Łukasz Marczuk [http://community.jboss.org/people/lmarczuk] created the discussion
"Problem with securing web service with ws security ( username token )" To view the discussion, visit: http://community.jboss.org/message/560597#560597 -------------------------------------------------------------- Hello, I'am trying to secure web service ( from ejb 3.0 stateless bean) and it is not working. here is my code : Bean : @Stateless @SOAPBinding(style=SOAPBinding.Style.RPC) @SecurityDomain("JBossWS") @EndpointConfig(configName = "Standard WSSecurity Endpoint") @WebService(name="Hello",targetNamespace = " http://test http://test",serviceName = "HelloWSSService") public class HelloBean implements IHello { @WebMethod public String sayHello(String aName) { return "siemanko " + aName; } } // ... some imports @Stateless @SOAPBinding(style=SOAPBinding.Style.RPC) @SecurityDomain("JBossWS") @EndpointConfig(configName = "Standard WSSecurity Endpoint") @WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService") public class HelloBean implements IHello { �...@webmethod public String sayHello(String aName) { return "siemanko " + aName; } } interface : @SOAPBinding(style = SOAPBinding.Style.DOCUMENT) @EndpointConfig(configName = "Standard WSSecurity Endpoint") @WebService(name="Hello",targetNamespace = "http://test",serviceName = "HelloWSSService") public interface IHello { String sayHello( String name); } In my META-INF folder i put jboss-wsse-server.xml file : <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd";> <config> <timestamp ttl="300"/> <requires/> </config> </jboss-ws-security> Now i deploy my app on server and i test it from SoapUI. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:test="http://test";> <soapenv:Header/> <soapenv:Body> <test:sayHello> <arg0>?</arg0> </test:sayHello> </soapenv:Body> </soapenv:Envelope> And anser : <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";> <env:Header> <wsse:Security env:mustUnderstand="1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsu:Timestamp wsu:Id="timestamp"> <wsu:Created>2010-09-06T11:41:38.621Z</wsu:Created> <wsu:Expires>2010-09-06T11:46:38.621Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </env:Header> <env:Body> <test:sayHelloResponse xmlns:test="http://test";> <return>siemanko ?</return> </test:sayHelloResponse> </env:Body> </env:Envelope> Got any idea why i can't secure my web service like that? i tryid it on jboss 4.2.3 , 5.01, 5.1, and 6 actually i work on 5.0.1 with JBoss Web Services - Native Server 3.3.1.GA. Mayby i'm skipping some step or jboss-wsse-server.xml is incorect ? when i put to jboss-wsse-server.xml this : <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd";> <config> <username/> <authenticate> <usernameAuth/> </authenticate> </config> </jboss-ws-security> Also nothing happend and i'am albe to get response without puting principals in header. JBossWS is good configured in login-config.xml Please help. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/560597#560597] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
