geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Need Help: WS-Security Support for CXF in Geronimo (UsernameToken property setting)
Date Mon, 29 Jun 2009 16:42:18 GMT

It LOOKS like the WSS4JOutInterceptor isn't being added to the client side as 
there isn't a security header in the message going out.   From the code, you 
are adding the SAAJOut stuff, but not the WSS4JOut.   Is that as intended?

Dan

On Sun June 28 2009 12:21:24 pm rahul.soa wrote:
> Hello Devs,
>
> First of all, I apologize if the below questions are trivial.
>
> I need some help in setting basic usernameToken Property for Geronimo (for
> CXF). I did add the username token property elements in the schema  and
> generated the required classes by mvn install. And Geronimo is able to
> accept this "usertoken" element which users define in the geronimo-web.xml.
> (but I think I have not well configured this in Geronimo)
>
> <service-ref>
>   <service-ref-name>services/HelloWorld</service-ref-name>
>   <port>
>      <port-name>HelloWorldImplPort</port-name>
>      <protocol>http</protocol>
>      <host>localhost</host>
>      <port>8080</port>
>      <uri>/ServiceG/HelloWorld</uri>
>     * <usertoken>
>        <username>ws-client</username>
>        <password>password</password>
>      </usertoken>*
>    </port>
> </service-ref>
>
> * I am testing it with a servlet client which is trying to access the
> secured service (with username and password) running on tomcat server.
>
> Here is the servlet client code:
>
>
> public class HelloServlet extends HttpServlet {
>     public void doGet (HttpServletRequest req,
>             HttpServletResponse res)
>     throws ServletException, IOException
>     {
>         PrintWriter out = res.getWriter();
> try {
>         InitialContext ic=new InitialContext();
>          Service service;
>          service = (Service)ic.lookup("java:comp/env/services/HelloWorld");
>          QName svcQname=new QName("http://service.web/
> ","HelloWorldImplPort");
>
>        HelloWorld hw=service.getPort(HelloWorld.class);
>          String greeting=hw.sayHi("Rahul");
>         out.println(greeting);
>         } catch (NamingException e) {
>             // TODO Auto-generated catch block
>             e.printStackTrace();
>         }
>
>         out.close();
>     }
> }
>
> Now, I am coding to configure this above ws-security userToken propery with
> CXF apis in Apache Geronimo and I am not sure *How to use cxf apis* to
> configure this. I am trying to write a CXF specific PortMethodInterceptor
> class extended from  (jaxws's PortMethodInterceptor) but not sure what CXF
> apis I can use to configure the usertoken.
>
> I start with the received error (pasted from geronimo.log) with some debug
> statements:
>
> ....
> ...
>
> 2009-06-28 16:41:17,632 INFO  [BusApplicationContext] Bean factory for
> application context
> [org.apache.cxf.bus.spring.BusApplicationContext@1ccad1e]:
> org.springframework.beans.factory.support.DefaultListableBeanFactory@d6ae95
> 2009-06-28 16:41:18,006 INFO  [DefaultListableBeanFactory]
> Pre-instantiating singletons in
> org.springframework.beans.factory.support.DefaultListableBeanFactory@d6ae95
>: defining beans
> [cxf,org.apache.cxf.bus.spring.BusApplicationListener,org.apache.cxf.bus.sp
>ring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanP
>ostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.apache.
>cxf.resource.ResourceManager,org.apache.cxf.configuration.Configurer,org.apa
>che.cxf.binding.BindingFactoryManager,org.apache.cxf.transport.DestinationFa
>ctoryManager,org.apache.cxf.transport.ConduitInitiatorManager,org.apache.cxf
>.wsdl.WSDLManager,org.apache.cxf.phase.PhaseManager,org.apache.cxf.workqueue
>.WorkQueueManager,org.apache.cxf.buslifecycle.BusLifeCycleManager,org.apache
>.cxf.endpoint.ServerRegistry,org.apache.cxf.endpoint.ServerLifeCycleManager,
>org.apache.cxf.endpoint.ClientLifeCycleManager,org.apache.cxf.transports.htt
>p.QueryHandlerRegistry,org.apache.cxf.endpoint.EndpointResolverRegistry,org.
