Problem implementing WS-Security X509 Token in JBoss 5.x
soulshunter Oct 23, 2012 4:05 AMHi all,
i'm re-writing an application developped for JBoss 4.3 fro a new environment in JBoss 5.1.
In this application (EAR) we've a WAR with some Web Services with WS-Security and X509 Token.
In the first environment (Jboss 4.3) my jboss-wsse-server.xml look as:
{code:xml}
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<!-- PRODUCTION -->
<key-store-file>/mydirectory/keystore/server.keystore</key-store-file>
<key-store-password>xxx</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>/mydirectory/keystore/server.truststore</trust-store-file>
<trust-store-password>xxx</trust-store-password>
<trust-store-type>jks</trust-store-type>
<!-- timestamp tolerance -->
<timestamp-verification createdTolerance="600" warnCreated="true" expiresTolerance="600" warnExpires="true" />
<config>
<!-- <timestamp ttl="1000"/> -->
<sign type="x509v3" alias="server" />
<requires>
<signature/>
</requires>
<authenticate>
<signatureCertAuth certificatePrincipal="com.examples.service.jbossws.MyCertificatePrincipal"/>
</authenticate>
</config>
</jboss-ws-security>
{code}
And my Jboss-service.xml as:
{code:xml}
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=SanferSecurityDomain">
<constructor>
<arg type="java.lang.String" value="SanferWSCert"/>
</constructor>
<attribute name="KeyStoreURL">/mydirectory/keystore/server.keystore</attribute>
<attribute name="KeyStorePass">xxx</attribute>
<attribute name="KeyStoreType">jks</attribute>
<depends>jboss.security:service=JaasSecurityManager</depends>
</mbean>
<mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
name="whatever:service=SanferLogin">
<attribute name="AuthConfig">my-login-config.xml</attribute>
<depends optional-attribute-name="LoginConfigService">
jboss.security:service=XMLLoginConfig</depends>
<depends optional-attribute-name="SecurityManagerService">
jboss.security:service=JaasSecurityManager</depends>
</mbean>
</server>
{code}
I highlighted in red the absolute path of my keystore and truststore.
When i deploy this EAR in Jboss 4.3 everything it's ok, but in Jboss 5.1 i've the error message above:
{code}
Caused by: org.jboss.ws.WSException: Cannot find required security resource: /mydirectory/keystore/server.keystore
at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.getResource(WSSecurityConfigFactory.java:114)
at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.initKeystorePath(WSSecurityConfigFactory.java:89)
at org.jboss.ws.metadata.wsse.WSSecurityConfigFactory.createConfiguration(WSSecurityConfigFactory.java:72)
at org.jboss.ws.metadata.builder.jaxws.JAXWSWebServiceMetaDataBuilder.buildWebServiceMetaData(JAXWSWebServiceMetaDataBuilder.java:132)
at org.jboss.ws.metadata.builder.jaxws.JAXWSServerMetaDataBuilder.setupProviderOrWebService(JAXWSServerMetaDataBuilder.java:52)
at org.jboss.ws.metadata.builder.jaxws.JAXWSMetaDataBuilderJSE.buildMetaData(JAXWSMetaDataBuilderJSE.java:61)
at org.jboss.wsf.stack.jbws.UnifiedMetaDataDeploymentAspect.start(UnifiedMetaDataDeploymentAspect.java:64)
at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:129)
at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:76)
at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:55)
at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179)
... 30 more
{code}
The WSSecurityConfig can't locate the keystore from the absolute path, but the JaasSecurityDomain however locate it.
I've tried another different way putting the Keystore and Trustore inside the WEB-INF folder of WAR, and i've a similar scenario.
In this case the WSSecurityConfig locate the Kesytsore/Trustore but the JaasSecurityDomain throw the error "Can't locate resource: WEB-INF/server.keystore".
I think i've some Class Loading issue, can you help me to fix it?
Thanks for the help.