7 Replies Latest reply on Jul 12, 2013 11:37 AM by asoldano

    Unable to publish Apache CXF STS issue in EAP 6.1

    mpag1980

      Hi,

       

      I implemented the sample Apache CXF STS in EAP 6.1 as shown in the link below.

       

      https://docs.jboss.org/author/display/JBWS/WS-Security

       

      When I try to access the CXF TokenService WSDL, it says "

      JBWEB000065: HTTP Status 404 - JBWEB000234: Servlet TestSecurityTokenService is currently unavailable

       

      My code is exactly the same as shown in the link above.

       

      web.xml

      ************

      <?xml version="1.0" encoding="UTF-8"?>

       

       

      <web-app

         version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

         <servlet>

            <servlet-name>TestSecurityTokenService</servlet-name>

            <servlet-class>STS.SampleSTS</servlet-class>

         </servlet>

         <servlet-mapping>

            <servlet-name>TestSecurityTokenService</servlet-name>

            <url-pattern>/SecurityTokenService/*</url-pattern>

         </servlet-mapping>

      </web-app>

       

       

      Jboss-web.xml

      *******************

      <?xml version="1.0" encoding="UTF-8"?>

       

       

      <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

       

       

      <jboss-web>

         <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>

      </jboss-web>

       

      SampleSTS.java

      ************************

      /*

      * JBoss, Home of Professional Open Source.

      * Copyright 2012, Red Hat Middleware LLC, and individual contributors

      * as indicated by the @author tags. See the copyright.txt file in the

      * distribution for a full listing of individual contributors.

      *

      * This is free software; you can redistribute it and/or modify it

      * under the terms of the GNU Lesser General Public License as

      * published by the Free Software Foundation; either version 2.1 of

      * the License, or (at your option) any later version.

      *

      * This software is distributed in the hope that it will be useful,

      * but WITHOUT ANY WARRANTY; without even the implied warranty of

      * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

      * Lesser General Public License for more details.

      *

      * You should have received a copy of the GNU Lesser General Public

      * License along with this software; if not, write to the Free

      * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA

      * 02110-1301 USA, or see the FSF site: http://www.fsf.org.

      */

      package STS;

       

       

      import java.util.Arrays;

      import java.util.LinkedList;

      import java.util.List;

       

       

      import javax.servlet.annotation.WebServlet;

      import javax.xml.ws.WebServiceProvider;

       

       

      import org.apache.cxf.annotations.EndpointProperties;

      import org.apache.cxf.annotations.EndpointProperty;

      import org.apache.cxf.interceptor.InInterceptors;

      import org.apache.cxf.sts.StaticSTSProperties;

      import org.apache.cxf.sts.operation.TokenIssueOperation;

      import org.apache.cxf.sts.operation.TokenValidateOperation;

      import org.apache.cxf.sts.service.ServiceMBean;

      import org.apache.cxf.sts.service.StaticService;

      import org.apache.cxf.sts.token.provider.SAMLTokenProvider;

      import org.apache.cxf.sts.token.validator.SAMLTokenValidator;

      import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;

      import org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory;

       

       

       

       

      @WebServiceProvider(serviceName = "SecurityTokenService",

            portName = "UT_Port",

            targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",

            wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")

      @EndpointProperties(value = {

            @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),

            @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),

            @EndpointProperty(key = "ws-security.callback-handler", value = "STSCallbackHandler"),

            @EndpointProperty(key = "ws-security.validate.token", value = "false") //to let the JAAS integration deal with validation through the interceptor below

      })

      @InInterceptors(interceptors = {"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})

       

       

      public class SampleSTS extends SecurityTokenServiceProvider

      {

         @SuppressWarnings("deprecation")

      public SampleSTS() throws Exception

         {

            super();

           

            StaticSTSProperties props = new StaticSTSProperties();

            props.setSignaturePropertiesFile("stsKeystore.properties");

            props.setSignatureUsername("mystskey");

            props.setCallbackHandlerClass(STSCallbackHandler.class.getName());

            props.setIssuer("DoubleItSTSIssuer");

           

            List<ServiceMBean> services = new LinkedList<ServiceMBean>();

            StaticService service = new StaticService();

            service.setEndpoints(Arrays.asList("http://localhost:(\\d)*/PalmUtilServices/services/PalmUtilityService", "http://\\[::1\\]:(\\d)*/PalmUtilServices/services/PalmUtilityService"));

            services.add(service);

           

            TokenIssueOperation issueOperation = new TokenIssueOperation();

            issueOperation.setServices(services);

            issueOperation.getTokenProviders().add(new SAMLTokenProvider());

            issueOperation.setStsProperties(props);

           

            TokenValidateOperation validateOperation = new TokenValidateOperation();

            validateOperation.getTokenValidators().add(new SAMLTokenValidator());

            validateOperation.setStsProperties(props);

           

            this.setIssueOperation(issueOperation);

            this.setValidateOperation(validateOperation);

         }

       

      }

       

      I am not getting any deployment error.I am not sure what  I am missing.

      Also please let me know if there is a way we can view the list of deployed webservices in EAP 6.1 from admin console similar to soa-p.

       

      Your help will be appreciated.

