After researching how to make a custom axis 1.4 provider which supports WSSE
and passes the certificate to jboss here is a code level synopisis.
notice the create is done with the standard username/assword login module
META-INF/services/org.apache.axis.deployment.wsdd.Provider
ws.WSDDJavaEJBProvider
jboss/server/all/conf/login-config.xml
<application-policy name="ws">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseCertLoginModule"
flag="sufficient" >
<module-option name="securityDomain">java:/jaas/ws</module-option>
<module-option name="dsJndiName">java:/ds/ws</module-option>
<module-option name="rolesQuery">select Role, RoleGroup from Roles where
PrincipalID=?</module-option>
<module-option
name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="sufficient">
<module-option name="multi-threaded">true</module-option>
<module-option
name="usersProperties">props/jbossws-users.properties</module-option>
<module-option
name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
Instead of providing too much info here, most other information can be found on
the wsse or axis or jboss sites.
Any questions, email this list.
import java.lang.reflect.Method;
import java.lang.reflect.InvocationTargetException;
import java.util.Properties;
import java.util.Hashtable;
import java.util.Vector;
import java.util.Iterator;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSConstants;
import javax.naming.Context;
import javax.naming.InitialContext;
import org.apache.axis.AxisFault;
import org.apache.axis.Constants;
import org.apache.axis.Handler;
import org.apache.axis.MessageContext;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.handlers.soap.SOAPService;
import org.apache.axis.utils.ClassUtils;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
/**
* A basic EJB Provider
*
* @author Carl Woolf ([EMAIL PROTECTED])
* @author Tom Jordahl ([EMAIL PROTECTED])
* @author C?dric Chabanois ([EMAIL PROTECTED])
*/
public class EJBProvider extends org.apache.axis.providers.java.EJBProvider
{
public static final String jndiSecurityProtocol = "jndiSecurityProtocol";
/**
* Common routine to do the JNDI lookup on the Home interface object
* username and password for jndi lookup are got from the configuration or from
* the messageContext if not found in the configuration
*/
private Object getEJBHome(SOAPService serviceHandler,
MessageContext msgContext,
String beanJndiName)
throws AxisFault
{
Object ejbHome = null;
// Set up an InitialContext and use it get the beanJndiName from JNDI
try {
Properties properties = null;
// collect all the properties we need to access JNDI:
// username, password, factoryclass, contextUrl
// username
String username = getStrOption(jndiUsername, serviceHandler);
if ((username == null) && (msgContext != null)){
username = msgContext.getUsername();
}
if (username != null) {
if (properties == null)
properties = new Properties();
properties.setProperty(Context.SECURITY_PRINCIPAL, username);
}
// password
String password = getStrOption(jndiPassword, serviceHandler);
if ((password == null) && (msgContext != null))
password = msgContext.getPassword();
if (password != null) {
if (properties == null)
properties = new Properties();
properties.setProperty(Context.SECURITY_CREDENTIALS, password);
}
// factory class
String factoryClass = getStrOption(jndiContextClass, serviceHandler);
if (factoryClass != null) {
if (properties == null)
properties = new Properties();
properties.setProperty(Context.INITIAL_CONTEXT_FACTORY, factoryClass);
}
// contextUrl
String contextUrl = getStrOption(jndiURL, serviceHandler);
if (contextUrl != null) {
if (properties == null)
properties = new Properties();
properties.setProperty(Context.PROVIDER_URL, contextUrl);
}
// security Protocol
String securityProtocol = getStrOption(jndiSecurityProtocol, serviceHandler);
if (securityProtocol != null) {
if (properties == null)
properties = new Properties();
properties.setProperty(Context.SECURITY_PROTOCOL, securityProtocol);
}
// get context using these properties
InitialContext context = getContext(properties);
msgContext.getSession().set("context",context);
// if we didn't get a context, fail
if (context == null)
throw new AxisFault( Messages.getMessage("cannotCreateInitialContext00"));
ejbHome = getEJBHome(context, beanJndiName);
if (ejbHome == null)
throw new AxisFault( Messages.getMessage("cannotFindJNDIHome00",beanJndiName));
}
// Should probably catch javax.naming.NameNotFoundException here
catch (Exception exception) {
entLog.info(Messages.getMessage("toAxisFault00"), exception);
throw AxisFault.makeFault(exception);
}
return ejbHome;
}
/**
* Override the default implementation such that we can include
* special handling for [EMAIL PROTECTED] java.rmi.ServerException}.
* <p/>
* Converts [EMAIL PROTECTED] java.rmi.ServerException} exceptions to
* [EMAIL PROTECTED] InvocationTargetException} exceptions with the same cause.
* This allows the axis framework to create a SOAP fault.
