geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rahul.soa" <rahul....@googlemail.com>
Subject Need Help: WS-Security Support for CXF in Geronimo (UsernameToken property setting)
Date Sun, 28 Jun 2009 16:21:24 GMT
Hello Devs,

First of all, I apologize if the below questions are trivial.

I need some help in setting basic usernameToken Property for Geronimo (for
CXF). I did add the username token property elements in the schema  and
generated the required classes by mvn install. And Geronimo is able to
accept this "usertoken" element which users define in the geronimo-web.xml.
(but I think I have not well configured this in Geronimo)

<service-ref>
  <service-ref-name>services/HelloWorld</service-ref-name>
  <port>
     <port-name>HelloWorldImplPort</port-name>
     <protocol>http</protocol>
     <host>localhost</host>
     <port>8080</port>
     <uri>/ServiceG/HelloWorld</uri>
    * <usertoken>
       <username>ws-client</username>
       <password>password</password>
     </usertoken>*
   </port>
</service-ref>

* I am testing it with a servlet client which is trying to access the
secured service (with username and password) running on tomcat server.

Here is the servlet client code:


public class HelloServlet extends HttpServlet {
    public void doGet (HttpServletRequest req,
            HttpServletResponse res)
    throws ServletException, IOException
    {
        PrintWriter out = res.getWriter();
try {
        InitialContext ic=new InitialContext();
         Service service;
         service = (Service)ic.lookup("java:comp/env/services/HelloWorld");
         QName svcQname=new QName("http://service.web/
","HelloWorldImplPort");

       HelloWorld hw=service.getPort(HelloWorld.class);
         String greeting=hw.sayHi("Rahul");
        out.println(greeting);
        } catch (NamingException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        out.close();
    }
}

Now, I am coding to configure this above ws-security userToken propery with
CXF apis in Apache Geronimo and I am not sure *How to use cxf apis* to
configure this. I am trying to write a CXF specific PortMethodInterceptor
class extended from  (jaxws's PortMethodInterceptor) but not sure what CXF
apis I can use to configure the usertoken.

I start with the received error (pasted from geronimo.log) with some debug
statements:

....
...

2009-06-28 16:41:17,632 INFO  [BusApplicationContext] Bean factory for
application context [org.apache.cxf.bus.spring.BusApplicationContext@1ccad1e]:
org.springframework.beans.factory.support.DefaultListableBeanFactory@d6ae95
2009-06-28 16:41:18,006 INFO  [DefaultListableBeanFactory] Pre-instantiating
singletons in
org.springframework.beans.factory.support.DefaultListableBeanFactory@d6ae95:
defining beans
[cxf,org.apache.cxf.bus.spring.BusApplicationListener,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.apache.cxf.resource.ResourceManager,org.apache.cxf.configuration.Configurer,org.apache.cxf.binding.BindingFactoryManager,org.apache.cxf.transport.DestinationFactoryManager,org.apache.cxf.transport.ConduitInitiatorManager,org.apache.cxf.wsdl.WSDLManager,org.apache.cxf.phase.PhaseManager,org.apache.cxf.workqueue.WorkQueueManager,org.apache.cxf.buslifecycle.BusLifeCycleManager,org.apache.cxf.endpoint.ServerRegistry,org.apache.cxf.endpoint.ServerLifeCycleManager,org.apache.cxf.endpoint.ClientLifeCycleManager,org.apache.cxf.transports.http.QueryHandlerRegistry,org.apache.cxf.endpoint.EndpointResolverRegistry,org.apache.cxf.headers.HeaderManager,org.apache.cxf.catalog.OASISCatalogManager,org.apache.cxf.endpoint.ServiceContractResolverRegistry,org.apache.geronimo.cxf.GeronimoDestinationFactory#0,org.apache.cxf.jaxws.context.WebServiceContextResourceResolver,org.apache.cxf.jaxws.context.WebServiceContextImpl,org.apache.cxf.transport.http.policy.HTTPClientAssertionBuilder,org.apache.cxf.transport.http.policy.HTTPServerAssertionBuilder,org.apache.cxf.transport.http.policy.NoOpPolicyInterceptorProvider,org.apache.cxf.transport.http.ClientOnlyHTTPTransportFactory,org.apache.cxf.binding.soap.SoapBindingFactory,org.apache.cxf.binding.soap.SoapTransportFactory,org.apache.cxf.binding.soap.customEditorConfigurer,org.apache.cxf.binding.xml.XMLBindingFactory,org.apache.cxf.ws.addressing.policy.AddressingAssertionBuilder,org.apache.cxf.ws.addressing.policy.AddressingPolicyInterceptorProvider,org.apache.cxf.ws.addressing.policy.UsingAddressingAssertionBuilder];
root of factory hierarchy