       

      Thanks,

      Anu

        • 1. Re: Unable to publish Apache CXF STS issue in EAP 6.1
          asoldano

          Hi Anu,

          can you share the rest of the contents of your deployment?

           

          Regarding the deployed ws endpoints, the web console allows seeing them.

          • 2. Re: Unable to publish Apache CXF STS issue in EAP 6.1
            mpag1980

            Hi Alessio, Thanks for your response. Please find my complete deployment contents below.

            Deployment structure of STS.PNG

             

             

             

             

            SampleSTS.java

            _____________________

             

            /*

            * JBoss, Home of Professional Open Source.

            * Copyright 2012, Red Hat Middleware LLC, and individual contributors

            * as indicated by the @author tags. See the copyright.txt file in the

            * distribution for a full listing of individual contributors.

            *

            * This is free software; you can redistribute it and/or modify it

            * under the terms of the GNU Lesser General Public License as

            * published by the Free Software Foundation; either version 2.1 of

            * the License, or (at your option) any later version.

            *

            * This software is distributed in the hope that it will be useful,

            * but WITHOUT ANY WARRANTY; without even the implied warranty of

            * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

            * Lesser General Public License for more details.

            *

            * You should have received a copy of the GNU Lesser General Public

            * License along with this software; if not, write to the Free

            * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA

            * 02110-1301 USA, or see the FSF site: http://www.fsf.org.

            */

            package STS;

             

             

            import java.util.Arrays;

            import java.util.LinkedList;

            import java.util.List;

             

             

            import javax.servlet.annotation.WebServlet;

            import javax.xml.ws.WebServiceProvider;

             

             

            import org.apache.cxf.annotations.EndpointProperties;

            import org.apache.cxf.annotations.EndpointProperty;

            import org.apache.cxf.interceptor.InInterceptors;

            import org.apache.cxf.sts.StaticSTSProperties;

            import org.apache.cxf.sts.operation.TokenIssueOperation;

            import org.apache.cxf.sts.operation.TokenValidateOperation;

            import org.apache.cxf.sts.service.ServiceMBean;

            import org.apache.cxf.sts.service.StaticService;

            import org.apache.cxf.sts.token.provider.SAMLTokenProvider;

            import org.apache.cxf.sts.token.validator.SAMLTokenValidator;

            import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;

            import org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory;

             

             

             

             

            @WebServiceProvider(serviceName = "SecurityTokenService",

                  portName = "UT_Port",

                  targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",

                  wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")

            @EndpointProperties(value = {

                  @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),

                  @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),

                  @EndpointProperty(key = "ws-security.callback-handler", value = "STSCallbackHandler"),

                  @EndpointProperty(key = "ws-security.validate.token", value = "false") //to let the JAAS integration deal with validation through the interceptor below

            })

            @InInterceptors(interceptors = {"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})

            @WebServlet(name = "TestSecurityTokenService", urlPatterns = "/*")

            public class SampleSTS extends SecurityTokenServiceProvider

            {

               @SuppressWarnings("deprecation")

            public SampleSTS() throws Exception

               {

                  super();

                 

                  StaticSTSProperties props = new StaticSTSProperties();

                  props.setSignaturePropertiesFile("stsKeystore.properties");

                  props.setSignatureUsername("mystskey");

                  props.setCallbackHandlerClass(STSCallbackHandler.class.getName());

                  props.setIssuer("DoubleItSTSIssuer");

                 

                  List<ServiceMBean> services = new LinkedList<ServiceMBean>();

                  StaticService service = new StaticService();

                  service.setEndpoints(Arrays.asList("http://localhost:(\\d)*/PalmUtilServices/services/PalmUtilityService", "http://\\[::1\\]:(\\d)*/PalmUtilServices/services/PalmUtilityService"));

                  services.add(service);

                 

                  TokenIssueOperation issueOperation = new TokenIssueOperation();

                  issueOperation.setServices(services);

                  issueOperation.getTokenProviders().add(new SAMLTokenProvider());

                  issueOperation.setStsProperties(props);

                 

                  TokenValidateOperation validateOperation = new TokenValidateOperation();

                  validateOperation.getTokenValidators().add(new SAMLTokenValidator());

                  validateOperation.setStsProperties(props);

                 

                  this.setIssueOperation(issueOperation);

                  this.setValidateOperation(validateOperation);

               }

             

            }

             

             

            STSCallbackHandler.java

            _________________________

            /**

            * Licensed to the Apache Software Foundation (ASF) under one

            * or more contributor license agreements. See the NOTICE file

            * distributed with this work for additional information

            * regarding copyright ownership. The ASF licenses this file

            * to you under the Apache License, Version 2.0 (the

            * "License"); you may not use this file except in compliance

            * with the License. You may obtain a copy of the License at

            *

            * http://www.apache.org/licenses/LICENSE-2.0

            *

            * Unless required by applicable law or agreed to in writing,

            * software distributed under the License is distributed on an

            * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

            * KIND, either express or implied. See the License for the

            * specific language governing permissions and limitations

            * under the License.

