12 Replies Latest reply: Mar 16, 2012 7:44 PM by spyhunter99 RSS

@WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side

Claudio Miranda Newbie

Hi, my environment is:

- JBoss EAP 5.1.2

- Linux

- JDK 6 update 30

 

There is an EJB annotated as webservice with auth as CLIENT-CERT. But testing from wsrunclient.sh throws WSException: Invalid HTTP server response [401] - Unauthorized

 

Caused by: org.jboss.ws.WSException: Invalid HTTP server response [401] - Unauthorized

        at org.jboss.ws.core.soap.SOAPMessageUnMarshallerHTTP.read(SOAPMessageUnMarshallerHTTP.java:75)

        at org.jboss.remoting.transport.http.HTTPClientInvoker.readResponse(HTTPClientInvoker.java:608)

        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:402)

        at org.jboss.remoting.transport.http.HTTPClientInvoker.makeInvocation(HTTPClientInvoker.java:253)

 

 

I have configured my application as following, sorry for the long post, but I want to give yout the relevant details of my test.

 

I have searched jbossws forums, found and example using CLIENT-CERT with POJO and Servlets. But was unable to fix it.

 

Thanks

 

 

The server application is an EAR file that packages the EJB module

jaas-ms-ejb-ear.ear/

|-- jaas-ms-ejb-ws-1.0.0.jar

|   |-- br

|   |   `-- com

|   |       `-- myapp

|   |           `-- jaas

|   |               |-- IPesquisarUsuario.class

|   |               `-- PesquisarUsuarioEjbService.class

|   |-- META-INF

|   |   |-- myapp-jaxws-endpoint-config.xml

|   |   |-- jboss-wsse-server.xml

|   |   |-- MANIFEST.MF

|   |-- server_jbossws.jks

|   `-- server_jbossws_truststore.jks

|-- lib

|   |-- jaas-ms-1.1.4.jar

|   `-- myapp-lib-client-2.1.2.jar

`-- META-INF

    |-- application.xml

    |-- MANIFEST.MF

 

The files content is

 

PesquisarUsuarioEjbService.java

package br.com.myapp.jaas;

import java.util.logging.Logger;

import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import javax.jws.HandlerChain;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
import javax.jws.soap.SOAPBinding.Style;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;

import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.ws.annotation.EndpointConfig;
import org.jboss.wsf.spi.annotation.WebContext;

import myapp.*;

@SOAPBinding(style = Style.RPC)
@WebService(endpointInterface="br.com.myapp.jaas.IPesquisarUsuario", targetNamespace="http://jaas.myapp.com.br/")
//@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@EndpointConfig(configFile = "META-INF/myapp-jaxws-endpoint-config.xml", configName="MyApp WSSecurity Endpoint")
@Stateless
@WebContext(contextRoot = "/jaas-cert", secureWSDLAccess=false, authMethod="CLIENT-CERT", transportGuarantee="NONE")
@SecurityDomain("UserCertPolicy")
@PermitAll()
public class PesquisarUsuarioEjbService  implements IPesquisarUsuario {

     private static Logger log = Logger.getLogger(PesquisarUsuarioEjbService.class.getName());
     /** The JACC PolicyContext key for the current Subject */
     private static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";

     @WebMethod
     public String pesquisar(String nome) {

          // SecurityContextAssociation.getSecurityContext().getUtil().getSubject()
          try {
               Subject subject = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
            PerfilPrincipal perfil = subject.getPrincipals(PerfilPrincipal.class).iterator().next();
               log.info(perfil.getUsuario().getNome());
               for (PerfilWrapper perfilWrapper : perfil.getPerfis()) {
                    log.info(perfilWrapper.getPerfil().getNome());
               }
               log.info("received = " + nome);
          } catch (PolicyContextException e) {
               e.printStackTrace();
          }
          return nome + " results: ";
     }

}

 

myapp-jaxws-endpoint-config.xml

 

<?xml version="1.0" encoding="UTF-8"?>

<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
  xsi:schemaLocation="urn:jboss:jaxws-config:2.0 schema/jaxws-config_2_0.xsd">

  <endpoint-config>
    <config-name>Datasus WSSecurity Endpoint</config-name>
    <post-handler-chains>
      <javaee:handler-chain>
        <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
        <javaee:handler>
          <javaee:handler-name>Autorizacao Handler</javaee:handler-name>
          <javaee:handler-class>br.com.myapp.jaas.spi.AutorizacaoWSHandler</javaee:handler-class>
        </javaee:handler>
        <javaee:handler>
          <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
          <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
        </javaee:handler>
        <javaee:handler>
          <javaee:handler-name>Recording Handler</javaee:handler-name>
          <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class>
        </javaee:handler>
      </javaee:handler-chain>
    </post-handler-chains>
  </endpoint-config>

 </jaxws-config>

jboss-wsse-server.xml

 

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
    xmlns:xsi="http://ww.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.jboss.com/ws-security/config
                      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

    <key-store-file>server_jbossws.jks</key-store-file>
    <key-store-password>admin123</key-store-password>
    <trust-store-file>server_jbossws_truststore.jks</trust-store-file>
    <trust-store-password>admin123</trust-store-password>

    <key-passwords>
        <key-password alias="server_jbossws" password="admin123"/>
    </key-passwords>
    <config>
        <sign  type="x509v3" alias="server_jbossws" includeTimestamp="false"/>
        <encrypt type="x509v3" alias="client_jbossws" />
        <requires>
            <signature/>
            <encryption/>
        </requires>
        <authenticate>
            <signatureCertAuth certificatePrincipal="br.com.myapp.jaas.spi.SubjectMapper"/>
        </authenticate>
    </config>    
</jboss-ws-security>

 

server_jbossws.jks

 
$ keytool -list -v -keystore jaas-ms-ejb-ear.ear/jaas-ms-ejb-ws-1.0.0.jar/server_jbossws.jks -storepass admin123

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: server_jbossws
Creation date: Mar 7, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57ba78
Valid from: Wed Mar 07 16:43:52 BRT 2012 until: Tue Jun 05 16:43:52 BRT 2012
Certificate fingerprints:
         MD5:  77:15:35:EA:A5:01:70:BB:FD:3D:99:11:7B:36:E8:3F
         SHA1: C0:68:43:28:D9:D9:6F:B7:75:62:02:0F:75:F8:19:D4:E8:50:24:C5
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************


