Simple ws-security encryption service with soapui
This is my ws-security encryption service. It's definitely working successfully in wildfly. First only one secure key is generated with keytool
keytool -genkey -keyalg RSA -alias servicekey -keypass password123 -storepass password123 -keystore serviceKeystore.jks –dname "cn=joseph“
In service side ws-security configuration is set with these files(jaxws-endpoint-config.xml,MANIFEST.MF and server.properties).
jaxws-endpoint-config.xml :
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
<endpoint-config>
<config-name>Custom WS-Security Endpoint</config-name>
<property>
<property-name>ws-security.signature.properties</property-name>
<property-value>META-INF/server.properties</property-value>
</property>
<property>
<property-name>ws-security.encryption.properties</property-name>
<property-value>META-INF/server.properties</property-value>
</property>
<property>
<property-name>ws-security.signature.username</property-name>
<property-value>servicekey</property-value>
</property>
<property>
<property-name>ws-security.callback-handler</property-name>
<property-value>
com.aaa.soap.KeystorePasswordCallback
</property-value>
</property>
</endpoint-config>
</jaxws-config>server.properties :
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=password123 org.apache.ws.security.crypto.merlin.keystore.alias=servicekey org.apache.ws.security.crypto.merlin.keystore.file=META-INF/serviceKeystore.jks
MANIFEST.MF :
Manifest-Version: 1.0 Dependencies: org.apache.cxf.impl, org.apache.ws.security services Class-Path:
Client jsp file contains another configuration file (client.properties)
JSP file :
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=EUC-KR">
<title>WildFly SOAP Security test</title>
</head>
<body>
<%
String SERVICE_URL = "http://localhost:8080/WSSEncryptWeb/HelloWorld";
try {
QName serviceName = new QName("http://soap.aaa.com/", "HelloWorldService");
URL wsdlURL;
wsdlURL = new URL(SERVICE_URL + "?wsdl");
Service service = Service.create(wsdlURL, serviceName);
IHelloWorld port = (IHelloWorld) service.getPort(IHelloWorld.class);
((BindingProvider) port).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
((BindingProvider) port).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
Thread.currentThread().getContextClassLoader().getResource("META-INF/client.properties"));
((BindingProvider) port).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, "servicekey");
out.println(port.sayHello("jina"));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
%>
</body>
</html>client.properties :
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=password123 org.apache.ws.security.crypto.merlin.keystore.alias=servicekey org.apache.ws.security.crypto.merlin.keystore.file=META-INF/serviceKeystore.jks
The point is the number of encryption key is the only one serviceKeystore.jks file. However I am still stuck with this point. For your information the following images show the soapui configuration.
Keystore configuration
Encryption configuration :
SOAP Request configuration :
But this soapui configuration returns the soap fault
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity</faultcode>
<faultstring>An error was discovered processing the <wsse:Security> header</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>And these exception is thrown from sei
20:57:51,004 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-63) Interceptor for {http://soap.aaa.com/}HelloWorldService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: An error was discovered processing the <wsse:Security> header
at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:216)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:79)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:66)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108)
at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: An error was discovered processing the <wsse:Security> header
at org.apache.wss4j.common.crypto.AlgorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(AlgorithmSuiteValidator.java:149)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:550)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:481)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:199)
at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76)
at org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:344)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280)
... 42 moreI need your help sincerely. Pls, do not hesitate posting your reply. Thanks in advance.