Discussion:
[jboss-user] [JBoss Web Services] - how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?
Joseph Hwang
2013-05-28 05:05:43 UTC
Permalink
Joseph Hwang [https://community.jboss.org/people/aupres] created the discussion

"how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/819762#819762

--------------------------------------------------------------
As you know, ws-security in jboss 5 was implemented with jboss-wsse-server.xml like below :

=== jboss-wsse-server.xml ======
<jboss-ws-security xmlns=" http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/config"  xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=" http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/config  http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
   <key-store-file>WEB-INF/wsse.keystore</key-store-file>
   <key-store-password>jbossws</key-store-password>
   <trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
   <trust-store-password>jbossws</trust-store-password>

   <config>
     <sign type="x509v3" alias="wsse"/>
     <requires>
       <signature/>
     </requires>
   </config>
</jboss-ws-security>

and,

@WebService
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
public class HelloJavaBean
{
   .....

I want to know how to migrate these jboss-5 ws-security settings to jboss 7. I guess 'endpoint-config' element of jboss-7 standalone.xml is related with these setting.

<subsystem xmlns="urn:jboss:domain:webservices:1.1">
   <modify-wsdl-address>true</modify-wsdl-address>
   <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>

   <endpoint-config name="Standard-Endpoint-Config"/>
   <endpoint-config name="Recording-Endpoint-Config">
       <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
          <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
       </pre-handler-chain>
    </endpoint-config>
*<endpoint-config name="Custom-Endpoint-Config"> <!-- I think element would be like this format, just guess!-->*
*          <property name="key-store-file" value="WEB-INF/wsse.keystore"/>*
*          <property name="key-store-password" value="jbossws"/>*
*     </endpoint-config>*
</subsystem>

@WebService
@EndpointConfig(configName = *"Custom-Endpoint-Config"*>
public class HelloJavaBean
{
.....

If you know any document or reference site, kindly inform me.
Best regards.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/819762#819762]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Alessio Soldano
2013-05-28 08:42:57 UTC
Permalink
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/819805#819805

--------------------------------------------------------------
Joseph,
the webservices stack in JBoss AS 7 is JBossWS-CXF, so the WS-Security implementation is completely different and configured differently. Have a look at https://docs.jboss.org/author/display/AS71/WS-Security https://docs.jboss.org/author/display/AS71/WS-Security for further details on the ws-security usage in 7.1
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/819805#819805]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Joseph Hwang
2013-05-28 11:25:40 UTC
Permalink
Joseph Hwang [https://community.jboss.org/people/aupres] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/819844#819844

--------------------------------------------------------------
Thank you for your reply, Alessio. I understand it.
I use Eclipse IDE and JBossTools in implementing JBoss web services. As you know, wsdl is generated automatically with Eclipse IDE JBossWS wizard. But in this doc I have to type in <wsp:Policy> element in wsdl manually and build with ant.
I don't know how to generate wsdl with <wsp:Policy> element automatically in Eclipse IDE and JBossTools.
And I have some problems in invoking jaxws-endpoint-config.xml in my Eclipse project. The property name and value can't be defined. Pls, see this thread, https://community.jboss.org/thread/228269 https://community.jboss.org/thread/228269.

I need your advice. Best regards!

--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/819844#819844]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Alessio Soldano
2013-05-28 12:44:07 UTC
Permalink
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/819860#819860

--------------------------------------------------------------
I don't know a lot of Eclipse tooling, but generally speaking you're responsible for setting the desired policy assertions in the wsdl (it's a contract first approach). I don't think the eclipse tooling has wizards for automatically creating the policy assertions of given security setups, but I might not be up-to-date here.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/819860#819860]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Joseph Hwang
2013-05-31 12:01:01 UTC
Permalink
Joseph Hwang [https://community.jboss.org/people/aupres] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/820659#820659

--------------------------------------------------------------
Alessio, I reproduced ws-security of jbossws-cxf successfully with your document. And I have a few suggestions to Jbossws-cxf ws-security implementation.
As you know, jpa provides the persistence.xml. With this file Eclipse IDE user can interact and set properties with hibernate. For your understanding, this is the sample.