Alias name: client_jbossws
Creation date: Mar 7, 2012
Entry type: trustedCertEntry

Owner: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57baa3
Valid from: Wed Mar 07 16:44:35 BRT 2012 until: Tue Jun 05 16:44:35 BRT 2012
Certificate fingerprints:
         MD5:  78:48:E3:54:2D:85:7F:62:C7:48:2D:22:D3:DB:56:49
         SHA1: 15:D9:AB:33:2E:A2:BD:52:08:A0:1B:1F:16:C6:60:A2:29:A4:53:7D
         Signature algorithm name: SHA1withRSA
         Version: 3

server_jbossws_truststore.jks

$ keytool -list -v -keystore jaas-ms-ejb-ear.ear/jaas-ms-ejb-ws-1.0.0.jar/server_jbossws_truststore.jks -storepass admin123

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: server_jbossws
Creation date: Mar 7, 2012
Entry type: trustedCertEntry

Owner: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57ba78
Valid from: Wed Mar 07 16:43:52 BRT 2012 until: Tue Jun 05 16:43:52 BRT 2012
Certificate fingerprints:
         MD5:  77:15:35:EA:A5:01:70:BB:FD:3D:99:11:7B:36:E8:3F
         SHA1: C0:68:43:28:D9:D9:6F:B7:75:62:02:0F:75:F8:19:D4:E8:50:24:C5
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************


Alias name: client_jbossws
Creation date: Mar 8, 2012
Entry type: trustedCertEntry

Owner: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57baa3
Valid from: Wed Mar 07 16:44:35 BRT 2012 until: Tue Jun 05 16:44:35 BRT 2012
Certificate fingerprints:
         MD5:  78:48:E3:54:2D:85:7F:62:C7:48:2D:22:D3:DB:56:49
         SHA1: 15:D9:AB:33:2E:A2:BD:52:08:A0:1B:1F:16:C6:60:A2:29:A4:53:7D
         Signature algorithm name: SHA1withRSA
         Version: 3

Server log at initialization

 

ServerEndpointMetaData:
 type=JAXWS
 qname={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort
 id=jboss.ws:context=jaas-cert,endpoint=PesquisarUsuarioEjbService
 address=http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService
 binding=http://schemas.xmlsoap.org/wsdl/soap/http
 linkName=PesquisarUsuarioEjbService
 implName=br.com.myapp.jaas.PesquisarUsuarioEjbService
 seiName=br.com.myapp.jaas.IPesquisarUsuario
 serviceMode=null
 portComponentName=null
 contextRoot=/jaas-cert
 urlPattern=/PesquisarUsuarioEjbService
 configFile=META-INF/myapp-jaxws-endpoint-config.xml
 configName=MyApp WSSecurity Endpoint
 authMethod=CLIENT-CERT
 transportGuarantee=null
 secureWSDLAccess=false
 properties={}

OperationMetaData:
 qname={http://jaas.myapp.com.br/}pesquisar
 javaName=pesquisar
 style=document/literal/WRAPPED
 oneWay=false
 soapAction=
ParameterMetaData:
 xmlName={http://jaas.myapp.com.br/}pesquisar
 partName=pesquisar
 xmlType={http://jaas.myapp.com.br/}pesquisar
 javaType=br.com.myapp.jaas.jaxws.Pesquisar
 mode=IN
 inHeader=false
 index=0
 wrappedParameters=[[name = arg0, type = java.lang.String, typeArgs = null, variable = arg0, index = 0]]
ReturnMetaData:
 xmlName={http://jaas.myapp.com.br/}pesquisarResponse
 partName=pesquisarResponse
 xmlType={http://jaas.myapp.com.br/}pesquisarResponse
 javaType=br.com.myapp.jaas.jaxws.PesquisarResponse
 mode=OUT
 inHeader=false
 index=-1
 wrappedParameters=[[name = return, type = java.lang.String, typeArgs = null, variable = return, index = -1]]

HandlerMetaDataJAXWS:
 type=POST
 name=Autorizacao Handler
 class=class br.com.myapp.jaas.spi.AutorizacaoWSHandler
 params=[]
 protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
 services=null
 ports=null

HandlerMetaDataJAXWS:
 type=POST
 name=WSSecurity Handler
 class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer
 params=[]
 protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
 services=null
 ports=null

HandlerMetaDataJAXWS:
 type=POST
 name=Recording Handler
 class=class org.jboss.wsf.framework.invocation.RecordingServerHandler
 params=[]
 protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
 services=null
 ports=null

 

Client organization

jaas-ms-client/

|-- bin

|   |-- br

|   |   `-- com

|   |       `-- myapp

|   |           `-- jaas

|   |               |-- IPesquisarUsuario.class

|   |               `-- spi

|   |                   |-- AutorizacaoWSHandler.class

|   |                   |-- MsUsernameTokenLoginModule.class

|   |                   |-- SubjectMapper.class

|   |                   `-- UserCertLoginModule.class

|   |-- JaasAuthClient.class

|   |-- JaasAuthClientSetup.class

|   |-- log4j.properties

|   `-- META-INF

|       |-- client_jbossws.jks

|       |-- client_jbossws_truststore.jks

|       |-- myapp-jaxws-client-config.xml

|       |-- jboss-wsse-client.xml

|       `-- standard-jaxws-client-config.xml

Client java class

public class JaasAuthClient {

    public static void main(String[] args) throws Exception {
        JaasAuthClientSetup setup = new JaasAuthClientSetup();
        IPesquisarUsuario wsPesq = setup.getPesquisarUsuarioEjbServicePort();
        StubExt stubExt = (StubExt) wsPesq;
        
        stubExt.setConfigName("Standard WSSecurity Client");
        
        System.out.println("========================================" );
        System.out.println("=====>  config name =  " + stubExt.getConfigName());
        System.out.println("=====>  config file =  " + stubExt.getConfigFile());
        System.out.println("=====>  security config =  " + stubExt.getSecurityConfig());
        System.out.println("========================================" );
        String res = wsPesq.pesquisar("claudio");
        System.out.println("resultado ws: " + res);
    }
    
