[JBoss-user] [JBossWS] - Re: Secure Webservice client - axis-ws4ee.jar does not suppo
Thanks Thomas, this is a really simple and flexible solution. I added it to the WSSecureEndpoint page in the wiki http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecureEndpoint Only one thing what is left: Does anybody know how to set the soap address to https://REPLACE_WITH_ACTUAL_URL; if the wsdl is generated by an xdoclet task? Jan View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3902240#3902240 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3902240 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: SecureWS 4.0.3 - client certificate needed?
Ok, I now figured it out: A client certificate is not needed but you have to specify a valid keystore and a valid truststore as well: | System.setProperty(javax.net.ssl.keyStorePassword, mypassword); | System.setProperty(javax.net.ssl.keyStore, mykeystore.jks); | | System.setProperty(javax.net.ssl.trustStorePassword, mypassword); | System.setProperty(javax.net.ssl.trustStore, mykeystore.jks); | The keystore is created by Sun's keytool. It contains one trusted certificate (an empty keystore did not work). Jan View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3901321#3901321 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3901321 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - SecureWS 4.0.3 - client certificate needed?
At the moment I try to migrate my JBoss webervice client from 4.0.2 to 4.0.3 (becaus I saw that the webservice client of 4.0.3 should finally run with Java 1.5). But I am running into some other exceptions: | java.io.FileNotFoundException: C:\Dokumente und Einstellungen\MyProfile\.keystore | at java.io.FileInputStream.open(Native Method) | at java.io.FileInputStream.(FileInputStream.java:106) | at org.jboss.axis.components.net.JSSE14SocketFactory.getStore(JSSE14SocketFactory.java:318) | at org.jboss.axis.components.net.JSSE14SocketFactory.getKeyStore(JSSE14SocketFactory.java:259) | at org.jboss.axis.components.net.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:207) | at org.jboss.axis.components.net.JSSE14SocketFactory.initFactory(JSSE14SocketFactory.java:175) | at org.jboss.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:127) | at org.jboss.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:166) | at org.jboss.axis.transport.http.HTTPSender.invoke(HTTPSender.java:122) | at org.jboss.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73) | at org.jboss.axis.SimpleChain.doVisiting(SimpleChain.java:160) | at org.jboss.axis.SimpleChain.invoke(SimpleChain.java:123) | at org.jboss.webservice.client.ClientEngine.invoke(ClientEngine.java:128) | at org.jboss.axis.client.Call.invokeEngine(Call.java:3064) | at org.jboss.axis.client.Call.invoke(Call.java:3049) | at org.jboss.axis.client.Call.invoke(Call.java:2639) | at org.jboss.axis.client.Call.invoke(Call.java:2548) | at org.jboss.axis.client.Call.invokeInternal(Call.java:1979) | at org.jboss.axis.client.Call.invoke(Call.java:1917) | at org.jboss.webservice.client.CallImpl.invoke(CallImpl.java:265) | at org.jboss.axis.client.AxisClientProxy.invokeSEIMethod(AxisClientProxy.java:286) | at org.jboss.webservice.client.PortProxy.invoke(PortProxy.java:177) | | Jboss is trying to open my keystore which would be neccessary for authentication by a cleint certificate. But my webservice client does not use authentication via client-certificates so I do not need a keystore (and it workend in 4.0.2). I looked into the problematic class JSSE14SocketFactory: | http://anoncvs.forge.jboss.com:8080/viewrep/JBoss/jaxrpc/src/main/org/jboss/axis/components/net/JSSE14SocketFactory.java | and it seems like you can't use secure Webservices in jboss 4.03 without a client certificate... | | Did anybody run into the same problem, or am I the first with the new version? | | Jan View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3901157#3901157 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3901157 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: Secure Webservice client - axis-ws4ee.jar does not suppo
Ok, I got a workaround but it is not a real solution: By default the soap:address in the wsdl file(s) is set to: soap:address location=REPLACE_WITH_ACTUAL_URL/ | | If you want to use Webservice over https and only over https you can not let JBoss replace the address for you. You have to set it manually to the fqdns-name including protocol scheme: | | soap:address location=https://myserver.sit.fraunhofer.de/ | | Jan View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3899606#3899606 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899606 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Secure Webservice client - axis-ws4ee.jar does not support h
