Secured Web Service Exception: This service requires <wsse:Security>, which is missing
Question
I have a problem with web service messaging.
1) Jboss 4.2.3GA
2) Web Service class that is Stateless EJB. It uses encryption and annotated like this:
@Local
@Stateless
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
@SOAPBinding(style = SOAPBinding.Style.RPC)
@WebService
3) Web Service resides in Module_1
4) Client is MBean. It has following annotations:
@Service(name = "MyWebServiceClient")
@Local(MyWebServiceClient.class)
@Management(MyWebServiceClient.class)
5) MyWebServiceClient resides in Module_2
6) Module_1 has META-INF directory with following WS related content:
- jboss-wsse-server.xml
- server.keystore
- server.truststore
jboss-wsse-server.xml has following content:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xsi="http://www.w3.org/2001/XMLSchema-instance"
schemaLocation="http://www.jboss.com/ws-security/config
www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/server.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/server.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="server"/>
<encrypt type="x509v3" alias="client"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
7) Module_2 has its' META-INF folder with following files:
- jboss-wsse-client.xml
- standard-jaxws-client-config.xml
- client.keystore
- client.truststore
jboss-wsse-client.xml contains following:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<key-store-file>META-INF/client.keystore</key-store-file>
<key-store-password>qwerty</key-store-password>
<key-store-type>jks</key-store-type>
<trust-store-file>META-INF/client.truststore</trust-store-file>
<trust-store-password>qwerty</trust-store-password>
<trust-store-type>jks</trust-store-type>
<key-passwords>
<key-password alias="server" password="qwerty"/>
<key-password alias="client" password="qwerty"/>
</key-passwords>
<config>
<sign type="x509v3" alias="client"/>
<encrypt type="x509v3" alias="server"/>
<requires>
<signature/>
<encryption/>
</requires>
</config>
</jboss-ws-security>
standard-jaxws-client-config.xml contains following:
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd">
<client-config>
<config-name>Standard WSSecurity Client</config-name>
<post-handler-chains>
<javaee:handler-chain>
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
<javaee:handler>
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</post-handler-chains>
</client-config>
</jaxws-config>
Both modules merged after build process to the same jar. So META-INF contains all this xml and encription files.
The problem is that when I try to send a message from Client MBean, web service generates exception:
org.jboss.ws.core.CommonSOAPFaultException: This service requires < wsse:Security >, which is missing.
As I know it means that incoming soap-message doesn't contain sing header from client. After activating tracing soap messaging in log4j I see following message body from client:
<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>
<S:Body>
<ns2:addPoint xmlns:ns2='http://x.y.z.com/'>
<deviceId>Device 1</deviceId>
<color>GREEN</color>
</ns2:addPoint>
</S:Body>
</S:Envelope>
But sign properties are specified in server and client xmls (see tat ). So I can't understand why result message is not signed off.
May be problem is that all configuration files reside in the same META-INF? Does it matter?
Need help.
1 answers
solution1
1 2011-06-23 12:03:56
I've found the reason why encryption did not work. The structure of the project was as following:
EAR:
...META-INF
...client.jar
......META-INF
.........standard-jaxws-client-config.xml
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
The problem was that client can't find standard-jaxws-client-config.xml. Message was not encrypted.
When I copied this file to EAR/META-INF the encryption was done successfully, message was successfully transmitted to and decrypted on the server side.
I think it's because JBoss searches standard-jaxws-client-config.xml in the class path of ear file.
New file structure I use:
EAR:
...META-INF
......standard-jaxws-client-config.xml <------- file placed here
...client.jar
......META-INF
.........jboss-wsse-client.xml
.........client.keystore
.........client.truststore
......org
........myproject
.................
...server.jar
......META-INF
.........jboss-wsse-server.xml
.........server.keystore
.........server.truststore
......org
........myproject
.................
If server and client are deployed as single files (without ear packaging) then placing this file under client/META-INF works fine.
As I realised this problem depends on path resolution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.