<persistence xmlns=" http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation=" http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd" version="2.0">
<persistence-unit name="MyFamily">
  <jta-data-source>java:jboss/datasources/MySqlDS</jta-data-source>
  <properties>
   <property name="hibernate.show_sql" value="true"/> *==> these elements can set the properties to hibernate and generate table automatically when build*
   <property name="org.hibernate.hbm2ddl" value="update"/>  *==> these elements can set the properties to hibernate and generate table automatically when build*

   <property name="org.hibernate.dialect" value="org.hibernate.dialect.MySQL5Dialect"/>  *==> these elements can set the properties to hibernate and generate table automatically when build*

  </properties>
</persistence-unit>
</persistence>


jaxws-endpoint-config.xml of jbossws-cxf  in eclispe IDE has no such functions. jaxws-endpoint-config.xml in eclispe IDE throws no exception even when it is
invalid xml file. And in wsdl I have to type in <wsp:Policy> element manually , even namespaces.
Alessio! I suggest that Eclipse IDE user can implement jbossws-cxf ws-security easily and automatically with jaxws-endpoint-config.xml. I want two fuctions to be provided to jaxws-endpoint-config.xml.

1. During building and deploying web services in eclipse IDE, <wsp:Policy> element is generated automatically in wsdl with the property settings of jaxws-endpoint-config.xml file. wsdl can be generated in Eclipse IDE during deployment.
2. During building and deploying web services in eclipse IDE, jaxws-endpoint-config.xml throws exceptions when settings are not correct.

How about my suggestion? If you agree, I will post this issue on JIRA for your development.
I am an author of JBoss AS and preparing for next JBoss AS 8, wildfly. In my next book about wildfly with eclipse, I want to add ws-security section. I am sure this will be helpful to implement ws-security in jbossws-cxf.

I am waiting your positive reply. Thanks! ;)
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/820659#820659]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Alessio Soldano
2013-05-31 12:51:22 UTC
Permalink
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/820670#820670

--------------------------------------------------------------
Hi Joseph,
I appreciate your proactive approach. The problem here is however a bit more complicated. Let's forget about the IDE for a while, the issue here is that the whole ws-security policy support is contract based. Moreover, there's really a big set of possible configurations you can have for the ws-security policy assertions. So, something which might be worth evaluating is a functionality for generating templates / examples of ws-security assertions for common scenarios. We could have, e.g. a list of ws security configuration names each corresponding to a set of assertions to be added in the wsdl. That would allow providing a basic java-first ws-security policy support. The configuration name could then of course be specified either in the jaxws-endpoint-config.xml or using a new custom annotation in the endpoint class. Then, the IDE could be updated to pick up this functionality.
WDYT?
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/820670#820670]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Joseph Hwang
2013-05-31 13:30:47 UTC
Permalink
Joseph Hwang [https://community.jboss.org/people/aupres] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/820682#820682

--------------------------------------------------------------
Thank you for your detailed reply, Alessio. I understand your circumstance.
Then pls, inform me until when your issue of a functionality for generating templates / examples of ws-security assertions for common scenarios will be solved. I mean the version of JBossWS-CXF.
As I told you, I have plan to write a book about Wildfly with Eclipse IDE. WS-security implementation in IDE is important in my book.

Thanks in advanced. Have a nice day! :)


--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/820682#820682]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Alessio Soldano
2013-05-31 15:47:08 UTC
Permalink
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/820718#820718

--------------------------------------------------------------
OK, I've created a jira for the general work that would need to be done: https://issues.jboss.org/browse/JBWS-3648 https://issues.jboss.org/browse/JBWS-3648
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/820718#820718]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Xavier Dury
2013-07-19 08:37:29 UTC
Permalink
Xavier Dury [https://community.jboss.org/people/xdury] created the discussion

"Re: how to migrate jboss-wsse-server.xml setting of jboss 5 to jboss 7.1?"

To view the discussion, visit: https://community.jboss.org/message/828807#828807

--------------------------------------------------------------
You could also take a look at this thread: https://community.jboss.org/thread/214266 https://community.jboss.org/thread/214266
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/828807#828807]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
Loading...