}

@WebServiceClient(name="PesquisarUsuarioEjbServiceService",  targetNamespace="http://jaas.myapp.com.br/", 
    wsdlLocation="http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService?wsdl")
public class JaasAuthClientSetup extends Service {

    public JaasAuthClientSetup() throws MalformedURLException {
        super(new URL("http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService?wsdl"), 
                new QName("http://jaas.myapp.com.br/", "PesquisarUsuarioEjbServiceService"));
    }
    
    public JaasAuthClientSetup(URL wsdlDocumentLocation, QName serviceName) {
        super(wsdlDocumentLocation, serviceName);
    }

    @WebEndpoint(name="PesquisarUsuarioEjbServicePort")
    public IPesquisarUsuario getPesquisarUsuarioEjbServicePort() {
        return (IPesquisarUsuario) super.getPort(new QName("http://jaas.myapp.com.br/", "PesquisarUsuarioEjbServicePort"), 
                IPesquisarUsuario.class);
    }


}

 

jboss-wsse-client.xml

 

<jboss-ws-security 
    xmlns="http://www.jboss.com/ws-security/config"
    xmlns:xsi="http://ww.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.jboss.com/ws-security/config
                      http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

    <key-store-file>META-INF/client_jbossws.jks</key-store-file>
    <key-store-password>admin123</key-store-password>
    <key-store-type>jks</key-store-type>
    <trust-store-file>META-INF/client_jbossws_truststore.jks</trust-store-file>
    <trust-store-password>admin123</trust-store-password>
    <trust-store-type>jks</trust-store-type>

    <key-passwords>
        <key-password alias="client_jbossws" password="admin123"/>
    </key-passwords>
    <config>
        <sign  type="x509v3" alias="client_jbossws" />
        <encrypt type="x509v3" alias="server_jbossws"/>
        <requires>
            <signature />
            <encryption />
        </requires>
    </config>

</jboss-ws-security>

standard-jaxws-client-config.xml

 

<?xml version="1.0" encoding="UTF-8"?>

<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
  xsi:schemaLocation="urn:jboss:jaxws-config:2.0 schema/jaxws-config_2_0.xsd">

  <client-config>
    <config-name>Standard WSSecurity Client</config-name>
    <post-handler-chains>
      <javaee:handler-chain>
        <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
        <javaee:handler>
          <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
          <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
        </javaee:handler>
      </javaee:handler-chain>
    </post-handler-chains>
  </client-config>

</jaxws-config>

client_jbossws_truststore.jks

$ keytool -list -v -keystore src/META-INF/client_jbossws_truststore.jks  -storepass admin123

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: client_jbossws
Creation date: Mar 7, 2012
Entry type: trustedCertEntry

Owner: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57baa3
Valid from: Wed Mar 07 16:44:35 BRT 2012 until: Tue Jun 05 16:44:35 BRT 2012
Certificate fingerprints:
         MD5:  78:48:E3:54:2D:85:7F:62:C7:48:2D:22:D3:DB:56:49
         SHA1: 15:D9:AB:33:2E:A2:BD:52:08:A0:1B:1F:16:C6:60:A2:29:A4:53:7D
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************


Alias name: server_jbossws
Creation date: Mar 8, 2012
Entry type: trustedCertEntry

Owner: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57ba78
Valid from: Wed Mar 07 16:43:52 BRT 2012 until: Tue Jun 05 16:43:52 BRT 2012
Certificate fingerprints:
         MD5:  77:15:35:EA:A5:01:70:BB:FD:3D:99:11:7B:36:E8:3F
         SHA1: C0:68:43:28:D9:D9:6F:B7:75:62:02:0F:75:F8:19:D4:E8:50:24:C5
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************

client_jbossws.jks

$ keytool -list -v -keystore src/META-INF/client_jbossws.jks  -storepass admin123

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: client_jbossws
Creation date: Mar 7, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws client, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57baa3
Valid from: Wed Mar 07 16:44:35 BRT 2012 until: Tue Jun 05 16:44:35 BRT 2012
Certificate fingerprints:
         MD5:  78:48:E3:54:2D:85:7F:62:C7:48:2D:22:D3:DB:56:49
         SHA1: 15:D9:AB:33:2E:A2:BD:52:08:A0:1B:1F:16:C6:60:A2:29:A4:53:7D
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************


Alias name: server_jbossws
Creation date: Mar 7, 2012
Entry type: trustedCertEntry

Owner: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Issuer: CN=jbossws server, OU=myapp, O=min_myapp, L=Brasilia, ST=DF, C=BR
Serial number: 4f57ba78
Valid from: Wed Mar 07 16:43:52 BRT 2012 until: Tue Jun 05 16:43:52 BRT 2012
Certificate fingerprints:
         MD5:  77:15:35:EA:A5:01:70:BB:FD:3D:99:11:7B:36:E8:3F
         SHA1: C0:68:43:28:D9:D9:6F:B7:75:62:02:0F:75:F8:19:D4:E8:50:24:C5
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************

The relevant client log

 
$ /opt/jboss-eap-5.1.2/jboss-as/bin/wsrunclient.sh -classpath bin/ JaasAuthClient
DEBUG [main] - START: rebuildMetaData
DEBUG [main] - setParameterStyle: null
DEBUG [main] - Create new config [name=Standard Client,file=META-INF/standard-jaxws-client-config.xml]
DEBUG [main] - getConfig: [name=Standard Client,url=META-INF/standard-jaxws-client-config.xml]
DEBUG [main] - parse: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/standard-jaxws-client-config.xml
DEBUG [main] - Created parser: org.apache.xerces.jaxp.SAXParserImpl@1efb4be, isNamespaceAware: true, isValidating: true, isXIncludeAware: true
DEBUG [main] - http://xml.org/sax/features/validation set to: true
DEBUG [main] - http://xml.org/sax/features/namespaces set to: true
DEBUG [main] - http://apache.org/xml/features/validation/dynamic set to: true
DEBUG [main] - http://xml.org/sax/features/validation set to: true
DEBUG [main] - http://apache.org/xml/features/validation/schema set to: true
DEBUG [main] - Created parser: org.apache.xerces.jaxp.SAXParserImpl@1efb4be, isNamespaceAware: true, isValidating: true, isXIncludeAware: true
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/jaxws-config_2_0.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/javaee_web_services_1_2.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/javaee_5.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=http://www.w3.org/2001/xml.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/javaee_web_services_client_1_2.xsd]
DEBUG [main] - Configure EndpointMetaData
DEBUG [main] - Added 0 PRE handlers
DEBUG [main] - Added 0 ENDPOINT handlers
DEBUG [main] - Added 1 POST handlers
DEBUG [main] - Using default parameter style: WRAPPED
DEBUG [main] - Generating wrapper: br.com.myapp.jaas.jaxws.Pesquisar
DEBUG [main] - Generating wrapper: br.com.myapp.jaas.jaxws.PesquisarResponse
DEBUG [main] - JAXBContext [types=[class br.com.myapp.jaas.jaxws.Pesquisar, class br.com.myapp.jaas.jaxws.PesquisarResponse],tns=http://jaas.myapp.com.br/]
DEBUG [main] - Found best matching java method: public abstract java.lang.String br.com.myapp.jaas.IPesquisarUsuario.pesquisar(java.lang.String)
DEBUG [main] - END: rebuildMetaData