>apache.cxf.headers.HeaderManager,org.apache.cxf.catalog.OASISCatalogManager,
>org.apache.cxf.endpoint.ServiceContractResolverRegistry,org.apache.geronimo.
>cxf.GeronimoDestinationFactory#0,org.apache.cxf.jaxws.context.WebServiceCont
>extResourceResolver,org.apache.cxf.jaxws.context.WebServiceContextImpl,org.a
>pache.cxf.transport.http.policy.HTTPClientAssertionBuilder,org.apache.cxf.tr
>ansport.http.policy.HTTPServerAssertionBuilder,org.apache.cxf.transport.http
>.policy.NoOpPolicyInterceptorProvider,org.apache.cxf.transport.http.ClientOn
>lyHTTPTransportFactory,org.apache.cxf.binding.soap.SoapBindingFactory,org.ap
>ache.cxf.binding.soap.SoapTransportFactory,org.apache.cxf.binding.soap.custo
>mEditorConfigurer,org.apache.cxf.binding.xml.XMLBindingFactory,org.apache.cx
>f.ws.addressing.policy.AddressingAssertionBuilder,org.apache.cxf.ws.addressi
>ng.policy.AddressingPolicyInterceptorProvider,org.apache.cxf.ws.addressing.p
>olicy.UsingAddressingAssertionBuilder]; root of factory hierarchy
>
> *2009-06-28 16:41:18,661* DEBUG [CXFServiceReference] I am in
> getPortMethodInterceptor, called from CXFServiceReference:
> 2009-06-28 16:41:18,662 DEBUG [CXFPortMethodInterceptor] View the
> seiInfoMap.values()  ![http://localhost:8080/ServiceG/HelloWorld null false
> ws-client password, http://localhost:8080/ServiceG/HelloWorld null false
> ws-client password]
> 2009-06-28 16:41:18,681 DEBUG [JAXWSServiceReference] Initializing service
> with: file:/home/rahul/new_workspace1/Client/WEB-INF/wsdl/HelloWorld.wsdl {
> http://service.web/}HelloWorldImplService
> 2009-06-28 16:41:18,844 DEBUG [CXFPortMethodInterceptor] I am in intercept
> method of CXFPortMethodInterceptor!
> 2009-06-28 16:41:20,676 DEBUG [PortMethodInterceptor] information is:
> passwordws-clienthttp://localhost:8080/ServiceG/HelloWorld
> 2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set address property:
> http://localhost:8080/ServiceG/HelloWorld
> *2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set username
> property: ws-client
> 2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set username
> property: password*
> 2009-06-28 16:41:20,677 DEBUG [CXFPortMethodInterceptor] Am I doing right!
> 2009-06-28 16:41:21,010 INFO  [SAAJFactoryFinder] Default SAAJ universe not
> set
> 2009-06-28 16:41:22,947 ERROR [log] /invoke/hello
> javax.xml.ws.soap.SOAPFaultException: An error was discovered processing
> the <wsse:Security> header
>     at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
>     at $Proxy66.sayHi(Unknown Source)
>     at HelloServlet.doGet(HelloServlet.java:58)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>     at
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
>     at
> org.apache.geronimo.jetty7.InternalJettyServletHolder.handle(InternalJettyS
>ervletHolder.java:60) at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:435)
>     at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:11
>8) at
> org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:
>179) at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.jav
>a:928) at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370)
>     at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java
>:862) at
> org.apache.geronimo.jetty7.handler.TwistyWebAppContext.doScope(TwistyWebApp
>Context.java:114) at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:11
>6) at
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHan
>dlerCollection.java:243) at
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection
>.java:126) at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:
>115) at org.eclipse.jetty.server.Server.handle(Server.java:330)
>     at
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:5
>57) at
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpC
>onnection.java:933) at
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530) at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203) at
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:413)
>     at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.ja
>va:438) at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214) at
> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPo
>ol.java:344) at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.j
>ava:886) at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:
>908) at java.lang.Thread.run(Thread.java:619)
> Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
> processing the <wsse:Security> header
>     at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF
>ault(Soap11FaultInInterceptor.java:75) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
>age(Soap11FaultInInterceptor.java:46) at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
