Hi all, i want to use ssl and signature to protect my WS on Jboss4.2.2GA , ssl works perfectly but when i use client to send a request with signature, i always got an error. My codes, configurations and evn listed as followed:
JBoss4.2.2GA jdk1.5 SSL keyStore&trustStore file: ksbws.keystore Signature keyStore&trustStore file: ksbws_security.keystore Server Side: | @Stateless | @SecurityDomain("JBossWS") | @RolesAllowed("friend") | @WebService(endpointInterface="de.xxx.xxx.KSBService") | @WebContext(contextRoot="/KSBService", | urlPattern="/*", | authMethod="BASIC", | transportGuarantee="CONFIDENTIAL", | secureWSDLAccess=false) | @EndpointConfig(configName = "Standard WSSecurity Endpoint") | public class KSBServiceBean implements KSBService,KSBServiceRemote,KSBServiceLocal{ | | private static final Logger log = Logger.getLogger(KSBServiceBean.class); | | @EJB | KSBManagerLocal ksb; | | public sting validateLogin(Long userNo, String password) { | // doSomething | } | | } in META-INF/ i putted ksbws_security.keystore and jboss-wsse-server.xml here is my jboss-wsse-server.xml: | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://www.jboss.com/ws-security/config | http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> | <key-store-file>META-INF/ksbws_security.keystore</key-store-file> | <key-store-password>test</key-store-password> | <trust-store-file>META-INF/ksbws_security.keystore</trust-store-file> | <trust-store-password>test</trust-store-password> | <config> | <sign type="x509v3" alias="KSBWS_SECURITY" /> | <requires> | <signature /> | </requires> | </config> | </jboss-ws-security> | Server side jar deployed without exception Client: codes | public static void main(String[] args) { | KSBService ksb = null; | try { | //SSL keystore | System.setProperty("javax.net.ssl.keyStore", "c:\\ksbws.keystore"); | System.setProperty("javax.net.ssl.trustStore", "c:\\ksbws.keystore"); | System.setProperty("javax.net.ssl.keyStorePassword", "test"); | System.setProperty("javax.net.ssl.trustStorePassword", "test"); | System.setProperty("javax.net.ssl.keyStoreType", "jks"); | System.setProperty("javax.net.ssl.trustStoreType", "jks"); | System.setProperty("org.jboss.security.ignoreHttpsHost","true"); | | //Signature keystore | System.setProperty("org.jboss.ws.wsse.keyStore","c:\\ksbws_security.keystore"); | System.setProperty("org.jboss.ws.wsse.trustStore","c:\\ksbws_security.keystore"); | System.setProperty("org.jboss.ws.wsse.keyStorePassword", "test"); | System.setProperty("org.jboss.ws.wsse.trustStorePassword", "test"); | System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks"); | System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks"); | | Service service = Service.create(new URL("http://localhost:8180/KSBService/KSBServiceBean?wsdl"), | new QName("http://xxx.xxx.de/","KSBServiceBeanService") ); | | | | | ksb= service.getPort(KSBService.class); | | ((StubExt) ksb).setConfigName("Standard WSSecurity Client"); | | BindingProvider bp = (BindingProvider)ksb; | bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit"); | bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog"); | | | } catch (Exception e) { | .... | ... | | | also, i putted jboss-wsse-client.xml in META-INF/ | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://www.jboss.com/ws-security/config | http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> | <config> | <sign type="x509v3" alias="KSBWS_SECURITY"/> | <requires> | <signature/> | </requires> | </config> | </jboss-ws-security> | But when i run client , an Exception like this: | java.lang.ClassCastException: $Proxy23 cannot be cast to org.jboss.ws.core.StubExt | at dexxxxx.xxxx.xxxx.MultiThreadsTest.main(MultiThreadsTest.java:43) | Exception in thread "Thread-1" com.sun.xml.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized | at com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197) | at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137) | at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74) | at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559) | at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518) | at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503) | at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400) | at com.sun.xml.ws.client.Stub.process(Stub.java:235) | at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:120) | at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230) | at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210) | at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103) | at $Proxy23.validateLogin(Unknown Source) | It seems that jboss-wsse-client.xml was not readed by client. If i remove codes and configs for signature, SSL works fine. can anyone help me??? thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147754#4147754 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147754 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user