geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rahul.soa" <rahul....@googlemail.com>
Subject Re: Need Help: WS-Security Support for CXF in Geronimo (UsernameToken property setting)
Date Mon, 29 Jun 2009 23:02:08 GMT
Hello Daniel,

Thank you for your quick response. Indeed you are right. I have fixed the
program and tested with the hard-coded values and it runs :) Now, I can work
on it and make it proper.

Thanks again.

Best Regards,
Rahul

On Mon, Jun 29, 2009 at 6:42 PM, Daniel Kulp <dkulp@apache.org> wrote:

>
> It LOOKS like the WSS4JOutInterceptor isn't being added to the client side
> as
> there isn't a security header in the message going out.   From the code,
> you
> are adding the SAAJOut stuff, but not the WSS4JOut.   Is that as intended?
>
> Dan
>
> On Sun June 28 2009 12:21:24 pm rahul.soa wrote:
> > Hello Devs,
> >
> > First of all, I apologize if the below questions are trivial.
> >
> > I need some help in setting basic usernameToken Property for Geronimo
> (for
> > CXF). I did add the username token property elements in the schema  and
> > generated the required classes by mvn install. And Geronimo is able to
> > accept this "usertoken" element which users define in the
> geronimo-web.xml.
> > (but I think I have not well configured this in Geronimo)
> >
> > <service-ref>
> >   <service-ref-name>services/HelloWorld</service-ref-name>
> >   <port>
> >      <port-name>HelloWorldImplPort</port-name>
> >      <protocol>http</protocol>
> >      <host>localhost</host>
> >      <port>8080</port>
> >      <uri>/ServiceG/HelloWorld</uri>
> >     * <usertoken>
> >        <username>ws-client</username>
> >        <password>password</password>
> >      </usertoken>*
> >    </port>
> > </service-ref>
> >
> > * I am testing it with a servlet client which is trying to access the
> > secured service (with username and password) running on tomcat server.
> >
> > Here is the servlet client code:
> >
> >
> > public class HelloServlet extends HttpServlet {
> >     public void doGet (HttpServletRequest req,
> >             HttpServletResponse res)
> >     throws ServletException, IOException
> >     {
> >         PrintWriter out = res.getWriter();
> > try {
> >         InitialContext ic=new InitialContext();
> >          Service service;
> >          service =
> (Service)ic.lookup("java:comp/env/services/HelloWorld");
> >          QName svcQname=new QName("http://service.web/
> > ","HelloWorldImplPort");
> >
> >        HelloWorld hw=service.getPort(HelloWorld.class);
> >          String greeting=hw.sayHi("Rahul");
> >         out.println(greeting);
> >         } catch (NamingException e) {
> >             // TODO Auto-generated catch block
> >             e.printStackTrace();
> >         }
> >
> >         out.close();
> >     }
> > }
> >
> > Now, I am coding to configure this above ws-security userToken propery
> with
> > CXF apis in Apache Geronimo and I am not sure *How to use cxf apis* to
> > configure this. I am trying to write a CXF specific PortMethodInterceptor
> > class extended from  (jaxws's PortMethodInterceptor) but not sure what
> CXF
> > apis I can use to configure the usertoken.
> >
> > I start with the received error (pasted from geronimo.log) with some
> debug
> > statements:
> >
> > ....
> > ...
> >
> > 2009-06-28 16:41:17,632 INFO  [BusApplicationContext] Bean factory for
> > application context
> > [org.apache.cxf.bus.spring.BusApplicationContext@1ccad1e]:
> >
> org.springframework.beans.factory.support.DefaultListableBeanFactory@d6ae95
> > 2009-06-28 16:41:18,006 INFO  [DefaultListableBeanFactory]
> > Pre-instantiating singletons in
> >
> org.springframework.beans.factory.support.DefaultListableBeanFactory@d6ae95
> >: defining beans
> >
> [cxf,org.apache.cxf.bus.spring.BusApplicationListener,org.apache.cxf.bus.sp
>
> >ring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanP
>
> >ostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.apache.
>
> >cxf.resource.ResourceManager,org.apache.cxf.configuration.Configurer,org.apa
>
> >che.cxf.binding.BindingFactoryManager,org.apache.cxf.transport.DestinationFa
>
> >ctoryManager,org.apache.cxf.transport.ConduitInitiatorManager,org.apache.cxf
>
> >.wsdl.WSDLManager,org.apache.cxf.phase.PhaseManager,org.apache.cxf.workqueue
>
> >.WorkQueueManager,org.apache.cxf.buslifecycle.BusLifeCycleManager,org.apache
>
> >.cxf.endpoint.ServerRegistry,org.apache.cxf.endpoint.ServerLifeCycleManager,
>
> >org.apache.cxf.endpoint.ClientLifeCycleManager,org.apache.cxf.transports.htt
>
> >p.QueryHandlerRegistry,org.apache.cxf.endpoint.EndpointResolverRegistry,org.
>
> >apache.cxf.headers.HeaderManager,org.apache.cxf.catalog.OASISCatalogManager,
>
> >org.apache.cxf.endpoint.ServiceContractResolverRegistry,org.apache.geronimo.
>
> >cxf.GeronimoDestinationFactory#0,org.apache.cxf.jaxws.context.WebServiceCont
>
> >extResourceResolver,org.apache.cxf.jaxws.context.WebServiceContextImpl,org.a
> >pache.cxf.transport.http.policy.HTTPClientAssertionBuilder,
> org.apache.cxf.tr
>