            */

            package STS;

             

             

            import java.io.IOException;

            import javax.security.auth.callback.Callback;

            import javax.security.auth.callback.CallbackHandler;

            import javax.security.auth.callback.UnsupportedCallbackException;

            import org.apache.ws.security.WSPasswordCallback;

             

             

            public class STSCallbackHandler implements CallbackHandler {

             

             

                public void handle(Callback[] callbacks) throws IOException,

                        UnsupportedCallbackException {

                    for (int i = 0; i < callbacks.length; i++) {

                        if (callbacks[i] instanceof WSPasswordCallback) {

                            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];

                            if ("mystskey".equals(pc.getIdentifier())) {

                                pc.setPassword("stskpass");

                                break;

                            } else if ("alice".equals(pc.getIdentifier())) {

                                pc.setPassword("clarinet");

                                break;

                            }

                        }

                    }

                }

            }

             

            MANIFEST.MF

            _________________

            Manifest-Version: 1.0

            Dependencies: org.apache.ws.security,org.apache.cxf.impl

             

             

             

            StsKeystore.properties

            _________________________

            #

            # Licensed to the Apache Software Foundation (ASF) under one

            # or more contributor license agreements. See the NOTICE file

            # distributed with this work for additional information

            # regarding copyright ownership. The ASF licenses this file

            # to you under the Apache License, Version 2.0 (the

            # "License"); you may not use this file except in compliance

            # with the License. You may obtain a copy of the License at

            #

            # http://www.apache.org/licenses/LICENSE-2.0

            #

            # Unless required by applicable law or agreed to in writing,

            # software distributed under the License is distributed on an

            # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

            # KIND, either express or implied. See the License for the

            # specific language governing permissions and limitations

            # under the License.

            #

            org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

            org.apache.ws.security.crypto.merlin.keystore.type=jks

            org.apache.ws.security.crypto.merlin.keystore.password=stsspass

            org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks

             

            stsstore.jks

            _____________

             

            ws-trust-1.4-service.wsdl

            ________________________

             

            <?xml version="1.0" encoding="UTF-8"?>

            <wsdl:definitions targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">

              <wsdl:types>

                <xs:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512">

             

             

                  <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType"/>

                  <xs:element name="RequestSecurityTokenResponse" type="wst:AbstractRequestSecurityTokenType"/>

             

             

                  <xs:complexType name="AbstractRequestSecurityTokenType">

                    <xs:sequence>

                      <xs:any maxOccurs="unbounded" minOccurs="0" namespace="##any" processContents="lax"/>

                    </xs:sequence>

                    <xs:attribute name="Context" type="xs:anyURI" use="optional"/>

                    <xs:anyAttribute namespace="##other" processContents="lax"/>

                  </xs:complexType>

                  <xs:element name="RequestSecurityTokenCollection" type="wst:RequestSecurityTokenCollectionType"/>

                  <xs:complexType name="RequestSecurityTokenCollectionType">

                    <xs:sequence>

                      <xs:element maxOccurs="unbounded" minOccurs="2" name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType"/>

                    </xs:sequence>

                  </xs:complexType>

             

             

                  <xs:element name="RequestSecurityTokenResponseCollection" type="wst:RequestSecurityTokenResponseCollectionType"/>

                  <xs:complexType name="RequestSecurityTokenResponseCollectionType">

                    <xs:sequence>

                      <xs:element maxOccurs="unbounded" minOccurs="1" ref="wst:RequestSecurityTokenResponse"/>

                    </xs:sequence>

                    <xs:anyAttribute namespace="##other" processContents="lax"/>

                  </xs:complexType>

             

             

                </xs:schema>

              </wsdl:types>

              <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">

                <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection">

                </wsdl:part>

              </wsdl:message>

              <wsdl:message name="RequestSecurityTokenCollectionMsg">

                <wsdl:part name="requestCollection" element="wst:RequestSecurityTokenCollection">

                </wsdl:part>

              </wsdl:message>

              <wsdl:message name="RequestSecurityTokenResponseMsg">

                <wsdl:part name="response" element="wst:RequestSecurityTokenResponse">

                </wsdl:part>

              </wsdl:message>

              <wsdl:message name="RequestSecurityTokenMsg">

                <wsdl:part name="request" element="wst:RequestSecurityToken">

                </wsdl:part>

              </wsdl:message>

              <wsdl:portType name="SecurityTokenResponseService">

                <wsdl:operation name="RequestSecurityTokenResponse">

                  <wsdl:input message="wstrust:RequestSecurityTokenResponseMsg">

                </wsdl:input>

                </wsdl:operation>

              </wsdl:portType>

              <wsdl:portType name="STS">

                <wsdl:operation name="Cancel">

                  <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel">

                </wsdl:input>

                  <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal">

                </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="Issue">

                  <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue">

                </wsdl:input>

                  <wsdl:output message="wstrust:RequestSecurityTokenResponseCollectionMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal">