Hi, I created a webservice an the corresponding client. The server is running on JBoss4.02, HTTPS and certificate correctly configured for port 8443 (access via webbrowser works fine). The clint uses the jboss-client libraries, including the axis-ws4ee.jar. Now after disabling the unsecure port http 8080 in JBoss, my webservice client throws: | 2005-10-05 12:10:23,546 ERROR [PortProxy] Port error | testWebServiceAccess(WebserviceTests)java.rmi.RemoteException: null; nested exception is: | java.lang.reflect.UndeclaredThrowableException | at org.jboss.webservice.client.PortProxy.invoke(PortProxy.java:176) | at $Proxy3.addTicket(Unknown Source) | at WebserviceTests.testWebServiceAccess(WebserviceTests.java:113) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at WebserviceTests.main(WebserviceTests.java:34) | Caused by: java.lang.reflect.UndeclaredThrowableException | at $Proxy2.addTicket(Unknown Source) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at org.jboss.webservice.client.PortProxy.invoke(PortProxy.java:105) | ... 19 more | Caused by: java.net.ConnectException: Connection refused: connect | ... | I monitored the connection progress and noticed that first the connection is correctly established to port 8443 but directly after that there is a second connection attempt to port 8080 with times out because this port is disabled on the JBoss server. While browsing the source of the axis part of jboss (org.jboss.axis.*) i noticed that there are four packages for transport available http, java, jms and local. But there is not https transport available... For detailed debugging I enabled Log4J with Level Trace and what did I see in the trace output? First everything works as expected the wsdl files are retrieved cooerctly via https. But when axis tries to execute a function it just replaces the protocol https with http! My simple WS-testclient wuses the following code: | ServiceFactory factory = ServiceFactory.newInstance(); | Service dbService = factory.createService(https://myserver.sit.fraunhofer.de/Webservices/MobileDatabase?wsdl;, new QName( | urn-mobile-server-ejb-database, MobileDatabase)); | | .2005-10-05 12:24:29,140 DEBUG [EngineConfigurationFinder] Found config at: jar:file:/C:/home/mobile/client/windows/lib/jboss-ws4ee-client.jar!/META-INF/axis-client-config.xml | 2005-10-05 12:24:31,734 DEBUG [WSDLDefinitionFactory] getBaseInputSource [wsdlUrl=https://myserver.sit.fraunhofer.de:8443/Webservices/MobileDatabase?wsdl] | 2005-10-05 12:24:31,984 DEBUG [WSDLReaderImpl] Retrieving document at 'https://myserver.sit.fraunhofer.de:8443/Webservices/MobileDatabase?wsdl'. | [...] | 2005-10-05 12:24:32,093 DEBUG [ServiceDescription] No ws4ee deployment meta data available | 2005-10-05 12:24:32,093 DEBUG [ServiceImpl] initService: port=null | Endpoint created | 2005-10-05 12:24:32,515 DEBUG [PortProxy] Invoke on stub interface: _setProperty | 2005-10-05 12:24:32,515 DEBUG [PortProxy] Invoke on stub interface: _setProperty | 2005-10-05 12:24:32,515 DEBUG [PortProxy] Invoke on stub interface: _getProperty | 2005-10-05 12:24:32,515 DEBUG [PortProxy] Invoke on stub interface: _getProperty | 2005-10-05 12:24:32,515 DEBUG [PortProxy] Invoke on service endpoint interface: getDatabasePublicKey | 2005-10-05 12:24:32,593 DEBUG [CallImpl] Fixing use: [was=encoded,is=literal] | 2005-10-05 12:24:32,718 DEBUG [ClientEngine] invoke: [EMAIL PROTECTED] | 2005-10-05 12:24:32,734 DEBUG [HandlerChainBaseImpl] Create a handler chain for roles: null | 2005-10-05 12:24:32,734 DEBUG [ClientEngine] Using handler chain for port: MobileDatabasePort | 2005-10-05 12:24:32,734 DEBUG [HandlerChainBaseImpl] Create a handler chain for roles: null | 2005-10-05 12:24:32,734 DEBUG [ClientEngine] Using empty handler chain | 2005-10-05 12:24:32,734 DEBUG [HandlerChainBaseImpl] init: [config=null] | 2005-10-05 12:24:32,781 DEBUG [HandlerChainBaseImpl] Enter: doHandleRequest | 2005-10-05 12:24:32,781 DEBUG [HandlerChainBaseImpl] Exit: doHandleRequest with status: true | 2005-10-05 12:24:32,796 DEBUG [HTTPSender] Enter: HTTPSender::invoke | 2005-10-05 12:24:32,796 DEBUG [HTTPSender] TargetURL: http://myserver.sit.fraunhofer.de:8080/Webservices/MobileDatabase | 2005-10-05 12:24:34,046 DEBUG [HTTPSender] Connection refused: connect | java.net.ConnectException: Connection refused: connect | ... | | | Not the change from https to http and
[JBoss-user] [JBossWS] - WSSecureEndpoint and other security realm than JBossWS
Hi. I have worked my way through the WSSecureEndpoint-Tutorial and it works nice. However I need my own security realm so I changed it and created an entry for it in the login-config.xml. But now I can not even create the service without login (access denied to the wsdl file). The given example only shows how to authenticate the endpoint call but not how to authenticate the service creation. BTW: I noticed that the wiki doesn't reflect the change from jboss4.0.1RC1 (port-uri became port-component-uri). The entry for port-component-uri in section Using HTTP Basic Auth for security is invalid AFAIK it now should be port-component-uri/OrganizationEndpoint/*/port-componenet-uri Is this right? I thought I ask before I add more mistakes to the wiki... Second I noticed something wich I don't understand: When I try to acces the wsdl file via browser the browser login dialog appears and asks for the passwort for the EJBServiceEndpointServlet Realm. Where the hell does this realm come from? I made a fulltext search for my jboss server dir and there was only one hit: in an web.xml in a .war-directory inside the temp/deploy-directory this realm was set as security-domain. It looks like JBoss created this war from the jar in wich I deployed my EJB. Is this a correct behaviour of jboss or is it a bug? Jan View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3880316#3880316 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3880316 --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Is Using DatabaseServerLoginModule w/o rolesQuery Okay ?
