 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Tomcat - JSP/Servlet container | | Struts - A MVC web framework | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | JSP - A mailing list about Java Server Pages specification and reference | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | |
Struts & Hibernate
|
|
|
| | | - Is there a workaround for the UsernameToken security he | - Is there a workaround for the UsernameToken security he 2007-08-13 - By kimbaltrue
Back
I'm using 4.2.0.GA with JSR-181 (See http://JSR-181.ora-code.com) EJB webservices.
My EBJ's are topped with the following annotations:
@(protected)(name = "InstitutionServices", targetNamespace = "http://tagus.ccf
.org/", serviceName = "InstitutionServices")
| @(protected)(style = SOAPBinding.Style.DOCUMENT)
| /*
| * JBOSS specific security annotations
| */
| @(protected)("tagus-domain")
| @(protected)(authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess
=false)
|
| @(protected)(name = "InstitutionServices")
| @(protected)(InstitutionServices.class)
| @(protected)(InstitutionServices.class)
| /*
| * JBOSS Specific
| */
| @(protected)(jndiBinding = "/ejb3/InstitutionServices")
|
| @(protected)(ServiceMetrics.class)
| @(protected)(TransactionManagementType.BEAN)
I'm using a Java 6.0 client to generate the request which looks like this:
<?xml version="1.0" ?>
| <soapenv:Envelope
| xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
| xmlns:ns1="http://tagus.ccf.org/"
| xmlns:xsd="http://www.w3.org/2001/XMLSchema">
| <soapenv:Header>
| <wsse:Security
| xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401 (See http://sis-200401.ora-code.com)-wss
-wssecurity-secext-1 (See http://ext-1.ora-code.com).0.xsd"
| soapenv:mustUnderstand="1">
| <wsse:UsernameToken
| xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 (See http://sis-200401.ora-code.com)-wss
-wssecurity-utility-1 (See http://ity-1.ora-code.com).0.xsd"
| wsu:Id="XWSSGID-1187016843328 (See http://GID-1187016843328.ora-code.com)-1067189645">
| <wsse:Username>1234/kimbal</wsse:Username>
| <wsse:Password
| Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401 (See http://sis-200401.ora-code.com)-wss-username
-token-profile-1 (See http://ile-1.ora-code.com).0#PasswordText">welch</wsse:Password>
| <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis
-200401-wss-soap-message-security-1 (See http://ity-1.ora-code.com).0#Base64Binary">aNzX50aOu5XC7UYDOXZd7/xh<
/wsse:Nonce>
| <wsu:Created>2007-08-13T14:54:11.937Z</wsu:Created>
| </wsse:UsernameToken>
| </wsse:Security>
| </soapenv:Header>
| <soapenv:Body>
| <ns1:Ping>
| <ns1:Request>Hello World</ns1:Request>
| </ns1:Ping>
| </soapenv:Body>
| </soapenv:Envelope>
Everything looks right, but I'm getting the following error:
11:22:13,593 ERROR [SOAPFaultHelperJAXWS] SOAP request exception
| javax.xml.ws.soap.SOAPFaultException: Unprocessed 'mustUnderstand' header
element: {http://docs.oasis-open.org/wss/2004/01/oasis-200401 (See http://sis-200401.ora-code.com)-wss-wssecurity
-secext-1 (See http://ext-1.ora-code.com).0.xsd}Security
| at org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS
.getSOAPFaultException(SOAPFaultHelperJAXWS.java:70)
| at org.jboss.ws.core.jaxws.binding.SOAP11BindingJAXWS
.throwFaultException(SOAP11BindingJAXWS.java:109)
| at org.jboss.ws.core.CommonSOAP11Binding.verifyUnderstoodHeader
(CommonSOAP11Binding.java:87)
| at org.jboss.ws.core.CommonSOAPBinding.checkMustUnderstand
(CommonSOAPBinding.java:911)
| at org.jboss.ws.core.server.AbstractServiceEndpointInvoker.invoke
(AbstractServiceEndpointInvoker.java:184)
| at org.jboss.ws.core.server.ServiceEndpoint.processRequest
(ServiceEndpoint.java:212)
| at org.jboss.ws.core.server.ServiceEndpointManager.processRequest
(ServiceEndpointManager.java:448)
| at org.jboss.ws.core.server.AbstractServiceEndpointServlet.doPost
(AbstractServiceEndpointServlet.java:114)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
| at org.jboss.ws.core.server.AbstractServiceEndpointServlet.service
(AbstractServiceEndpointServlet.java:75)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:290)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:206)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter
(ReplyHeaderFilter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:206)
| at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:230)
| at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:175)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke
(SecurityAssociationValve.java:179)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke
(AuthenticatorBase.java:525)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke
(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke
(CachedConnectionValve.java:156)
| at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor
.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler
.process(Http11Protocol.java:580)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint
.java:447)
| at java.lang.Thread.run(Thread.java:595)
I've gone through all the topics on the JBossWS forum that refer to security or
unprocessed mustUnderstand headers. I couldn't find a fix or a work around in
any of them. After reading some it sounded like JBoss doesn't understand the
current security header format. Is there a work around for this? What format is
JBoss expecting? I'm willing the code a replacement header that will match what
JBoss is expecting if that will work. However, at this point I'm not sure if
JBoss is even looking for a security header at all. When using JSR-181 (See http://JSR-181.ora-code.com) do I
need an XML configuration file for a clear text password?
At this stage I'm even willing to rip the security out if I didn't need the
user identification during server processing.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic
&p=4073638#4073638
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode
=reply&p=4073638
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
jboss-user mailing list
jboss-user@(protected)
https://lists.jboss.org/mailman/listinfo/jboss-user
|
|
|