                </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="Renew">

                  <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew">

                </wsdl:input>

                  <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal">

                </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="Validate">

                  <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate">

                </wsdl:input>

                  <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal">

                </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="KeyExchangeToken">

                  <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET">

                </wsdl:input>

                  <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal">

                </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="RequestCollection">

                  <wsdl:input message="wstrust:RequestSecurityTokenCollectionMsg">

                </wsdl:input>

                  <wsdl:output message="wstrust:RequestSecurityTokenResponseCollectionMsg">

                </wsdl:output>

                </wsdl:operation>

              </wsdl:portType>

              <wsdl:portType name="WSSecurityRequestor">

                <wsdl:operation name="Challenge">

                  <wsdl:input message="wstrust:RequestSecurityTokenResponseMsg">

                </wsdl:input>

                  <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg">

                </wsdl:output>

                </wsdl:operation>

              </wsdl:portType>

              <wsdl:binding name="UT_Binding" type="wstrust:STS">

                <wsp:PolicyReference URI="#UT_policy"/>

                <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

                <wsdl:operation name="Issue">

                  <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>

                  <wsdl:input>

                <wsp:PolicyReference URI="#Input_policy"/>

                    <soap:body use="literal"/>

                  </wsdl:input>

                  <wsdl:output>

                <wsp:PolicyReference URI="#Output_policy"/>

                    <soap:body use="literal"/>

                  </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="Validate">

                  <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>

                  <wsdl:input>

                <wsp:PolicyReference URI="#Input_policy"/>

                    <soap:body use="literal"/>

                  </wsdl:input>

                  <wsdl:output>

                <wsp:PolicyReference URI="#Output_policy"/>

                    <soap:body use="literal"/>

                  </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="Cancel">

                  <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>

                  <wsdl:input>

                    <soap:body use="literal"/>

                  </wsdl:input>

                  <wsdl:output>

                    <soap:body use="literal"/>

                  </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="Renew">

                  <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>

                  <wsdl:input>

                    <soap:body use="literal"/>

                  </wsdl:input>

                  <wsdl:output>

                    <soap:body use="literal"/>

                  </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="KeyExchangeToken">

                  <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>

                  <wsdl:input>

                    <soap:body use="literal"/>

                  </wsdl:input>

                  <wsdl:output>

                    <soap:body use="literal"/>

                  </wsdl:output>

                </wsdl:operation>

                <wsdl:operation name="RequestCollection">

                  <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>

                  <wsdl:input>

                    <soap:body use="literal"/>

                  </wsdl:input>

                  <wsdl:output>

                    <soap:body use="literal"/>

                  </wsdl:output>

                </wsdl:operation>

              </wsdl:binding>

              <wsdl:service name="SecurityTokenService">

                <wsdl:port name="UT_Port" binding="wstrust:UT_Binding">

                  <soap:address location="http://localhost:8080/CXFworking/services/UT_Port"/>

                </wsdl:port>

              </wsdl:service>

                <wsp:Policy wsu:Id="UT_policy">

                  <wsp:ExactlyOne>

                     <wsp:All>

                        <wsap10:UsingAddressing/>

                        <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <wsp:Policy>

                              <sp:ProtectionToken>

                                 <wsp:Policy>

                                    <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">

                                       <wsp:Policy>

                                          <sp:RequireDerivedKeys/>

                                          <sp:RequireThumbprintReference/>

                                          <sp:WssX509V3Token10/>

                                       </wsp:Policy>

                                    </sp:X509Token>

                                 </wsp:Policy>

                              </sp:ProtectionToken>

                              <sp:AlgorithmSuite>

                                 <wsp:Policy>

                                    <sp:Basic256/>

                                 </wsp:Policy>

                              </sp:AlgorithmSuite>

                              <sp:Layout>

                                 <wsp:Policy>

                                    <sp:Lax/>

                                 </wsp:Policy>

                              </sp:Layout>

                              <sp:IncludeTimestamp/>

                              <sp:EncryptSignature/>

                              <sp:OnlySignEntireHeadersAndBody/>

                           </wsp:Policy>

                        </sp:SymmetricBinding>

                        <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <wsp:Policy>

                              <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">

                                 <wsp:Policy>

                                    <sp:WssUsernameToken10/>

                                 </wsp:Policy>

                              </sp:UsernameToken>

                           </wsp:Policy>

                        </sp:SignedSupportingTokens>

                        <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <wsp:Policy>

                              <sp:MustSupportRefKeyIdentifier/>

                              <sp:MustSupportRefIssuerSerial/>

                              <sp:MustSupportRefThumbprint/>

                              <sp:MustSupportRefEncryptedKey/>

                           </wsp:Policy>

                        </sp:Wss11>

                        <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <wsp:Policy>

                              <sp:MustSupportIssuedTokens/>

                              <sp:RequireClientEntropy/>

                              <sp:RequireServerEntropy/>

                           </wsp:Policy>

                        </sp:Trust13>

                     </wsp:All>

                  </wsp:ExactlyOne>

               </wsp:Policy>

                <wsp:Policy wsu:Id="Input_policy">

                  <wsp:ExactlyOne>

                     <wsp:All>

                        <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <sp:Body/>

                           <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>

                        </sp:SignedParts>

                        <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <sp:Body/>

                        </sp:EncryptedParts>

                     </wsp:All>

                  </wsp:ExactlyOne>

               </wsp:Policy>

                <wsp:Policy wsu:Id="Output_policy">

                  <wsp:ExactlyOne>

                     <wsp:All>

                        <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <sp:Body/>

                           <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                           <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>

                        </sp:SignedParts>

                        <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                           <sp:Body/>

