax.get(arg0) != null ? tax.get(arg0) : 0.0;
           }
      }

       

      My WAR setup                                                                                                                             My Client Setup

      ws-server-setup.JPGws-client-setup.JPG

      I can deploy the web service successfully, now on client side I have below code.

       

      My Client Implementation is as below

      Client.java

       

      public class Client {
           public static void main(String[] arg) {
           System.setProperty("org.jboss.ws.wsse.keyStore", "C://certificates//client.keystore");
              System.setProperty("org.jboss.ws.wsse.keyStorePassword", "{CLASS}org.jboss.security.plugins.FilePassword:C://certificates//client.keystore.password");
              System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks" );
              System.setProperty("org.jboss.ws.wsse.trustStore", "C://certificates//client.truststore");
              System.setProperty("org.jboss.ws.wsse.trustStorePassword", "{CLASS}org.jboss.security.plugins.FilePassword:C://certificates//client.truststore.password");
              System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks");
            String[] args = {"UP","AP","PU"};
                if (args.length > 0) {
                     SalesTax_Service svc = new SalesTax_Service();
                     SalesTax tax = svc.getSalesTaxPort();
                     BindingProvider bp = (BindingProvider)tax;
                     Map<String, Object> rc = bp.getRequestContext();
                     rc.put(BindingProvider.USERNAME_PROPERTY, "keshav");
                     rc.put(BindingProvider.PASSWORD_PROPERTY, "Pass1@34");
                     for (int i = 0; i < args.length; i++) {
                          double rate = tax.getRate(args[i]);
                          System.out.println("Sales tax for " + args[i] + " is " + rate);
                     }
                }
           }
      }
      
      

       

      I can hit the web service using this client.I also uncommented the message trace for org.jboss.ws.core.MessageTrace class in jboo-log4j.xml file to analyse the SOAP packets.

       

      BUT the problem is,

       

      1. I dont know whether my service has been secured or not, because the SOAP packets(after each hit) in server.log does not show encrypted packet, it shows simply (non encrypted) packets.

       

      Please let me know if I am missing out something. If required I can provide additional code files also.

        • 1. Re: Unable to verify SOAP packet encryption
          peterj
          Please realize that only the body of the SOAP message gets encrypted, not the entire message. What is it that you are seeing in the trace? Could you post that?
          • 2. Re: Unable to verify SOAP packet encryption
            kcsavant

            Hi Peter,

            Thanks for your reply. My SOAP packet is not getting encrypted at all. I am pasting extract from my server.log that shows my SOAP packet

             

            2010-03-01 16:17:13,348 TRACE [org.jboss.ws.core.MessageTrace] (http-127.0.0.1-8080-2) Incoming Request Message
            <S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
             <S:Body>
              <ns2:getRate xmlns:ns2='http://ws.abc.com/'>
               <arg0>PU</arg0>
              </ns2:getRate>
             </S:Body>
            </S:Envelope>
            2010-03-01 16:17:13,348 TRACE [org.jboss.ws.core.MessageTrace] (http-127.0.0.1-8080-2) Outgoing Response Message
            <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
             <env:Header/>
             <env:Body>
              <ns2:getRateResponse xmlns:ns2='http://ws.abc.com/'>
               <return>7.5</return>
              </ns2:getRateResponse>
             </env:Body>
            </env:Envelope>
            

             

            For your convenience I am also attching my web service complete source, you might require that to analyze further.

             

            Thanks once again,

            Keshav

            • 3. Re: Unable to verify SOAP packet encryption
              peterj
              The difference between your code and the book is that your code sets the properties in the code while the book relies on configuration files. Have you tried following the book exactly to see if that works for you?
              • 4. Re: Unable to verify SOAP packet encryption
                kcsavant
                Yes Peter, I have tried with both the options but no luck. I did this by commenting the code lines that are setting the properties. I already posted my client setup above.
                • 5. Re: Unable to verify SOAP packet encryption
                  peterj

                  OK, I reran the example from the book's source code (project ch09, target 10), and the log file shows the encrypted message. I also compared the book's source for ch09 as updated for AS 5.1.0 with the original source, which was for AS 5.0.0 and the only change was to a setting in the jboss-log4j.xml. So the task now is to figure out how you code and settings differ from that in the book:

                   

                  a) The book doesn't declare an interface for the EJB, thus all of the annotations are on the implementation EJB. Possible fix: move the annotations to the implementation class.

                  b) Your client sets configs in the code (we've already gone over this)


                  That's it from the information you posted. I cannot comment on jboss-wsse-server.xml, jboss-wsse-client.xml or standard-jaxws-client-config.xml since you did not post them.