kenlohwh wrote : | Therefore, I'd like to ask if it is okay if I use only principalsQuery without rolesQuery ? I don't know you have to set an role query. I solved this problem by using the following roles query: SELECT varchar 'MyStaticRole' AS roles; It always does return the MyStaticRole as return... Jan View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3880334#3880334 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3880334 --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: Problem creating port-component in webservices.xml
[EMAIL PROTECTED] wrote : I am having an impossible time creating the port-component in the webservices.xml. | | I am using the latest Xdoclet build xdoclet-1.2.3 | | * @wsee.port-component name=ThePort | * wsdl-port=MyBeanEndpointPort | * service-endpoint-interace=com.sylantro.MyBeanEndpoint | * service-endpoint-bean=com.sylantro.MyBean | * | According to the xdoclet @wsee documentation http://xdoclet.sourceforge.net/xdoclet/tags/wsee-tags.html the @wsee.port-component has only five possible attributes: name, display-name, small-icon, large-icon and description. There is no attribute wsdl-port service-endpoint-interace or service-endpoint-bean. Jan View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3880335#3880335 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3880335 --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: Problem creating port-component in webservices.xml
buntjer wrote : | Another weirdness in webservices.xml is the location of the wsdl-file and the jaxrpc-mapping file. At first creation the paths to these files are set to: | | | wsdl-fileWEB-INF/META-INF/wsdl/myProject.wsdl/wsdl-file | | jaxrpc-mapping-fileWEB-INF/META-INF/jaxrpc-mapping.xml/jaxrpc-mapping-file | | | If you are referring to the /WEB-INF directory that is always added than I agree. It took me hours to find a configuration that works. Now, my ant-task is as follows: | wseedoclet wseeSpec=1.1 jaxrpcMappingFile=jaxrpc-mapping.xml | destDir=src/META-INF force=true | deploymentdescriptor name=MobileDatabaseService/ | fileset dir=src includes=**/*Bean.java/ | wsdl/ | jaxrpc-mapping destinationFile=jaxrpc-mapping.xml/ | /wseedoclet | This is the result I get: | wsdl-fileMETA-INF/wsdl/ClientMobileDatabase.wsdl/wsdl-file | jaxrpc-mapping-fileMETA-INF/jaxrpc-mapping.xml/jaxrpc-mapping-file | The resulting webservices.xml only has one error left: It generates the wrong reference for the service-endpoint-interface class. But if you know the problem... One ant task later (I only say replace...) everything is fine... Jan View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3880337#3880337 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3880337 --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - True challenge response authentication possible?
Hi. I am just trying figure out if it is possible to authenticate in JBoss using a random challenge. According to 8.4.1. How the JaasSecurityManager Uses JAAS (http://docs.jboss.org/jbossas/jboss4guide/r1/html/ch8.chapter.html#d0e18089) JAAS only allows to pass the login credentials from client to the server. I want to use a more dynamic login procedure: The password is not is a signed hash of some random data, received previously from the server. By knowing the client's public key if the server can verify the clients identity. Is this generally possible with JAAS or the JBoss authentication concept? Jan View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3879048#3879048 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3879048 --- SF.Net email is sponsored by: GoToMeeting - the easiest way to collaborate online with coworkers and clients while avoiding the high cost of travel and communications. There is no equipment to buy and you can meet as often as you want. Try it free.http://ads.osdn.com/?ad_id=7402alloc_id=16135op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