                        </sp:EncryptedParts>

                     </wsp:All>

                  </wsp:ExactlyOne>

               </wsp:Policy>

            </wsdl:definitions>

             

            jboss-web.xml

            _______________

             

            <?xml version="1.0" encoding="UTF-8"?>

             

             

            <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

             

             

            <jboss-web>

               <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>

            </jboss-web>

             

            jboss-wsse-server.xml (This file is not included in the above link.But I just tried to include it because it was provided as part of picketlink secure token service)

            ______________________

            <?xml version="1.0" encoding="UTF-8"?>

             

             

            <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

              xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

               <config>

                  <requires/>

               </config>

            </jboss-ws-security>

             

            web.xml

            _____________

            <?xml version="1.0" encoding="UTF-8"?>

            <web-app

               version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

               xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

               <servlet>

                  <servlet-name>TestSecurityTokenService</servlet-name>

                  <servlet-class>STS.SampleSTS</servlet-class>

               </servlet>

               <servlet-mapping>

                  <servlet-name>TestSecurityTokenService</servlet-name>

                  <url-pattern>/SecurityTokenService/</url-pattern>

               </servlet-mapping>

            </web-app>

             

            I am sure I am missing something here in web.xml.Thatswhy I could not publish this as a service.

            Please help me out.

             

            Thanks,

            Abarna

            • 3. Re: Unable to publish Apache CXF STS issue in EAP 6.1
              mpag1980

              Hi Alessio,

               

              I am also attaching the screenshot of my admin console in EAP 6.1. I am not able to see the list of deployed webservices. I was able to view it in EAP 6.0.

              Please help me out.

               

              Thanks,

              Abarnaadmin console EAP 6.1.PNG

              • 4. Re: Unable to publish Apache CXF STS issue in EAP 6.1
                asoldano

                Really strange, you should see something like:

                Screenshot-1.png

                (I actually used a slightly different version I had available here, but it should really be the same).

                 

                Can you check the standalone configuration you're running actually includes the webservices subsystem?

                • 5. Re: Unable to publish Apache CXF STS issue in EAP 6.1
                  mpag1980

                  Alessio, I commented the webservice subsystem because it was giving me errors when I generate webservices from CXF stack and deploy it in EAP 6.1. In one of the Jboss forum, they advised to comment the webservice subsystem on the standalone.bat file.Only then it gets deployed in to the EAP 6.1.

                   

                  Also I think I am missing some configuration in the code when i implement the sample Apache CXF STS using CXF WS stack in EAP 6.1

                   

                  https://docs.jboss.org/author/display/JBWS/WS-Security

                   

                  I am attaching my code below.

                   

                  Please find my complete deployment contents below.

                  Deployment structure of STS.PNG

                   

                   

                   

                   

                  SampleSTS.java

                  _____________________

                   

                  /*

                  * JBoss, Home of Professional Open Source.

                  * Copyright 2012, Red Hat Middleware LLC, and individual contributors

                  * as indicated by the @author tags. See the copyright.txt file in the

                  * distribution for a full listing of individual contributors.

                  *

                  * This is free software; you can redistribute it and/or modify it

                  * under the terms of the GNU Lesser General Public License as

                  * published by the Free Software Foundation; either version 2.1 of

                  * the License, or (at your option) any later version.

                  *

                  * This software is distributed in the hope that it will be useful,

                  * but WITHOUT ANY WARRANTY; without even the implied warranty of

                  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

                  * Lesser General Public License for more details.

                  *

                  * You should have received a copy of the GNU Lesser General Public

                  * License along with this software; if not, write to the Free

                  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA

                  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.

                  */

                  package STS;

                   

                   

                  import java.util.Arrays;

                  import java.util.LinkedList;

                  import java.util.List;

                   

                   

                  import javax.servlet.annotation.WebServlet;

                  import javax.xml.ws.WebServiceProvider;

                   

                   

                  import org.apache.cxf.annotations.EndpointProperties;

                  import org.apache.cxf.annotations.EndpointProperty;

                  import org.apache.cxf.interceptor.InInterceptors;

                  import org.apache.cxf.sts.StaticSTSProperties;

                  import org.apache.cxf.sts.operation.TokenIssueOperation;

                  import org.apache.cxf.sts.operation.TokenValidateOperation;

                  import org.apache.cxf.sts.service.ServiceMBean;

                  import org.apache.cxf.sts.service.StaticService;

                  import org.apache.cxf.sts.token.provider.SAMLTokenProvider;

                  import org.apache.cxf.sts.token.validator.SAMLTokenValidator;

                  import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;

                  import org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory;

                   

                   

                   

                   

                  @WebServiceProvider(serviceName = "SecurityTokenService",

                        portName = "UT_Port",

                        targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",

                        wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")

                  @EndpointProperties(value = {

                        @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),

                        @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),

                        @EndpointProperty(key = "ws-security.callback-handler", value = "STSCallbackHandler"),

                        @EndpointProperty(key = "ws-security.validate.token", value = "false") //to let the JAAS integration deal with validation through the interceptor below

                  })

                  @InInterceptors(interceptors = {"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})

                  @WebServlet(name = "TestSecurityTokenService", urlPatterns = "/*")

                  public class SampleSTS extends SecurityTokenServiceProvider

                  {

                     @SuppressWarnings("deprecation")

                  public SampleSTS() throws Exception

                     {

                        super();

