Loading...

jbossws-users@lists.jboss.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

[jbossws-users] [JBossWS] - WS-Security - extract information from signature in SOAP mes adijo1 Tue Jul 22 02:00:48 2008

Hi,

I'm using WS-Security to sign SOAP messages. Currently on endpoint side I know 
only that I trust the client that called some web service but I don't know 
which of the clients has called it. Now I would also like to know which client 
has called the web service.
Can you please help me how to extract client information from signature in SOAP 
message or maybe how to know which alias was used for authentication.

Sorry for my English.


I'm using (for server and client):
  - JbossAS : 4.2.1.GA
  - JbossWS : 1.2.1.GA (build=200704151756)
  - Eclipse : 3.3.1.1
  - JDK     : 1.5.0_14



Server side configuration:

WsServer.java
package app.ws.server;
  | 
  | import javax.ejb.Remote;
  | 
  | @Remote
  | public interface WsServer {
  |     public String hello(String parameter);
  | }

WsServerBean.java
package app.ws.server;
  | 
  | import org.jboss.ws.annotation.WebContext;
  | import javax.ejb.Stateless;
  | import javax.jws.WebService;
  | import javax.jws.soap.SOAPBinding;
  | import javax.jws.WebMethod;
  | import javax.jws.WebParam;
  | import org.jboss.ws.annotation.EndpointConfig;
  | import org.apache.log4j.Logger;
  | import org.jboss.annotation.security.SecurityDomain; 
  | 
  | @Stateless
  | @WebContext(contextRoot="/TestWebServices")
  | @WebService(serviceName="testws", targetNamespace="http://testuri.org/")
  | @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = 
SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
  | @EndpointConfig(configName = "Standard WSSecurity Endpoint")
  | @SecurityDomain("JBossWS")
  | public class WsServerBean implements WsServer {
  |     private static final Logger logger = 
Logger.getLogger(WsServerBean.class.getName());
  |     
  |     @WebMethod(operationName = "hello", action = "urn:hello")
  |     public String hello(@WebParam(name = "parameter") String parameter) {
  |             logger.info("You have called method hello with parameter : " + 
parameter);
  |             return "Hello world. You have called method hello with 
parameter : " + parameter;
  |     }
  | }

META-INF/standard-jaxws-endpoint-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
  |               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  |               xmlns:javaee="http://java.sun.com/xml/ns/javaee"
  |               xsi:schemaLocation="urn:jboss:jaxws-config:2.0 
jaxws-config_2_0.xsd">
  | 
  |    <endpoint-config>
  |       <config-name>Standard WSSecurity Endpoint</config-name>
  |       <post-handler-chains>
  |          <javaee:handler-chain>
  |             
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
  |             <javaee:handler>
  |                <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
  |                
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
  |             </javaee:handler>
  |          </javaee:handler-chain>
  |       </post-handler-chains>
  |    </endpoint-config>
  | 
  | </jaxws-config>
  | 

META-INF/jboss-wsse-server.xml
<?xml version="1.0" encoding="UTF-8"?>
  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
  |         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |         xsi:schemaLocation="http://www.jboss.com/ws-security/config 
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  |         <key-store-file>META-INF/wsse.keystore</key-store-file>
  |         <key-store-password>jbossws</key-store-password>
  |         <trust-store-file>META-INF/wsse.truststore</trust-store-file>
  |         <trust-store-password>jbossws</trust-store-password>
  |         <config>
  |                 <sign type="x509v3" alias="wsse"/>
  |                 <requires>
  |                          <signature/>
  |                 </requires>
  |         </config>
  | </jboss-ws-security>

META-INF/wsse.keystore
keytool -genkey -keystore wsse.keystore -storepass jbossws -keyalg RSA -alias 
wsse -validity 365

META-INF/wsse.cer
keytool -export -file wsse.cer -keystore wsse.keystore -storepass jbossws 
-alias wsse

META-INF/wsse.truststore
keytool -import -alias wsse -file wsse.cer -keystore wsse.truststore -storepass 
jbossws
  | keytool -import -alias wssc -file wssc.cer -keystore wsse.truststore 
-storepass jbossws

output
09:31:27,777 INFO  [Reference] Verification successful for URI 
"#element-1-1216711887170-23623672"
  | 09:31:27,777 INFO  [Reference] Verification successful for URI "#timestamp"
  | 09:31:27,796 INFO  [WsServerBean] You have called method hello with 
parameter : aaaaa



Client side configuration:

Generating stubs from WSDL
wsconsume.sh -k -p "app.ws.client" 
"http://10.10.11.173:8080/TestWebServices/WsServerBean?wsdl"

I have to change the service implementation class. In my case Testws.java.
  FROM : public class Testws extends Service
  TO   : public class Testws extends ServiceExt


META-INF/wssc.keystore
keytool -genkey -keystore wssc.keystore -storepass jbossws -keyalg RSA -alias 
wssc -validity 365

META-INF/wssc.cer
keytool -export -file wssc.cer -keystore wssc.keystore -storepass jbossws 
-alias wssc