*2009-06-28 16:41:18,661* DEBUG [CXFServiceReference] I am in
getPortMethodInterceptor, called from CXFServiceReference:
2009-06-28 16:41:18,662 DEBUG [CXFPortMethodInterceptor] View the
seiInfoMap.values()  ![http://localhost:8080/ServiceG/HelloWorld null false
ws-client password, http://localhost:8080/ServiceG/HelloWorld null false
ws-client password]
2009-06-28 16:41:18,681 DEBUG [JAXWSServiceReference] Initializing service
with: file:/home/rahul/new_workspace1/Client/WEB-INF/wsdl/HelloWorld.wsdl {
http://service.web/}HelloWorldImplService
2009-06-28 16:41:18,844 DEBUG [CXFPortMethodInterceptor] I am in intercept
method of CXFPortMethodInterceptor!
2009-06-28 16:41:20,676 DEBUG [PortMethodInterceptor] information is:
passwordws-clienthttp://localhost:8080/ServiceG/HelloWorld
2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set address property:
http://localhost:8080/ServiceG/HelloWorld
*2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set username
property: ws-client
2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set username property:
password*
2009-06-28 16:41:20,677 DEBUG [CXFPortMethodInterceptor] Am I doing right!
2009-06-28 16:41:21,010 INFO  [SAAJFactoryFinder] Default SAAJ universe not
set
2009-06-28 16:41:22,947 ERROR [log] /invoke/hello
javax.xml.ws.soap.SOAPFaultException: An error was discovered processing the
<wsse:Security> header
    at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
    at $Proxy66.sayHi(Unknown Source)
    at HelloServlet.doGet(HelloServlet.java:58)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
    at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
    at
org.apache.geronimo.jetty7.InternalJettyServletHolder.handle(InternalJettyServletHolder.java:60)
    at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:435)
    at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:118)
    at
org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:179)
    at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:928)
    at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370)
    at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:862)
    at
org.apache.geronimo.jetty7.handler.TwistyWebAppContext.doScope(TwistyWebAppContext.java:114)
    at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:116)
    at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:243)
    at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
    at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:115)
    at org.eclipse.jetty.server.Server.handle(Server.java:330)
    at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:557)
    at
org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:933)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203)
    at
org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:413)
    at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:438)
    at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
    at
org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:344)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
processing the <wsse:Security> header
    at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
    at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
    at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
    at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
    at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:96)
    at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
    at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
    at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
    at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
    at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2102)
    at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1980)
    at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1905)
    at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600)
    at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
    at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
    ... 29 more
2009-06-28 17:11:14,685 INFO  [XSRFHandler] Removed destroyed
sessionId=jm4124n35l4g
2009-06-28 17:11:14,687 INFO  [XSRFHandler] Removed destroyed
sessionId=jm4124n35l4g


Here is the send/receive messages (caught by tcpmonitor tool) - expected
with ws-security usertoken header

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:sayHi
xmlns:ns2="http://service.web/
"><arg0>Rahul</arg0></ns2:sayHi></soap:Body></soap:Envelope>


<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode
xmlns:ns1="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An
error was discovered processing the &lt;wsse:Security>
header</faultstring></soap:Fault></soap:Body></soap:Envelope>


- >I have set the usernameToken property in
org.apache.geronimo.jaxws.client.EndpointInfo and
org.apache.geronimo.jaxws.builder.EndpointBuilder.

-> I have put some usertoken specific code in the PortMethodInterceptor
class (org.apache.geronimo.jaxws.client.PortMethodInterceptor) to set the
username and password.

org.apache.geronimo.jaxws.client.PortMethodInterceptor.java
...
....
 String username = info.getUserName();
        if (username != null) {
            proxy.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
username);
            LOG.debug("Set username property: " + username);
        }

        String password = info.getPassword();
        if (password != null) {
            proxy.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
password);
            LOG.debug("Set username property: " + password);
        }
...


and here is my cxf specific CXFPortMethodInterceptor, I am not sure its well
written. I need help in this, about how to use the cxf specific apis to set
the properties.


org.apache.geronimo.cxf.CXFPortMethodInterceptor

public class CXFPortMethodInterceptor extends PortMethodInterceptor {
    private static final Logger LOG =
LoggerFactory.getLogger(CXFPortMethodInterceptor.class);

    public CXFPortMethodInterceptor(Map<Object, EndpointInfo> seiInfoMap) {
        super(seiInfoMap);
       LOG.debug("View the seiInfoMap.values()  !" + seiInfoMap.values());
    }

    public Object intercept(Object target, Method method, Object[]
arguments, MethodProxy methodProxy) throws Throwable {
        LOG.debug("I am in intercept method of CXFPortMethodInterceptor!");
        Object proxy = super.intercept(target, method, arguments,
methodProxy);

        BindingProvider cxfProxy = (BindingProvider) proxy;

        //To cast a client proxy to a CXF client:
        org.apache.cxf.endpoint.Client client =
            org.apache.cxf.frontend.ClientProxy.getClient(cxfProxy);
       // testiing : used due to "No security action was defined." error

org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor
soapInterceptor =
            new
org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor();

        org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
        cxfEndpoint.getOutInterceptors().add(soapInterceptor);

        cxfEndpoint.getOutInterceptors().add(new
org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());

        LOG.debug("Am I doing right!");
        return proxy;
    }
 }

I am 100% sure, I am making some (or lot of) mistakes in the above code and
I need help to get it fix.


Can you please guide me in this? I apologize if its a trivial problem.

I am stuck here. I think if i get thru with this then i wil have good idea
about usage of cxf specific apis and can easily set other properties (like
X.509 etc)


Many Thanks in advance for your help.

PS: sorry for long email.

Best Regards,
Rahul

Mime
View raw message