                      

                        StaticSTSProperties props = new StaticSTSProperties();

                        props.setSignaturePropertiesFile("stsKeystore.properties");

                        props.setSignatureUsername("mystskey");

                        props.setCallbackHandlerClass(STSCallbackHandler.class.getName());

                        props.setIssuer("DoubleItSTSIssuer");

                      

                        List<ServiceMBean> services = new LinkedList<ServiceMBean>();

                        StaticService service = new StaticService();

                        service.setEndpoints(Arrays.asList("http://localhost:(\\d)*/PalmUtilServices/services/PalmUtilityService", "http://\\[::1\\]:(\\d)*/PalmUtilServices/services/PalmUtilityService"));

                        services.add(service);

                      

                        TokenIssueOperation issueOperation = new TokenIssueOperation();

                        issueOperation.setServices(services);

                        issueOperation.getTokenProviders().add(new SAMLTokenProvider());

                        issueOperation.setStsProperties(props);

                      

                        TokenValidateOperation validateOperation = new TokenValidateOperation();

                        validateOperation.getTokenValidators().add(new SAMLTokenValidator());

                        validateOperation.setStsProperties(props);

                      

                        this.setIssueOperation(issueOperation);

                        this.setValidateOperation(validateOperation);

                     }

                   

                  }

                   

                   

                  STSCallbackHandler.java

                  _________________________

                  /**

                  * Licensed to the Apache Software Foundation (ASF) under one

                  * or more contributor license agreements. See the NOTICE file

                  * distributed with this work for additional information

                  * regarding copyright ownership. The ASF licenses this file

                  * to you under the Apache License, Version 2.0 (the

                  * "License"); you may not use this file except in compliance

                  * with the License. You may obtain a copy of the License at

                  *

                  * http://www.apache.org/licenses/LICENSE-2.0

                  *

                  * Unless required by applicable law or agreed to in writing,

                  * software distributed under the License is distributed on an

                  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

                  * KIND, either express or implied. See the License for the

                  * specific language governing permissions and limitations

                  * under the License.

                  */

                  package STS;

                   

                   

                  import java.io.IOException;

                  import javax.security.auth.callback.Callback;

                  import javax.security.auth.callback.CallbackHandler;

                  import javax.security.auth.callback.UnsupportedCallbackException;

                  import org.apache.ws.security.WSPasswordCallback;

                   

                   

                  public class STSCallbackHandler implements CallbackHandler {

                   

                   

                      public void handle(Callback[] callbacks) throws IOException,

                              UnsupportedCallbackException {

                          for (int i = 0; i < callbacks.length; i++) {

                              if (callbacks[i] instanceof WSPasswordCallback) {

                                  WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];

                                  if ("mystskey".equals(pc.getIdentifier())) {

                                      pc.setPassword("stskpass");

                                      break;

                                  } else if ("alice".equals(pc.getIdentifier())) {

                                      pc.setPassword("clarinet");

                                      break;

                                  }

                              }

                          }

                      }

                  }

                   

                  MANIFEST.MF

                  _________________

                  Manifest-Version: 1.0

                  Dependencies: org.apache.ws.security,org.apache.cxf.impl

                   

                   

                   

                  StsKeystore.properties

                  _________________________

                  #

                  # Licensed to the Apache Software Foundation (ASF) under one

                  # or more contributor license agreements. See the NOTICE file

                  # distributed with this work for additional information

                  # regarding copyright ownership. The ASF licenses this file

                  # to you under the Apache License, Version 2.0 (the

                  # "License"); you may not use this file except in compliance

                  # with the License. You may obtain a copy of the License at

                  #

                  # http://www.apache.org/licenses/LICENSE-2.0

                  #

                  # Unless required by applicable law or agreed to in writing,

                  # software distributed under the License is distributed on an

                  # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

                  # KIND, either express or implied. See the License for the

                  # specific language governing permissions and limitations

                  # under the License.

                  #

                  org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

                  org.apache.ws.security.crypto.merlin.keystore.type=jks

                  org.apache.ws.security.crypto.merlin.keystore.password=stsspass

                  org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks

                   

                  stsstore.jks

                  _____________

                   

                  ws-trust-1.4-service.wsdl

                  ________________________

                   

                  <?xml version="1.0" encoding="UTF-8"?>

                  <wsdl:definitions targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">

                    <wsdl:types>

                      <xs:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512">

                   

                   

                        <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType"/>

                        <xs:element name="RequestSecurityTokenResponse" type="wst:AbstractRequestSecurityTokenType"/>

                   

                   

                        <xs:complexType name="AbstractRequestSecurityTokenType">

                          <xs:sequence>

                            <xs:any maxOccurs="unbounded" minOccurs="0" namespace="##any" processContents="lax"/>

                          </xs:sequence>

                          <xs:attribute name="Context" type="xs:anyURI" use="optional"/>

                          <xs:anyAttribute namespace="##other" processContents="lax"/>

                        </xs:complexType>

                        <xs:element name="RequestSecurityTokenCollection" type="wst:RequestSecurityTokenCollectionType"/>