ServiceMetaData:
 qname={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServiceService
 refName=null
 wsdName=null
 wsdlFile=null
 wsdlLocation=http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService?wsdl
 jaxrpcMapping=null
 publishLocation=null
 securityConfig=null
 properties=null

TypesMetaData: 
  [complexType={http://jaas.myapp.com.br/}pesquisar,javaType=br.com.myapp.jaas.jaxws.Pesquisar]
  [complexType={http://jaas.myapp.com.br/}pesquisarResponse,javaType=br.com.myapp.jaas.jaxws.PesquisarResponse]
                    

ClientEndpointMetaData:
 type=JAXWS
 qname={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort
 address=http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService
 binding=http://schemas.xmlsoap.org/wsdl/soap/http
 seiName=br.com.myapp.jaas.IPesquisarUsuario
 configFile=META-INF/standard-jaxws-client-config.xml
 configName=Standard Client
 authMethod=null
 properties={}

OperationMetaData:
 qname={http://jaas.myapp.com.br/}pesquisar
 javaName=pesquisar
 style=document/literal/WRAPPED
 oneWay=false
 soapAction=
ParameterMetaData:
 xmlName={http://jaas.myapp.com.br/}pesquisar
 partName=pesquisar
 xmlType={http://jaas.myapp.com.br/}pesquisar
 javaType=br.com.myapp.jaas.jaxws.Pesquisar
 mode=IN
 inHeader=false
 index=0
 wrappedParameters=[[name = arg0, type = java.lang.String, typeArgs = null, variable = arg0, index = 0]]
ReturnMetaData:
 xmlName={http://jaas.myapp.com.br/}pesquisarResponse
 partName=pesquisarResponse
 xmlType={http://jaas.myapp.com.br/}pesquisarResponse
 javaType=br.com.myapp.jaas.jaxws.PesquisarResponse
 mode=OUT
 inHeader=false
 index=-1
 wrappedParameters=[[name = return, type = java.lang.String, typeArgs = null, variable = return, index = -1]]