> >ansport.http.policy.HTTPServerAssertionBuilder,org.apache.cxf.transport.http
>
> >.policy.NoOpPolicyInterceptorProvider,org.apache.cxf.transport.http.ClientOn
>
> >lyHTTPTransportFactory,org.apache.cxf.binding.soap.SoapBindingFactory,org.ap
>
> >ache.cxf.binding.soap.SoapTransportFactory,org.apache.cxf.binding.soap.custo
> >mEditorConfigurer,org.apache.cxf.binding.xml.XMLBindingFactory,
> org.apache.cx
>
> >f.ws.addressing.policy.AddressingAssertionBuilder,org.apache.cxf.ws.addressi
>
> >ng.policy.AddressingPolicyInterceptorProvider,org.apache.cxf.ws.addressing.p
> >olicy.UsingAddressingAssertionBuilder]; root of factory hierarchy
> >
> > *2009-06-28 16:41:18,661* DEBUG [CXFServiceReference] I am in
> > getPortMethodInterceptor, called from CXFServiceReference:
> > 2009-06-28 16:41:18,662 DEBUG [CXFPortMethodInterceptor] View the
> > seiInfoMap.values()  ![http://localhost:8080/ServiceG/HelloWorld null
> false
> > ws-client password, http://localhost:8080/ServiceG/HelloWorld null false
> > ws-client password]
> > 2009-06-28 16:41:18,681 DEBUG [JAXWSServiceReference] Initializing
> service
> > with: file:/home/rahul/new_workspace1/Client/WEB-INF/wsdl/HelloWorld.wsdl
> {
> > http://service.web/}HelloWorldImplService<http://service.web/%7DHelloWorldImplService>
> > 2009-06-28 16:41:18,844 DEBUG [CXFPortMethodInterceptor] I am in
> intercept
> > method of CXFPortMethodInterceptor!
> > 2009-06-28 16:41:20,676 DEBUG [PortMethodInterceptor] information is:
> > passwordws-clienthttp://localhost:8080/ServiceG/HelloWorld
> > 2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set address
> property:
> > http://localhost:8080/ServiceG/HelloWorld
> > *2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set username
> > property: ws-client
> > 2009-06-28 16:41:20,677 DEBUG [PortMethodInterceptor] Set username
> > property: password*
> > 2009-06-28 16:41:20,677 DEBUG [CXFPortMethodInterceptor] Am I doing
> right!
> > 2009-06-28 16:41:21,010 INFO  [SAAJFactoryFinder] Default SAAJ universe
> not
> > set
> > 2009-06-28 16:41:22,947 ERROR [log] /invoke/hello
> > javax.xml.ws.soap.SOAPFaultException: An error was discovered processing
> > the <wsse:Security> header
> >     at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:145)
> >     at $Proxy66.sayHi(Unknown Source)
> >     at HelloServlet.doGet(HelloServlet.java:58)
> >     at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
> >     at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> >     at
> > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:521)
> >     at
> >
> org.apache.geronimo.jetty7.InternalJettyServletHolder.handle(InternalJettyS
> >ervletHolder.java:60) at
> >
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:435)
> >     at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:11
> >8) at
> >
> org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:
> >179) at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.jav
> >a:928) at
> > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:370)
> >     at
> >
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java
> >:862) at
> >
> org.apache.geronimo.jetty7.handler.TwistyWebAppContext.doScope(TwistyWebApp
> >Context.java:114) at
> >
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:11
> >6) at
> >
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHan
> >dlerCollection.java:243) at
> >
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection
> >.java:126) at
> >
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:
> >115) at org.eclipse.jetty.server.Server.handle(Server.java:330)
> >     at
> >
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:5
> >57) at
> >
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpC
> >onnection.java:933) at
> > org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:530) at
> > org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:203) at
> > org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:413)
> >     at
> >
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.ja
> >va:438) at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:214)
> at
> >
> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPo
> >ol.java:344) at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.j
> >ava:886) at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:
> >908) at java.lang.Thread.run(Thread.java:619)
> > Caused by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
> > processing the <wsse:Security> header
> >     at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalF
> >ault(Soap11FaultInInterceptor.java:75) at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
> >age(Soap11FaultInInterceptor.java:46) at
> >
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMess
> >age(Soap11FaultInInterceptor.java:35) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> >
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(Ab
> >stractFaultChainInitiatorObserver.java:96) at
> >
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
> >(CheckFaultInterceptor.java:69) at
> >
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage
> >(CheckFaultInterceptor.java:34) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> >eInternal(HTTPConduit.java:2102) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespons
> >e(HTTPConduit.java:1980) at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCon
> >duit.java:1905) at
> > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
> >     at
> > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:600) at
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInte
> >rceptor.handleMessage(MessageSenderInterceptor.java:62) at
> >
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
> >n.java:226) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) at
> > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) at
> > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) at
> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
> >     ... 29 more
> > 2009-06-28 17:11:14,685 INFO  [XSRFHandler] Removed destroyed
> > sessionId=jm4124n35l4g
> > 2009-06-28 17:11:14,687 INFO  [XSRFHandler] Removed destroyed
> > sessionId=jm4124n35l4g
> >
> >
> > Here is the send/receive messages (caught by tcpmonitor tool) - expected
> > with ws-security usertoken header
> >
> > <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Body><ns2:sayH
> >i xmlns:ns2="http://service.web/
> > "><arg0>Rahul</arg0></ns2:sayHi></soap:Body></soap:Envelope>
> >
> >
> > <soap:Envelope
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Body><soap:Fau
> >lt><faultcode xmlns:ns1="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
> >.0.xsd">ns1:InvalidSecurity</faultcode><faultstring>An error was
> discovered
> > processing the &lt;wsse:Security>
> > header</faultstring></soap:Fault></soap:Body></soap:Envelope>
> >
> >
> > - >I have set the usernameToken property in
> > org.apache.geronimo.jaxws.client.EndpointInfo and
> > org.apache.geronimo.jaxws.builder.EndpointBuilder.
> >
> > -> I have put some usertoken specific code in the PortMethodInterceptor
> > class (org.apache.geronimo.jaxws.client.PortMethodInterceptor) to set the
> > username and password.
> >
> > org.apache.geronimo.jaxws.client.PortMethodInterceptor.java
> > ...
> > ....
> >  String username = info.getUserName();
> >         if (username != null) {
> >
> > proxy.getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
> username);
> >             LOG.debug("Set username property: " + username);
> >         }
> >
> >         String password = info.getPassword();
> >         if (password != null) {
> >
> > proxy.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
> password);
> >             LOG.debug("Set username property: " + password);
> >         }
> > ...
> >
> >
> > and here is my cxf specific CXFPortMethodInterceptor, I am not sure its
> > well written. I need help in this, about how to use the cxf specific apis
> > to set the properties.
> >
> >
> > org.apache.geronimo.cxf.CXFPortMethodInterceptor
> >
> > public class CXFPortMethodInterceptor extends PortMethodInterceptor {
> >     private static final Logger LOG =
> > LoggerFactory.getLogger(CXFPortMethodInterceptor.class);
> >
> >     public CXFPortMethodInterceptor(Map<Object, EndpointInfo> seiInfoMap)
> {
> >         super(seiInfoMap);
> >        LOG.debug("View the seiInfoMap.values()  !" +
> seiInfoMap.values());
> >     }
> >
> >     public Object intercept(Object target, Method method, Object[]
> > arguments, MethodProxy methodProxy) throws Throwable {
> >         LOG.debug("I am in intercept method of
> CXFPortMethodInterceptor!");
> >         Object proxy = super.intercept(target, method, arguments,
> > methodProxy);
> >
> >         BindingProvider cxfProxy = (BindingProvider) proxy;
> >
> >         //To cast a client proxy to a CXF client:
> >         org.apache.cxf.endpoint.Client client =
> >             org.apache.cxf.frontend.ClientProxy.getClient(cxfProxy);
> >        // testiing : used due to "No security action was defined." error
> >
> > org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor
> > soapInterceptor =
> >             new
> > org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor();
> >
> >         org.apache.cxf.endpoint.Endpoint cxfEndpoint =
> > client.getEndpoint();
> > cxfEndpoint.getOutInterceptors().add(soapInterceptor);
> >
> >         cxfEndpoint.getOutInterceptors().add(new
> > org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor());
> >
> >         LOG.debug("Am I doing right!");
> >         return proxy;
> >     }
> >  }
> >
> > I am 100% sure, I am making some (or lot of) mistakes in the above code
> and
> > I need help to get it fix.
> >
> >
> > Can you please guide me in this? I apologize if its a trivial problem.
> >
> > I am stuck here. I think if i get thru with this then i wil have good
> idea
> > about usage of cxf specific apis and can easily set other properties
> (like
> > X.509 etc)
> >
> >
> > Many Thanks in advance for your help.
> >
> > PS: sorry for long email.
> >
> > Best Regards,
> > Rahul
>
> --
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>

Mime
View raw message