>age(Soap11FaultInInterceptor.java:35) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Ab
>stractFaultChainInitiatorObserver.java:96) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
>(CheckFaultInterceptor.java:69) at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
>(CheckFaultInterceptor.java:34) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>eInternal(HTTPConduit.java:2102) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
>e(HTTPConduit.java:1980) at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
>duit.java:1905) at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
>     at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600) at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
>rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>n.java:226) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>     ... 29 more
> 2009-06-28 17:11:14,685 INFO  [XSRFHandler] Removed destroyed
> sessionId=jm4124n35l4g
> 2009-06-28 17:11:14,687 INFO  [XSRFHandler] Removed destroyed
> sessionId=jm4124n35l4g
>
>
> Here is the send/receive messages (caught by tcpmonitor tool) - expected
> with ws-security usertoken header
>
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:sayH
>i xmlns:ns2="http://service.web/
> "><arg0>Rahul</arg0></ns2:sayHi></soap:Body></soap:Envelope>
>
>
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fau
>lt><faultcode xmlns:ns1="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
>.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was discovered
> processing the &lt;wsse:Security>
> header</faultstring></soap:Fault></soap:Body></soap:Envelope>
>
>
> - >I have set the usernameToken property in
> org.apache.geronimo.jaxws.client.EndpointInfo and
> org.apache.geronimo.jaxws.builder.EndpointBuilder.
>
> -> I have put some usertoken specific code in the PortMethodInterceptor
> class (org.apache.geronimo.jaxws.client.PortMethodInterceptor) to set the
> username and password.
>
> org.apache.geronimo.jaxws.client.PortMethodInterceptor.java
> ...
> ....
>  String username = info.getUserName();
>         if (username != null) {
>            
> proxy.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, username);
>             LOG.debug("Set username property: " + username);
>         }
>
>         String password = info.getPassword();
>         if (password != null) {
>            
> proxy.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);
>             LOG.debug("Set username property: " + password);
>         }
> ...
>
>
> and here is my cxf specific CXFPortMethodInterceptor, I am not sure its
> well written. I need help in this, about how to use the cxf specific apis
> to set the properties.
>
>
> org.apache.geronimo.cxf.CXFPortMethodInterceptor
>
> public class CXFPortMethodInterceptor extends PortMethodInterceptor {
>     private static final Logger LOG =
> LoggerFactory.getLogger(CXFPortMethodInterceptor.class);
>
>     public CXFPortMethodInterceptor(Map<Object, EndpointInfo> seiInfoMap) {
>         super(seiInfoMap);
>        LOG.debug("View the seiInfoMap.values()  !" + seiInfoMap.values());
>     }
>
>     public Object intercept(Object target, Method method, Object[]
> arguments, MethodProxy methodProxy) throws Throwable {
>         LOG.debug("I am in intercept method of CXFPortMethodInterceptor!");
>         Object proxy = super.intercept(target, method, arguments,
> methodProxy);
>
>         BindingProvider cxfProxy = (BindingProvider) proxy;
>
>         //To cast a client proxy to a CXF client:
>         org.apache.cxf.endpoint.Client client =
>             org.apache.cxf.frontend.ClientProxy.getClient(cxfProxy);
>        // testiing : used due to "No security action was defined." error
>
> org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor
> soapInterceptor =
>             new
> org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor();
>
>         org.apache.cxf.endpoint.Endpoint cxfEndpoint =
> client.getEndpoint();
> cxfEndpoint.getOutInterceptors().add(soapInterceptor);
>
>         cxfEndpoint.getOutInterceptors().add(new
> org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
>
>         LOG.debug("Am I doing right!");
>         return proxy;
>     }
>  }
>
> I am 100% sure, I am making some (or lot of) mistakes in the above code and
> I need help to get it fix.
>
>
> Can you please guide me in this? I apologize if its a trivial problem.
>
> I am stuck here. I think if i get thru with this then i wil have good idea
> about usage of cxf specific apis and can easily set other properties (like
> X.509 etc)
>
>
> Many Thanks in advance for your help.
>
> PS: sorry for long email.
>
> Best Regards,
> Rahul

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message