HandlerMetaDataJAXWS:
 type=POST
 name=WSSecurityHandlerOutbound
 class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
 params=[]
 protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
 services=null
 ports=null
DEBUG [main] - Configure SOAPBinding
DEBUG [main] - initHandlerChain: PRE
DEBUG [main] - initHandlerChain: ENDPOINT
DEBUG [main] - initHandlerChain: POST
DEBUG [main] - addHandler: 
HandlerMetaDataJAXWS:
 type=POST
 name=WSSecurityHandlerOutbound
 class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
 params=[]
 protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
 services=null
 ports=null
DEBUG [main] - getHandlerChain: [type=PRE,info=[service={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServiceService,port={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
DEBUG [main] - getHandlerChain: [type=POST,info=[service={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServiceService,port={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
DEBUG [main] - getHandlerChain: [type=ENDPOINT,info=[service={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServiceService,port={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
DEBUG [main] - setHandlerChain: []
DEBUG [main] - No port configuration for: {http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort
DEBUG [main] - Create new config [name=Standard WSSecurity Client,file=META-INF/standard-jaxws-client-config.xml]
DEBUG [main] - getConfig: [name=Standard WSSecurity Client,url=META-INF/standard-jaxws-client-config.xml]
DEBUG [main] - parse: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/standard-jaxws-client-config.xml
DEBUG [main] - Created parser: org.apache.xerces.jaxp.SAXParserImpl@146b6db, isNamespaceAware: true, isValidating: true, isXIncludeAware: true
DEBUG [main] - http://xml.org/sax/features/validation set to: true
DEBUG [main] - http://xml.org/sax/features/namespaces set to: true
DEBUG [main] - http://apache.org/xml/features/validation/dynamic set to: true
DEBUG [main] - http://xml.org/sax/features/validation set to: true
DEBUG [main] - http://apache.org/xml/features/validation/schema set to: true
DEBUG [main] - Created parser: org.apache.xerces.jaxp.SAXParserImpl@146b6db, isNamespaceAware: true, isValidating: true, isXIncludeAware: true
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/jaxws-config_2_0.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/javaee_web_services_1_2.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/javaee_5.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=http://www.w3.org/2001/xml.xsd]
DEBUG [main] - resolveEntity: [pub=null,sysid=file:///home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/schema/javaee_web_services_client_1_2.xsd]
DEBUG [main] - Configure EndpointMetaData
DEBUG [main] - Added 0 PRE handlers
DEBUG [main] - Added 0 ENDPOINT handlers
DEBUG [main] - Added 1 POST handlers
DEBUG [main] - initHandlerChain: PRE
DEBUG [main] - initHandlerChain: ENDPOINT
DEBUG [main] - initHandlerChain: POST
DEBUG [main] - addHandler: 
HandlerMetaDataJAXWS:
 type=POST
 name=WSSecurityHandlerOutbound
 class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
 params=[]
 protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
 services=null
 ports=null
DEBUG [main] - getHandlerChain: [type=PRE,info=[service={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServiceService,port={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
DEBUG [main] - getHandlerChain: [type=POST,info=[service={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServiceService,port={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
DEBUG [main] - getHandlerChain: [type=ENDPOINT,info=[service={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServiceService,port={http://jaas.myapp.com.br/}PesquisarUsuarioEjbServicePort,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
DEBUG [main] - setHandlerChain: []
========================================
=====>  config name =  Standard WSSecurity Client
=====>  config file =  META-INF/standard-jaxws-client-config.xml
=====>  security config =  null
========================================
DEBUG [main] - pushMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@504ec1 (Thread main)
DEBUG [main] - wrapRequestParameters: br.com.myapp.jaas.jaxws.Pesquisar
DEBUG [main] - setRequestParamValue: [name={http://jaas.myapp.com.br/}pesquisar,value=br.com.myapp.jaas.jaxws.Pesquisar]
DEBUG [main] - bindRequestMessage: {http://jaas.myapp.com.br/}pesquisar
DEBUG [main] - getRequestParamValue: {http://jaas.myapp.com.br/}pesquisar
DEBUG [main] - transformPayloadValue: br.com.myapp.jaas.jaxws.Pesquisar -> br.com.myapp.jaas.jaxws.Pesquisar
DEBUG [main] - Create a handler executor: []
DEBUG [main] - Create a handler executor: []
DEBUG [main] - Create a handler executor: [WSSecurityHandlerOutbound]
DEBUG [main] - Enter: handleOutBoundMessage
DEBUG [main] - createConfiguration from: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/jboss-wsse-client.xml
DEBUG [main] - Created parser: org.apache.xerces.jaxp.SAXParserImpl@4b82d2, isNamespaceAware: true, isValidating: true, isXIncludeAware: true
DEBUG [main] - http://xml.org/sax/features/validation set to: true
DEBUG [main] - http://xml.org/sax/features/namespaces set to: true
DEBUG [main] - http://apache.org/xml/features/validation/dynamic set to: true
DEBUG [main] - Created parser: org.apache.xerces.jaxp.SAXParserImpl@4b82d2, isNamespaceAware: true, isValidating: true, isXIncludeAware: true
DEBUG [main] - Add keystore: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/client_jbossws.jks
DEBUG [main] - Add truststore: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/client_jbossws_truststore.jks
DEBUG [main] - WS-Security config: org.jboss.ws.metadata.wsse.Config@166f9b9
DEBUG [main] - -----------------------------------
DEBUG [main] - Transitioning from OBJECT_VALID to DOM_VALID
DEBUG [main] - getXMLFragment from Object [xmlType={http://jaas.myapp.com.br/}pesquisar,javaType=class br.com.myapp.jaas.jaxws.Pesquisar]
DEBUG [main] - serialize: [xmlName={http://jaas.myapp.com.br/}pesquisar,xmlType={http://jaas.myapp.com.br/}pesquisar]
DEBUG [main] - serialized: claudioDEBUG [main] - xmlFragment: [source=claudio]
DEBUG [main] - -----------------------------------
DEBUG [main] - Encoding Message:
       claudio   DEBUG [main] - loadStore: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/client_jbossws.jks
DEBUG [main] - loadStore: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/client_jbossws_truststore.jks
DEBUG [main] - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)
DEBUG [main] - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)
DEBUG [main] - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)
DEBUG [main] - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)
DEBUG [main] - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)
DEBUG [main] - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)
DEBUG [main] - Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode)
DEBUG [main] - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N)
DEBUG [main] - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments)
DEBUG [main] - Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11)
DEBUG [main] - Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)
DEBUG [main] - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive)
DEBUG [main] - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)
DEBUG [main] - Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath)
DEBUG [main] - Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)
DEBUG [main] - Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT)
DEBUG [main] - Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
DEBUG [main] - Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
DEBUG [main] - Init() called
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA)
DEBUG [main] - Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)
DEBUG [main] - Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)
DEBUG [main] - Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384
DEBUG [main] - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)
DEBUG [main] - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512
DEBUG [main] - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space
DEBUG [main] - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system
DEBUG [main] - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs
DEBUG [main] - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents
DEBUG [main] - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys
DEBUG [main] - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys
DEBUG [main] - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates
DEBUG [main] - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages
DEBUG [main] - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers
DEBUG [main] - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages
DEBUG [main] - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages
DEBUG [main] - Now I try to bind prefixes:
DEBUG [main] - Now I try to bind ds to http://www.w3.org/2000/09/xmldsig#
DEBUG [main] - Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc#
DEBUG [main] - Now I try to bind experimental to http://www.xmlsecurity.org/experimental#
DEBUG [main] - Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2
DEBUG [main] - Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2
DEBUG [main] - Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n#
DEBUG [main] - Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
DEBUG [main] - XX_init                             146 ms
DEBUG [main] -   XX_prng                           0 ms
DEBUG [main] -   XX_parsing                        36 ms
DEBUG [main] -   XX_configure_i18n                 16 ms
DEBUG [main] -   XX_configure_reg_c14n             18 ms
DEBUG [main] -   XX_configure_reg_jcemapper        5 ms
DEBUG [main] -   XX_configure_reg_keyInfo          6 ms
DEBUG [main] -   XX_configure_reg_keyResolver      10 ms
DEBUG [main] -   XX_configure_reg_prefixes         1 ms
DEBUG [main] -   XX_configure_reg_resourceresolver 18 ms
DEBUG [main] -   XX_configure_reg_sigalgos         19 ms
DEBUG [main] -   XX_configure_reg_transforms       16 ms
