问题
i am trying to get WS-Security encryption working on Wildfly. I read this doc: https://docs.jboss.org/author/display/WFLY8/WS-Security.
I want my soap messages to travel encrypted from client to server and vice-versa.
I followed the steps for server and client but the message are not encrypted and the server do not complaint about de unencrypted message that it receives.
The unique difference with the doc example is that we do not use WSDL contract enforcing(Our wsdl does not include information about encryption).
Webservice server and client both works like the encryption is not configured.
1) Webservice Implementation
@WebService(serviceName = "IMDService",
portName="IMDServicePort",
targetNamespace="http://ws.prueba.com")
@SOAPBinding(style = SOAPBinding.Style.RPC)
@Remote(IMDService.class)
@Stateless
@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
public class IMDServiceImpl implements IMDService {
...
}
2) The file jaxws-endpoint-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
<endpoint-config>
<config-name>Custom WS-Security Endpoint</config-name>
<property>
<property-name>ws-security.signature.properties</property-name>
<property-value>bob.properties</property-value>
</property>
<property>
<property-name>ws-security.encryption.properties</property-name>
<property-value>bob.properties</property-value>
</property>
<property>
<property-name>ws-security.signature.username</property-name>
<property-value>bob</property-value>
</property>
<property>
<property-name>ws-security.encryption.username</property-name>
<property-value>alice</property-value>
</property>
<property>
<property-name>ws-security.callback-handler</property-name>
<property-value>ar.com.condortech.business.KeystorePasswordCallback</property-value>
</property>
</endpoint-config>
</jaxws-config>
3) Here we have bob.properties and alice.properties files content:
alice.properties
================
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=alice
org.apache.ws.security.crypto.merlin.keystore.file=alice.jks
bob.properties
==============
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=bob
org.apache.ws.security.crypto.merlin.keystore.file=bob.jks
We have generated both keytores correctly.
4) In the client side i put properties into Service interface:
IMDService imdService = this.getService(); //We call to own method for obtain the service...
((BindingProvider)imdService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new KeystorePasswordCallback());
((BindingProvider)imdService).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
Thread.currentThread().getContextClassLoader().getResource("alice.properties"));
((BindingProvider)imdService).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
Thread.currentThread().getContextClassLoader().getResource("alice.properties"));
((BindingProvider)imdService).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "alice");
((BindingProvider)imdService).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME, "bob");
5) I managed dependencies with maven and all are in the provided scope in order to not be indcluded in the final war:
- org.jboss.ws.native (jbossws-native-core) - 4.2.0.Final
- org.apache.ws.security (wss4j) - 1.6.17
- org.apache.cxf (cxf-rt-ws-security, cxf-rt-frontend-jaxws, cxf-rt-transports-http, cxf-rt-transports-http-jetty) - 2.2.3
6) MANIFEST file content is:
Manifest-Version: 1.0
Built-By: laispuru
Build-Jdk: 1.8.0_05
Created-By: Maven Integration for Eclipse
Dependencies: org.apache.ws.security
来源:https://stackoverflow.com/questions/26529582/webservice-encryption-not-working-jbossws-cxf