                        <xs:complexType name="RequestSecurityTokenCollectionType">

                          <xs:sequence>

                            <xs:element maxOccurs="unbounded" minOccurs="2" name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType"/>

                          </xs:sequence>

                        </xs:complexType>

                   

                   

                        <xs:element name="RequestSecurityTokenResponseCollection" type="wst:RequestSecurityTokenResponseCollectionType"/>

                        <xs:complexType name="RequestSecurityTokenResponseCollectionType">

                          <xs:sequence>

                            <xs:element maxOccurs="unbounded" minOccurs="1" ref="wst:RequestSecurityTokenResponse"/>

                          </xs:sequence>

                          <xs:anyAttribute namespace="##other" processContents="lax"/>

                        </xs:complexType>

                   

                   

                      </xs:schema>

                    </wsdl:types>

                    <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">

                      <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection">

                      </wsdl:part>

                    </wsdl:message>

                    <wsdl:message name="RequestSecurityTokenCollectionMsg">

                      <wsdl:part name="requestCollection" element="wst:RequestSecurityTokenCollection">

                      </wsdl:part>

                    </wsdl:message>

                    <wsdl:message name="RequestSecurityTokenResponseMsg">

                      <wsdl:part name="response" element="wst:RequestSecurityTokenResponse">

                      </wsdl:part>

                    </wsdl:message>

                    <wsdl:message name="RequestSecurityTokenMsg">

                      <wsdl:part name="request" element="wst:RequestSecurityToken">

                      </wsdl:part>

                    </wsdl:message>

                    <wsdl:portType name="SecurityTokenResponseService">

                      <wsdl:operation name="RequestSecurityTokenResponse">

                        <wsdl:input message="wstrust:RequestSecurityTokenResponseMsg">

                      </wsdl:input>

                      </wsdl:operation>

                    </wsdl:portType>

                    <wsdl:portType name="STS">

                      <wsdl:operation name="Cancel">

                        <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel">

                      </wsdl:input>

                        <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal">

                      </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="Issue">

                        <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue">

                      </wsdl:input>

                        <wsdl:output message="wstrust:RequestSecurityTokenResponseCollectionMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal">

                      </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="Renew">

                        <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew">

                      </wsdl:input>

                        <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal">

                      </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="Validate">

                        <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate">

                      </wsdl:input>

                        <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal">

                      </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="KeyExchangeToken">

                        <wsdl:input message="wstrust:RequestSecurityTokenMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET">

                      </wsdl:input>

                        <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg" wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal">