DEBUG [main] - Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
DEBUG [main] - Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
DEBUG [main] - The NodeList is null
DEBUG [main] - Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
DEBUG [main] - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
DEBUG [main] - Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
DEBUG [main] - Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
DEBUG [main] - The NodeList is null
DEBUG [main] - Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
DEBUG [main] - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
DEBUG [main] - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
DEBUG [main] - Created SignatureRSA using SHA1withRSA
DEBUG [main] - I was asked to create a ResourceResolver and got 1
DEBUG [main] -  extra resolvers to my existing 4 system-wide resolvers
DEBUG [main] - check resolvability by class org.jboss.ws.extensions.security.WsuIdResolver
DEBUG [main] - setElement("ds:Transform", "null")
DEBUG [main] - Pre-digested input:
DEBUG [main] - claudioDEBUG [main] - I was asked to create a ResourceResolver and got 1
DEBUG [main] -  extra resolvers to my existing 4 system-wide resolvers
DEBUG [main] - check resolvability by class org.jboss.ws.extensions.security.WsuIdResolver
DEBUG [main] - setElement("ds:Transform", "null")
DEBUG [main] - Pre-digested input:
DEBUG [main] - 2012-03-13T20:48:22.843ZDEBUG [main] - Canonicalized SignedInfo:
DEBUG [main] - 9tKRdsLGTAHmI9yKcnih3TQ70B4=GYbJeXFXc2DObR0bHo9BLdAB3Ug=DEBUG [main] - Getting XMLCipher...
DEBUG [main] - Constructing XMLCipher...
DEBUG [main] - Request for URI http://www.w3.org/2001/04/xmlenc#aes128-cbc
DEBUG [main] - cihper.algoritm = AES/CBC/ISO10126Padding
DEBUG [main] - Initializing XMLCipher...
DEBUG [main] - opmode = ENCRYPT_MODE
DEBUG [main] - Initializing XMLCipher...
DEBUG [main] - opmode = ENCRYPT_MODE
DEBUG [main] - Returning EncryptedData
DEBUG [main] - Processing source element...
DEBUG [main] - Encrypting element content...
DEBUG [main] - Encrypting element...
DEBUG [main] - Serialized octets:
claudioDEBUG [main] - Expected cipher.outputSize = 240
DEBUG [main] - Actual cipher.outputSize = 240
DEBUG [main] - Encrypted octets:
O7DrN9b0ttATynzRSC/1+IZ+ZcV+Ifzlw8dL/OQYFOzDiWb54AZF1l1+zA31jkARytk1J4tYPY+a
ScAcBN0RXZjFEtqq20+DuBspGNRmTMB6EHWpCElCJmOs9jAPoNx6CTfFjPfpLFV+/fc8tLwjEyT5
2VJmL+gUkB501NwBUiE87IF4HBOSpLS6LKEM/x1sxqNj9KZndwKHuRdHpjzLPx/dP223SV1myhuJ
XIRZt5srrX8ZMxZJU/rby/NTjxfQ0G78RiaxIuqrVfRG1ZLbSZiGxnZP+M6Jfkd3RdJoA+fFTaJ2
n6+5wvNCqtiyi6OoOcDX9cV04yDEGcDhzP6veg==
DEBUG [main] - Encrypted octets length = 348
DEBUG [main] - Getting XMLCipher...
DEBUG [main] - Constructing XMLCipher...
DEBUG [main] - Request for URI http://www.w3.org/2001/04/xmlenc#rsa-1_5
DEBUG [main] - cihper.algoritm = RSA/ECB/PKCS1Padding
DEBUG [main] - Initializing XMLCipher...
DEBUG [main] - opmode = WRAP_MODE
DEBUG [main] - Encrypting key ...
DEBUG [main] - Encrypted key octets:
YeNE51YUZL82XMZyfetnRDBMF+SRbw0PO+26U3tL4LYZbNJXLb+PJjp6gvf1OH3/LlX4VhDRMBA0
JVRSuVuDdQrC008vG5Vr6TqIgiv4W2qbpFAZkrbIPdwlzuxNklplzB0tGZE8pW0nQ51Jywy9W4RA
GKvy1zbO2sqHLdXOW1s=
DEBUG [main] - Encrypted key octets length = 174
DEBUG [main] - Exit: handleOutBoundMessage with status: true
DEBUG [main] - Get locator for: [addr=http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService,props={javax.xml.ws.service.endpoint.address=http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService}]
DEBUG [main] - Remoting version: 2.5.4.SP3 (Flounder)
DEBUG [main] - Client[25793043:a15l2r-h22djk-gzrey6ey-1-gzrey6f0-2] setting invokerDestructionDelay to 5000
DEBUG [main] - Client[25793043:a15l2r-h22djk-gzrey6ey-1-gzrey6f0-2].connect(null)
DEBUG [main] - org.jboss.remoting.transport.http.HTTPClientInvoker@1f68272 setting unmarshalNullStream to true
DEBUG [main] - org.jboss.remoting.transport.http.HTTPClientInvoker@1f68272 setting disconnectAfterUse to true
DEBUG [main] - org.jboss.remoting.transport.http.HTTPClientInvoker@1f68272 connecting
DEBUG [main] - org.jboss.remoting.transport.http.HTTPClientInvoker@1f68272 connected
DEBUG [main] - Client[25793043:a15l2r-h22djk-gzrey6ey-1-gzrey6f0-2] connected to InvokerLocator [http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService]
DEBUG [main] - Client[25793043:a15l2r-h22djk-gzrey6ey-1-gzrey6f0-2] clientCounter: 1
DEBUG [main] - Client[25793043:a15l2r-h22djk-gzrey6ey-1-gzrey6f0-2] is connected
DEBUG [main] - Remoting metadata: {NoThrowOnError=true, HEADER={SOAPAction="", Content-Type=text/xml; charset=UTF-8}}
DEBUG [main] - Setting request header with SOAPAction : ""
DEBUG [main] - Setting request header with Content-Type : text/xml; charset=UTF-8
DEBUG [main] - Cannot connect on attempt 1
ERROR [main] - Exception caught while (preparing for) performing the invocation: 
java.io.IOException: Could not transmit message
        at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:267)
        at org.jboss.ws.core.client.SOAPProtocolConnectionHTTP.invoke(SOAPProtocolConnectionHTTP.java:71)
        at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:360)
        at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:232)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:171)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:157)
        at $Proxy12.pesquisar(Unknown Source)
        at JaasAuthClient.main(JaasAuthClient.java:33)
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker after 1 attempt(s)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.makeInvocation(HTTPClientInvoker.java:271)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:176)
        at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:169)
        at org.jboss.remoting.Client.invoke(Client.java:2070)
        at org.jboss.remoting.Client.invoke(Client.java:879)
        at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:246)
        ... 7 more
Caused by: org.jboss.ws.WSException: Invalid HTTP server response [401] - Unauthorized
        at org.jboss.ws.core.soap.SOAPMessageUnMarshallerHTTP.read(SOAPMessageUnMarshallerHTTP.java:75)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.readResponse(HTTPClientInvoker.java:608)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:402)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.makeInvocation(HTTPClientInvoker.java:253)
        ... 12 more
DEBUG [main] - Begin response processing
DEBUG [main] - popMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@504ec1 (Thread main)
DEBUG [main] - pushMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@11df164 (Thread main)
DEBUG [main] - Enter: handleIn BoundFault
ERROR [main] - SOAP request exception
java.io.IOException: Could not transmit message
        at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:267)
        at org.jboss.ws.core.client.SOAPProtocolConnectionHTTP.invoke(SOAPProtocolConnectionHTTP.java:71)
        at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:360)
        at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:232)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:171)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:157)
        at $Proxy12.pesquisar(Unknown Source)
        at JaasAuthClient.main(JaasAuthClient.java:33)
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker after 1 attempt(s)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.makeInvocation(HTTPClientInvoker.java:271)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:176)
        at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:169)
        at org.jboss.remoting.Client.invoke(Client.java:2070)
        at org.jboss.remoting.Client.invoke(Client.java:879)
        at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:246)
        ... 7 more
Caused by: org.jboss.ws.WSException: Invalid HTTP server response [401] - Unauthorized
        at org.jboss.ws.core.soap.SOAPMessageUnMarshallerHTTP.read(SOAPMessageUnMarshallerHTTP.java:75)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.readResponse(HTTPClientInvoker.java:608)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:402)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.makeInvocation(HTTPClientInvoker.java:253)
        ... 12 more
DEBUG [main] - Cannot obtain fault meta data for: class java.io.IOException
DEBUG [main] - Exit: handleIn BoundFault with status: true
DEBUG [main] - close
DEBUG [main] - close
DEBUG [main] - close
DEBUG [main] - popMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@11df164 (Thread main)
Exception in thread "main" javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
        at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:311)
        at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:244)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:171)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:157)
        at $Proxy12.pesquisar(Unknown Source)
        at JaasAuthClient.main(JaasAuthClient.java:33)
Caused by: java.io.IOException: Could not transmit message
        at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:267)
        at org.jboss.ws.core.client.SOAPProtocolConnectionHTTP.invoke(SOAPProtocolConnectionHTTP.java:71)
        at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:360)
        at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:232)
        ... 4 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker after 1 attempt(s)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.makeInvocation(HTTPClientInvoker.java:271)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:176)
        at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:169)
        at org.jboss.remoting.Client.invoke(Client.java:2070)
        at org.jboss.remoting.Client.invoke(Client.java:879)
        at org.jboss.ws.core.client.HTTPRemotingConnection.invoke(HTTPRemotingConnection.java:246)
        ... 7 more
Caused by: org.jboss.ws.WSException: Invalid HTTP server response [401] - Unauthorized
        at org.jboss.ws.core.soap.SOAPMessageUnMarshallerHTTP.read(SOAPMessageUnMarshallerHTTP.java:75)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.readResponse(HTTPClientInvoker.java:608)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:402)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.makeInvocation(HTTPClientInvoker.java:253)

