开发者

Secured Web Service Exception: This service requires <wsse:Security>, which is missing

I have a problem with web service messaging.

1) Jboss 4.2.3GA

2) Web Service class that is Stateless EJB. It uses encryption and annotated like this:

@Local
@Stateless
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SOAPBinding(style = SOAPBinding.Style.RPC)
@WebService

3) Web Service resides in Module_1

4) Client is MBean. It has following annotations:

@Service(name = "MyWebServiceClient")
@Local(MyWebServiceClient.class)
@Management(MyWebServiceClient.class)

5) MyWebServiceClient resides in Module_2

6) Module_1 has META-INF directory with following WS related content:

  • jboss-wsse-server.xml
  • server.keystore
  • server.truststore

jboss-wsse-server.xml has following content:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
                   xsi="http://www.w3.org/2001/XMLSchem开发者_如何学Ca-instance" 
                   schemaLocation="http://www.jboss.com/ws-security/config 
                   www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

<key-store-file>META-INF/server.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>

<trust-store-file>META-INF/server.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>

<key-passwords>
    <key-password alias="server" password="qwerty"/>
    <key-password alias="client" password="qwerty"/>
</key-passwords>

<config>
    <sign type="x509v3" alias="server"/>
    <encrypt type="x509v3" alias="client"/>
    <requires>
        <signature/>
        <encryption/>
    </requires>
</config>
</jboss-ws-security>

7) Module_2 has its' META-INF folder with following files:

  • jboss-wsse-client.xml
  • standard-jaxws-client-config.xml
  • client.keystore
  • client.truststore

jboss-wsse-client.xml contains following:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://www.jboss.com/ws-security/config  
               http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>

<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>

<key-passwords>
    <key-password alias="server" password="qwerty"/>
    <key-password alias="client" password="qwerty"/>
</key-passwords>

<config>
    <sign type="x509v3" alias="client"/>
    <encrypt type="x509v3" alias="server"/>
    <requires>
        <signature/>
        <encryption/>
    </requires>
</config>
</jboss-ws-security>

standard-jaxws-client-config.xml contains following:

<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xmlns:javaee="http://java.sun.com/xml/ns/javaee"
              xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">

<client-config>
    <config-name>Standard WSSecurity Client</config-name>
    <post-handler-chains>
        <javaee:handler-chain>
            <javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>

            <javaee:handler>
                <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
                <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
                </javaee:handler-class>
            </javaee:handler>
        </javaee:handler-chain>
    </post-handler-chains>
</client-config>

</jaxws-config>

Both modules merged after build process to the same jar. So META-INF contains all this xml and encription files.

The problem is that when I try to send a message from Client MBean, web service generates exception:

org.jboss.ws.core.CommonSOAPFaultException: This service requires < wsse:Security >, which is missing.

As I know it means that incoming soap-message doesn't contain sing header from client. After activating tracing soap messaging in log4j I see following message body from client:

<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
<S:Body>
    <ns2:addPoint xmlns:ns2='http://x.y.z.com/'>
        <deviceId>Device 1</deviceId>
        <color>GREEN</color>
    </ns2:addPoint>
</S:Body>
</S:Envelope>

But sign properties are specified in server and client xmls (see tat ). So I can't understand why result message is not signed off.

May be problem is that all configuration files reside in the same META-INF? Does it matter?

Need help.


I've found the reason why encryption did not work. The structure of the project was as following:

EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................

The problem was that client can't find standard-jaxws-client-config.xml. Message was not encrypted.

When I copied this file to EAR/META-INF the encryption was done successfully, message was successfully transmitted to and decrypted on the server side.

I think it's because JBoss searches standard-jaxws-client-config.xml in the class path of ear file.

New file structure I use:

EAR:
...META-INF
......standard-jaxws-client-config.xml            <------- file placed here
...client.jar
......META-INF
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................

If server and client are deployed as single files (without ear packaging) then placing this file under client/META-INF works fine.

As I realised this problem depends on path resolution.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