                      </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="RequestCollection">

                        <wsdl:input message="wstrust:RequestSecurityTokenCollectionMsg">

                      </wsdl:input>

                        <wsdl:output message="wstrust:RequestSecurityTokenResponseCollectionMsg">

                      </wsdl:output>

                      </wsdl:operation>

                    </wsdl:portType>

                    <wsdl:portType name="WSSecurityRequestor">

                      <wsdl:operation name="Challenge">

                        <wsdl:input message="wstrust:RequestSecurityTokenResponseMsg">

                      </wsdl:input>

                        <wsdl:output message="wstrust:RequestSecurityTokenResponseMsg">

                      </wsdl:output>

                      </wsdl:operation>

                    </wsdl:portType>

                    <wsdl:binding name="UT_Binding" type="wstrust:STS">

                      <wsp:PolicyReference URI="#UT_policy"/>

                      <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

                      <wsdl:operation name="Issue">

                        <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>

                        <wsdl:input>

                      <wsp:PolicyReference URI="#Input_policy"/>

                          <soap:body use="literal"/>

                        </wsdl:input>

                        <wsdl:output>

                      <wsp:PolicyReference URI="#Output_policy"/>

                          <soap:body use="literal"/>

                        </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="Validate">

                        <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>

                        <wsdl:input>

                      <wsp:PolicyReference URI="#Input_policy"/>

                          <soap:body use="literal"/>

                        </wsdl:input>

                        <wsdl:output>

                      <wsp:PolicyReference URI="#Output_policy"/>

                          <soap:body use="literal"/>

                        </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="Cancel">

                        <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>

                        <wsdl:input>

                          <soap:body use="literal"/>

                        </wsdl:input>

                        <wsdl:output>

                          <soap:body use="literal"/>

                        </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="Renew">

                        <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>

                        <wsdl:input>

                          <soap:body use="literal"/>

                        </wsdl:input>

                        <wsdl:output>

                          <soap:body use="literal"/>

                        </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="KeyExchangeToken">

                        <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>

                        <wsdl:input>

                          <soap:body use="literal"/>

                        </wsdl:input>

                        <wsdl:output>

                          <soap:body use="literal"/>

                        </wsdl:output>

                      </wsdl:operation>

                      <wsdl:operation name="RequestCollection">

                        <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>

                        <wsdl:input>

                          <soap:body use="literal"/>

                        </wsdl:input>

                        <wsdl:output>

                          <soap:body use="literal"/>

                        </wsdl:output>

                      </wsdl:operation>

                    </wsdl:binding>

                    <wsdl:service name="SecurityTokenService">

                      <wsdl:port name="UT_Port" binding="wstrust:UT_Binding">

                        <soap:address location="http://localhost:8080/CXFworking/services/UT_Port"/>

                      </wsdl:port>

                    </wsdl:service>

                      <wsp:Policy wsu:Id="UT_policy">

                        <wsp:ExactlyOne>

                           <wsp:All>

                              <wsap10:UsingAddressing/>

                              <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <wsp:Policy>

                                    <sp:ProtectionToken>

                                       <wsp:Policy>

                                          <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">

                                             <wsp:Policy>

                                                <sp:RequireDerivedKeys/>

                                                <sp:RequireThumbprintReference/>

                                                <sp:WssX509V3Token10/>

                                             </wsp:Policy>

                                          </sp:X509Token>

                                       </wsp:Policy>

                                    </sp:ProtectionToken>

                                    <sp:AlgorithmSuite>

                                       <wsp:Policy>

                                          <sp:Basic256/>

                                       </wsp:Policy>

                                    </sp:AlgorithmSuite>

                                    <sp:Layout>

                                       <wsp:Policy>

                                          <sp:Lax/>

                                       </wsp:Policy>

                                    </sp:Layout>

                                    <sp:IncludeTimestamp/>

                                    <sp:EncryptSignature/>

                                    <sp:OnlySignEntireHeadersAndBody/>

                                 </wsp:Policy>

                              </sp:SymmetricBinding>

                              <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <wsp:Policy>

                                    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">

                                       <wsp:Policy>

                                          <sp:WssUsernameToken10/>

                                       </wsp:Policy>

                                    </sp:UsernameToken>

                                 </wsp:Policy>

                              </sp:SignedSupportingTokens>

                              <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <wsp:Policy>

                                    <sp:MustSupportRefKeyIdentifier/>

                                    <sp:MustSupportRefIssuerSerial/>

                                    <sp:MustSupportRefThumbprint/>

                                    <sp:MustSupportRefEncryptedKey/>

                                 </wsp:Policy>

                              </sp:Wss11>

                              <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <wsp:Policy>

                                    <sp:MustSupportIssuedTokens/>

                                    <sp:RequireClientEntropy/>

                                    <sp:RequireServerEntropy/>

                                 </wsp:Policy>

                              </sp:Trust13>

                           </wsp:All>

                        </wsp:ExactlyOne>

                     </wsp:Policy>

                      <wsp:Policy wsu:Id="Input_policy">

                        <wsp:ExactlyOne>

                           <wsp:All>

                              <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <sp:Body/>

                                 <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>

                              </sp:SignedParts>

                              <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <sp:Body/>

                              </sp:EncryptedParts>

                           </wsp:All>

                        </wsp:ExactlyOne>

                     </wsp:Policy>

                      <wsp:Policy wsu:Id="Output_policy">

                        <wsp:ExactlyOne>

                           <wsp:All>

                              <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <sp:Body/>

                                 <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>

                                 <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>

                              </sp:SignedParts>

                              <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

                                 <sp:Body/>

                              </sp:EncryptedParts>

                           </wsp:All>

                        </wsp:ExactlyOne>

                     </wsp:Policy>

                  </wsdl:definitions>

                   

                  jboss-web.xml

                  _______________

                   

                  <?xml version="1.0" encoding="UTF-8"?>

                   

                   

                  <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

                   

                   

                  <jboss-web>

                     <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>

                  </jboss-web>

                   

                  jboss-wsse-server.xml (This file is not included in the above link.But I just tried to include it because it was provided as part of picketlink secure token service)

                  ______________________

                  <?xml version="1.0" encoding="UTF-8"?>

                   

                   

                  <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                    xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

                     <config>

                        <requires/>

                     </config>

                  </jboss-ws-security>

                   

                  web.xml

                  _____________

                  <?xml version="1.0" encoding="UTF-8"?>

                  <web-app

                     version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

                     <servlet>

                        <servlet-name>TestSecurityTokenService</servlet-name>

                        <servlet-class>STS.SampleSTS</servlet-class>

                     </servlet>

                     <servlet-mapping>

                        <servlet-name>TestSecurityTokenService</servlet-name>

                        <url-pattern>/SecurityTokenService/</url-pattern>

                     </servlet-mapping>

                  </web-app>

                   

                  I am sure I am missing something here in web.xml.Thatswhy I could not publish this as a service.

                  Please help me out.

                   

                  Thanks,

                  Abarna

                  • 6. Re: Unable to publish Apache CXF STS issue in EAP 6.1
                    asoldano

                    You already pasted the deployment info ;-)

                     

                    Anyway, if you commented out the webservices subsystem, that explains the problem. There's no way you can use the STS as described in JBossWS documentation if you comment out / disable the JBossWS integration (webservices module).

                    Removing the webservices subsystem prevents JAXWS endpoinst from being deployed, unless e.g you use any specific deployment mechanism from CXF (CXF servlet declaration in web.xml).

                    Of course the webservices section of the management console is not available if the webservices subsystem is disabled (nothing to manage there, JBossWS is not even being loaded).

                    • 7. Re: Unable to publish Apache CXF STS issue in EAP 6.1
                      asoldano

                      Speaking of the WS integration in JBoss, be sure to read the first two sections at https://docs.jboss.org/author/display/JBWS/Apache+CXF+integration#ApacheCXFintegration-JBossWSintegrationlayerwithApacheCXF