 

sa

  • 1. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    spyhunter99 Novice

    try turning on SSL debugging. it's most likely a problem there

     

    edit: are you trying to use SSL with Client-Cert? Or some variant of WS-Security with certificates?

  • 2. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    Claudio Miranda Newbie

    Added -Djava.security.auth.debug=all it prints a LOT of message, trying to figure out any issue there.

    -Djavax.net.debug=all didn't print anything relevant.

  • 4. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    Claudio Miranda Newbie

    Firefox answer: HTTP GET not supported

     

    I tried with soapUI

     

    The request

     

    POST http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService HTTP/1.1
    Accept-Encoding: gzip,deflate
    Content-Type: text/xml;charset=UTF-8
    SOAPAction: ""
    User-Agent: Jakarta Commons-HttpClient/3.1
    Host: localhost:8080
    Content-Length: 2966
    
       MIICTzCCAbigAwIBAgIET1e6ozANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJCUjELMAkGA1UECBMCREYxETAPBgNVBAcTCEJyYXNpbGlhMRIwEAYDVQQKDAltaW5fc2F1ZGUxEDAOBgNVBAsTB2RhdGFzdXMxFzAVBgNVBAMTDmpib3Nzd3MgY2xpZW50MB4XDTEyMDMwNzE5NDQzNVoXDTEyMDYwNTE5NDQzNVowbDELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAkRGMREwDwYDVQQHEwhCcmFzaWxpYTESMBAGA1UECgwJbWluX3NhdWRlMRAwDgYDVQQLEwdkYXRhc3VzMRcwFQYDVQQDEw5qYm9zc3dzIGNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhd2XAXxR0FGcyoVGAGW/1nUz33TBQBQBjkJm+hrN6/kUJz8yDueLnuFc5YcJVSPGOLubVaRYudt5o8+iKMHDZPvBywv2SpExKcW8MRpocYsAyrPTASoUX4Mj/Ca5PPIcBpaZqEniI7Zj8LkXnPtSAwOOvCPco1ibclndognp4YECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBC4k6AAf6CwS8d3fNKB8XS4hiOrIGvwtNPjiWAV+ipORsNRiP0s4PjXJdWTK9RhHQc6/KyuYKFU7z1fzShJtYBP3gqBHTo+9kTVkRX/uwcDmIrHnCUlyz5eF1Aj/aFMhrAxidZSrGCcPEbWcJbpE2bF0Xde8UbdTtbqG1WLNOKCw==GVCdFu+VnbtIEdnHBr3p7iqT7/odF56knHdMCp6mpFTMUR+8gHLZoyzIlkxHHhR8S1ho8KVVH9ryg/e4qDiJ6X9Mvlf+DjF+K2lTk/xNeRqCKYwtcjlORvgpQide+yMamPUncyV/2dQD/mWQxq2/Vu7qWI+pkHYJKA5oEShuCx8=   JIwUK/+kt/RL0tV/s38N9/LpNgb7jRe6NUPRWY6lyOqI9Sz2WRtzGZDCEtp5gl/I2sS5b2KtG8h1
    grhGfO9GzsZOXOo6q5ZM3rVeIdfOqBzOCdU1J66Omn0C/Ox9faNTgufViyzEkzdTyeIHpOgK96ke
    EaSTCM4oVhwO8K4pb77FejJtOe2rFXz7rJDw2T/wogPGasdGwzboXXFu4ZAoqAXvzxKEO4QSSzxi
    b5X7CSNwy0Ev28yF6y0LoX0lodk8MbAb9E6v0KEgoi4tgkwMvIbRHce7W7QWE6hvD8j1c4qZW0EJ
    auqyzFVfRT54Ys1lg8za3c687G7NDpW5q04RaOjHN4inQ1f14q7fbOBiBO0=

     

    The response

    HTTP/1.1 401 Unauthorized
    Server: Apache-Coyote/1.1
    Content-Type: text/html;charset=utf-8
    Content-Length: 1099
    Date: Tue, 13 Mar 2012 21:58:13 GMT
    
    

    <html><head><title>JBoss Web/2.1.12.GA-patch-01 - Error report</title></head>

    <body><h1>HTTP Status 401 - No client certificate chain in this request</h1>

    <HR size="1" noshade="noshade"><p><b>type</b> Status report</p>

    <p><b>message</b> <u>No client certificate chain in this request</u></p><p><b>description</b>

    <u>This request requires HTTP authentication (No client certificate chain in this request).</u></p>

    <HR size="1" noshade="noshade"><h3>JBoss Web/2.1.12.GA-patch-01</h3></body></html>

  • 5. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    spyhunter99 Novice

    notice that the security config is null on your client, try setting that to the jboss-wsse-client.xml

  • 6. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    Claudio Miranda Newbie

    From the client log file I see that the it load the Standard Client, after then it loads correctlry the Standard WSSecurity Client.