* </p>
*
* @see org.apache.axis.providers.java.RPCProvider#invokeMethod(org.apache.axis.MessageContext, java.lang.reflect.Method, java.lang.Object, java.lang.Object[])
*/
protected Object invokeMethod(MessageContext msgContext, Method method,
Object obj, Object[] argValues)
throws Exception {
try {
//security fix causes a rebind which authenticates against the security context
//put wsse security user into environment
Hashtable properties=((InitialContext)msgContext.getSession().get("context")).getEnvironment();
Vector results=null;
//System.out.println(method);
/*for(java.util.Iterator i=msgContext.getPropertyNames();i.hasNext();){
System.out.println("context property " + i.next());
}*/
if ((results = (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)) != null) {
//System.out.println("security results found!! " + results.size());
for (int i = 0; i < results.size(); i++) {
WSHandlerResult hResult = (WSHandlerResult)results.get(i);
String actor = hResult.getActor();
Vector hResults = hResult.getResults();
//System.out.println("results found!! " + hResults.size());
for (int j = 0; j < hResults.size(); j++) {
WSSecurityEngineResult eResult = (WSSecurityEngineResult) hResults.get(j);
// Note: an encryption action does not have an associated principal
// only Signature and UsernameToken actions return a principal
//System.out.println("found principal :"+ eResult.getPrincipal());
//System.out.println("passing client certificate to initial context:"+ eResult.getCertificate());
if(eResult.getAction() == WSConstants.SIGN) {
if(eResult.getCertificate()!=null){
properties.put(Context.SECURITY_PRINCIPAL, eResult.getPrincipal());
}
if(eResult.getCertificate()!=null){
properties.put(Context.SECURITY_CREDENTIALS,eResult.getCertificate());
}
}
}
}
}
try{
new InitialContext(properties).rebind("security_fix",new String());
Object ret=super.invokeMethod(msgContext, method, obj, argValues);
return ret;
}finally{
if(method.getName().equals("remove")){
msgContext.getSession().remove(msgContext.getService().getName());
msgContext.getSession().invalidate();
}
}
} catch (InvocationTargetException ite) {
Throwable cause = getCause(ite);
if (cause instanceof java.rmi.ServerException) {
throw new InvocationTargetException(getCause(cause));
}
throw ite;
}
}
private Throwable getCause(Throwable original) {
try {
Method method = original.getClass().getMethod("getCause", null);
Throwable cause = (Throwable) method.invoke(original, null);
if (cause != null) {
return cause;
}
} catch (NoSuchMethodException nsme) {
// ignore, this occurs under JDK 1.3
} catch (Throwable t) {
}
return original;
}
}
<service name="Click2CallEndpoint" provider="java:EJB_WSSE" style="rpc"
use="encoded">
<parameter name="scope" value="Session"/>
<parameter name="wsdlFile" value="build/generated/nextep_1click.wsdl"/>
<parameter name="wsdlTargetNamespace" value="urn:http://www/endpoint"/>
<parameter name="typeMappingVersion" value="1.2"/>
<parameter name="allowedMethods" value="*"/>
<parameter name="beanJndiName" value="Bean"/>
<parameter name="homeInterfaceName" value="ejb.RemoteHome"/>
<parameter name="remoteInterfaceName" value="ejb.Remote"/>
<parameter name="localHomeInterfaceName" value="ejb.LocalHome"/>
<parameter name="localInterfaceName" value="ejb.Local"/>
<parameter name="jndiURL" value="jnp://localhost:1099"/>
<parameter name="jndiContextClass"
value="org.jboss.security.jndi.JndiLoginInitialContextFactory"/>
<!--certificate roles login module-->
<parameter name="jndiSecurityProtocol" value="siphiaws"/>
<!--configured in jboss -->
<parameter name="jndiUser" value="kermit"/>
<parameter name="jndiPassword" value="thefrog"/>
<requestFlow>
<handler type="session"/>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<!-- to enable username based authentication
<parameter name="action" value="UsernameToken"/>
<parameter name="passwordType" value="PasswordText" />
-->
<!-- to enable certificate based authentication -->
<parameter name="action" value="Signature Timestamp"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="encryptionUser" value="useReqSigCert" />
<parameter name="passwordCallbackClass" value="ws.PasswordCallback"/>
</handler>
<!--http basic authentication
<handler type="authentication"/>
<handler type="authorization"/>-->
</requestFlow>
<responseFlow>
<handler type="session"/>
</responseFlow>
import org.apache.axis.EngineConfiguration;
import org.apache.axis.Handler;
import org.apache.axis.deployment.wsdd.WSDDConstants;
import org.apache.axis.deployment.wsdd.WSDDProvider;
import org.apache.axis.deployment.wsdd.WSDDService;
/**
* A WSDD EJB provider
*
* @author Glen Daniels ([EMAIL PROTECTED])
*/
public class WSDDJavaEJBProvider
extends WSDDProvider
{
public String getName() {
return WSDDConstants.PROVIDER_EJB+"_WSSE";
}
/**
*
*/
public Handler newProviderInstance(WSDDService service,
EngineConfiguration registry)
throws Exception
{
return new ws.EJBProvider();
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