                   

                  Have you run target 10 in ch09 and verified that the messages are encrypted? By the way, you will want to pull the sources from trunk in subversion since we do not yet have a downloadable zip file that contains updates for AS 5.1.0.GA (most of the chapters, chapter 9 included, have been updated for 5.1.0.GA in trunk).

                  • 6. Re: Unable to verify SOAP packet encryption
                    alexandreesl
                    I am interested on the config files aproach, I tryed like this on my web services, and got the <wsse:security> missing on the client, what exacly do you do to make the client reconize the xml config files?
                    • 7. Re: Unable to verify SOAP packet encryption
                      kcsavant

                      Hi Peter,

                       

                      I did the changes suggested by you. I shifted the annotations to the implementation class, but that also not helped. I have provided my Web Service source in one of my earlier post in this thread only. That zip file has jboss-wsse-server.xml file and other certificate files. Now I am attaching my client source as well that has jboss-wsse-client.xml &  standard-jaxws-client-config.xml along with certificate files.You can have a look on my setup & config files.(Now both the setup are attached in this post/current thread)

                       

                      It would be really helpful if you can provide me the souce of web service & client that you have created recently by re running the example from book. This will help me in comparing my code with yours & diagnose the problem.

                       

                      Thanks,

                      Keshav

                      • 8. Re: Unable to verify SOAP packet encryption
                        peterj

                        "what exacly do you do to make the client reconize the xml config  files"

                        I place them in the META-INF directory of the client JAR, as shown in figure 9.13 in page 259.

                        • 9. Re: Unable to verify SOAP packet encryption
                          peterj

                          "It would be really helpful if you can provide me the souce of web  service & client that you have created recently by re running the  example from book. This will help me in comparing my code with yours  & diagnose the problem."

                          Look at the web site that has the source for the book. Getting the source for the Subversion trunk is the best.

                          http://code.google.com/p/jbia/source/checkout

                          • 10. Re: Unable to verify SOAP packet encryption
                            peterj

                            In the client, the protocol mentioned in the <javaee:protocol-bindings> entry in standard-jaxws-client-config.xml doesn't match mine, I have only "##SOAP11_HTTP".

                             

                            Also, your jboss-wsse-client.xml file looks like it is set up for signing as well as encryption, and it has two <config> entries - mine has only one.

                            • 11. Re: Unable to verify SOAP packet encryption
                              alexandreesl

                              but when I put the files, and then I run the client code(stub generated by eclipse) he claims that he cant acess the web service because <wsse:security> is missing, because he isn´t encrypting.Is there anything else that needs to be changed?here is a picture of my client project, thanks

                              • 12. Re: Unable to verify SOAP packet encryption
                                kcsavant

                                Hi Peter,

                                I was successfully able to deploy my web services and see the encrypted messages. I really appreciate your guidance on this. Thanks alot for helping me out. I was missing some configuration in XML files.

                                 

                                Now I have one more query if you can please help me on this.

                                 

                                I can hit my client using wsrunclient, BUT in real world it is not always true that the user has wsrunclient utility, so how can we have an independent application that uses pure JAVA code and hit the secured web services ?

                                • 13. Re: Unable to verify SOAP packet encryption
                                  peterj
                                  All that wsrunclient does is add the JBossWS-specific JAR files to the classpath so that you don't have to. You can build the classpath in your own script file, or just copy and modify wsrunclient for your purposes.
                                  • 14. Re: Unable to verify SOAP packet encryption
                                    wkubina
                                    Keshav, can you shed some light on the configuration parameters you were missing in the XML files? I'm having the same problem but haven't figured it out. Sounds like you just did. Thanks!
                                    1 2 Previous Next