     

    Also, the client code uses the Standard WSSecurity Client.

     

            StubExt stubExt = (StubExt) wsPesq;
            stubExt.setConfigName("Standard WSSecurity Client");

     

    DEBUG [main] - Create new config [name=Standard Client,file=META-INF/standard-jaxws-client-config.xml]

    DEBUG [main] - getConfig: [name=Standard Client,url=META-INF/standard-jaxws-client-config.xml]

    DEBUG [main] - parse: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/standard-jaxws-client-config.xml

     

     

     

    DEBUG [main] - Create new config [name=Standard WSSecurity Client,file=META-INF/standard-jaxws-client-config.xml]

    DEBUG [main] - getConfig: [name=Standard WSSecurity Client,url=META-INF/standard-jaxws-client-config.xml]

    DEBUG [main] - parse: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/standard-jaxws-client-config.xml

     

    Is that incorrect ?

     

    I modified as below, but didn't work, the exception is the same.

     

    URL wsseClientURL = Thread.currentThread().getContextClassLoader().getResource("META-INF/jboss-wsse-client.xml");

    stubExt.setSecurityConfig(wsseClientURL.toExternalForm());

     


  • 7. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    spyhunter99 Novice

    stubExt.setSecurityConfig("jboss-wsse-client.xml");

    stubExt.setConfigName("Standard WSSecurity Client");

     

    I think by default it looks in META-INF

  • 8. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    Claudio Miranda Newbie

    I see from the client log that "Standard WSSecurity Client" is picked up, see previous comment.

     

    Do you think there is something missing from the server side ?

     

    Thanks for your help.

  • 9. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    Claudio Miranda Newbie

    Used soapUI to test the ws request, the error is the same, HTTP 401.

     

    It is really frustrating, I couldn't grasp where is the problem. Thanks if you can take a look here and suggestion.

     

    (click at the image to enlarge)

    soapui_ws.jpg

  • 10. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    spyhunter99 Novice

    can you verify the following?

     

    from the service side, confirm that there is a certificate that can be used by the service and that the trust store contains the issuing certificate authority for the certificate used by the client

    from the client side, confifrm  that there is a certificate that can be used by the client and that the trust store contains the issuing certificate authority for the certificate used by the service

     

     

    from login-config.xml of jboss, what does UserCertPolicy look like? the @SecurityDomain ties the security context back to the login-config.xml, useful for http authentication but I'm not sure what effect it would have for you, because you are trying to do message level authentication, not transport. I'd suggest commenting that out and trying again

     

    And what does this class look like? what does it do?

    br.com.myapp.jaas.spi.SubjectMapper

  • 11. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    Claudio Miranda Newbie

    > from the service side, confirm that there is a certificate that can be used by the service and that the trust store contains the issuing certificate authority

    > for the certificate used by the client

     

    The server keystore jaas-ms-ejb-ear.ear/jaas-ms-ejb-ws-1.0.0.jar/server_jbossws.jks

    has 2 entries

    PrivateKeyEntry: server_jbossws

    trustedCertEntry: client_jbossws

     

    The server truststore has 2 public keys: server_jbossws and client_jbossws

     

    You can see it in details from the original post.

     

    > from the client side, confifrm  that there is a certificate that can be used by the client and that the trust store contains the issuing certificate authority for

    > the certificate used by the service

     

    The client keystore src/META-INF/client_jbossws.jks

    has 2 entries

    PrivateKeyEntry: client_jbossws

    trustedCertEntry: server_jbossws

     

    The client truststore has 2 public keys: server_jbossws and client_jbossws

     

    You can see it in details from the original post.

     

     

    > from login-config.xml of jboss, what does UserCertPolicy look like?

     

    The security-domain setting is in the file jaas-ms-ejb-ear.ear/lib/jaas-ms-1.1.4.jar/META-INF/ms-auth-jboss-beans.xml

     

    Its contents are

     

    <deployment xmlns="urn:jboss:bean-deployer:2.0">

     

        <application-policy name="UserCertPolicy" xmlns="urn:jboss:security-beans:1.0">

            <authentication>

                <login-module code="br.gov.saude.jaas.spi.UserCertLoginModule" flag="required"></login-module>

            </authentication>

        </application-policy>

    </deployment>

     

    > And what does this class look like? what does it do? br.com.myapp.jaas.spi.SubjectMapper

     

     

    Accordingly to [1] I want to extract the username from certificate to authenticate.

    public class SubjectMapper extends SubjectCNMapping {

     

        public Principal toPrinicipal(X509Certificate[] arg0) {

            Principal prinicipal = super.toPrinicipal(arg0);

            return prinicipal;

        }

    }

     

    Thank you for the help.

     

    1. https://community.jboss.org/wiki/JBossWS-WS-SecurityOptions#X509_certificate_token

  • 12. Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side
    spyhunter99 Novice

    Alright, I have an idea

     

    download a copy of tcpmon here http://code.google.com/p/tcpmon/

     

    try directing the client at that. maybe you'll get some more information.

     

    I think the problem is with the server/service's configuration.

     

    You can try turning on remote debugging on your jboss server, attach to it and set break points at every entry point in your code, especially the authorization pieces.

     

    worse case scenario, download the source for your version of jbossws and then set break points with that. There's some example code/smoke tests in there as well that may help you model your service after for this specific task.

     

    In addition, I'd suggest you try searching the issue tracker to see if there is anything related to this and your version of jbossws. Make sure you're running the latest version supported by your container version