META-INF/wssc.truststore
keytool -import -alias wssc -file wssc.cer -keystore wssc.truststore -storepass 
jbossws
  | keytool -import -alias wsse -file wsse.cer -keystore wssc.truststore 
-storepass jbossws

TestClient.java
package app.ws.client;
  | 
  | import java.io.File;
  | import java.net.URL;
  | import javax.xml.namespace.QName;
  | import org.jboss.ws.core.StubExt; 
  | import org.jboss.ws.core.jaxws.client.ServiceExt;
  | 
  | public class TestClient {
  |     public static void main(String[] args) {
  |             try{
  |                     System.setProperty("org.jboss.wsse.keyStore", 
"/workspace/test/src/app/ws/client/META-INF/wssc.keystore");
  |                     System.setProperty("org.jboss.wsse.keyStorePassword", 
"jbossws");
  |                     System.setProperty("org.jboss.wsse.keyStoreType", 
"jks");
  |                     System.setProperty("org.jboss.wsse.trustStore", 
"/workspace/test/src/app/ws/client/META-INF/wssc.truststore");
  |                     System.setProperty("org.jboss.wsse.trustStorePassword", 
"jbossws");
  |                     System.setProperty("org.jboss.wsse.trustStoreType", 
"jks");
  |                     
  |                     String wsdlLocation = 
"http://10.10.11.173:8080/TestWebServices/WsServerBean?wsdl";
  |                     URL securityURL = new 
File("/workspace/test/src/app/ws/client/META-INF/jboss-wsse-client.xml").toURL();
  |                     String targetNamespace = "http://testuri.org/";
  |                     String serviceName = "testws";
  |                     
  |                     Testws service = new Testws(new URL(wsdlLocation), new 
QName(targetNamespace, serviceName));
  |                     
((ServiceExt)service).setSecurityConfig(securityURL.toExternalForm());
  |                     
  |                     WsServerBean wsServerBean = 
service.getWsServerBeanPort();
  |                     ((StubExt)wsServerBean).setConfigName("Standard 
WSSecurity Client");
  |                     
  |                     System.out.println("\n===[ hello 
]===================================================================v");
  |                     System.out.println(wsServerBean.hello("aaaaa"));
  |                     
System.out.println("===============================================================================^");
  |                     
  |             }
  |             catch (Exception e) {
  |                     System.out.println("\n===[ Exception handler 
]=======================================================v");
  |                     e.printStackTrace();
  |                     
System.out.println("===============================================================================^");
  |             }
  |     }
  | }

META-INF/jboss-wsse-client.xml
<?xml version="1.0" encoding="UTF-8"?>
  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
  |                                     
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |                                     
xsi:schemaLocation="http://www.jboss.com/ws-security/config 
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  |     
<key-store-file>/workspace/test/src/app/ws/client/META-INF/wssc.keystore</key-store-file>
  |     <key-store-password>jbossws</key-store-password>
  |     
<trust-store-file>/workspace/test/src/app/ws/client/META-INF/wssc.truststore</trust-store-file>
  |     <trust-store-password>jbossws</trust-store-password>
  |     <config>
  |             <sign type="x509v3" alias="wssc"/>
  |             <requires>
  |                     <signature/>
  |             </requires>
  |     </config>
  | </jboss-ws-security>

META-INF/standard-jaxws-client-config.xml
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" 
  |               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  |               xmlns:javaee="http://java.sun.com/xml/ns/javaee"
  |               xsi:schemaLocation="urn:jboss:jaxws-config:2.0 
jaxws-config_2_0.xsd">
  | 
  |     <client-config>
  |             <config-name>Standard WSSecurity Client</config-name>
  |             <post-handler-chains>
  |                     <javaee:handler-chain>
  |                             
<javaee:protocol-bindings>##SOAP11_HTTP</javaee:protocol-bindings>
  |                             <javaee:handler>
  |                                     
<javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name>
  |                                     
<javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class>
  |                             </javaee:handler>
  |                     </javaee:handler-chain>
  |             </post-handler-chains>
  |     </client-config>
  | 
  | </jaxws-config>

I have to add following lines to "wsrunclient.sh".
WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/wsdl4j.jar"
  | 
WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/lib/jboss-common.jar"
  | WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/xmlsec.jar"
  | 
WSRUNCLIENT_CLASSPATH="$WSRUNCLIENT_CLASSPATH:$JBOSS_HOME/client/commons-logging.jar"

Running the client:
wsrunclient.sh -classpath /workspace/test/src/app/ws/client 
"app.ws.client.TestClient" -/usr/local/jboss/bin

output:
===[ hello ]===================================================================v
  | 08:31:27,890 INFO  [Reference] Verification successful for URI 
"#element-16-1216711887803-747136"
  | 08:31:27,892 INFO  [Reference] Verification successful for URI "#timestamp"
  | Hello world. You have called method hello with parameter : aaaaa
  | 
===============================================================================^


Thanks and Regards,
  Peter


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4165812#4165812

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4165812
_______________________________________________
jbossws-users mailing list
[EMAIL PROTECTED]
https://lists.jboss.org/mailman/listinfo/jbossws-users