Skip to main content

webservice using security UserNameToken

3 replies [Last post]
rankin_ut
Offline
Joined: 2009-01-20
Points: 0

Hi guys,

I am trying to resolve a problem we have using glassfish V2 to publish a simple web service using a plain UserNameToken for security reasons. Since we were using Netbeans 6.5 to archive this we were looking into this tutorial:
http://testwww.netbeans.org/kb/60/javaee/identity-amsecurity.html

Therefore the following steps were done:
In our dev environment we installed the Sun Java(TM) System Access Manager and can administer this through the admin console as well as through the Netbeans IDE. All good. The example from the tutorial worked perfect so we thought we are in a good position to move on.

After changing the security options for our web service we published this on our test environment without any Netbeans installed.

After that the following steps were done:
1. deploying the service
2. configure the realm in Access Manager for the IP address
3. setup the expected user to access the web service.

When our partner is now accessing the web service the actual web service code is not accessed and we always find in the server logging that the security header was not understood.

This is the message we receive at the server:

2009-01-19T16:33:38.537Z
2009-01-19T16:34:08.537Z
myUser
myPasswd

uuid:ecc3b150-e646-11dd-96e5-9f80a576275b
http://62.154.241.166:8080/HTNGService/WebServiceForTrustService
http://webservice.trustinternational.com/ws/services/Htng2ReservationSer...

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous

...

our wsit.xml looks like that:
<?xml version="1.0" encoding="UTF-8"?>

Does anyone has any idea what configuration might be missing here?

We also realised that in the IDE after turning the security (AM security) on there was a file created under configuration files/ amserver called amconfig.xml.

This file we can't find on the webserver after deploying the service nor in the *.war nor under addons/amserver or so.

The file internally looks like:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

since the information is already in sun-web.xml which is published on the server I think that should not be the problem but might be helpful for you.

Any help appreciated. Thanks!

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
jfingram
Offline
Joined: 2008-09-18
Points: 0

Hola, he estado trabajando con XWSS en Web Services JAX-WS especificamente implementando la seguridad de tokens usuarios, pero he tenido el siguiente error:

javax.xml.ws.soap.SOAPFaultException: MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood

No se si se debe a que el archivo de configuracion de seguridad este mal escrito o la clase SecurityEnvironmentHandler tanto del cliente como del servidor.

El software con el que estoy trabajando es el siguiente:

apache-ant-1.7.1
metro-1_3
glassfish-installer-v2ur2
jdk-6u3

este es el contenido del archivo de configuracion de seguridad:









SecurityEnvironmentHandler

Gracias por su colaboracion

jfingram
Offline
Joined: 2008-09-18
Points: 0
rankin_ut
Offline
Joined: 2009-01-20
Points: 0

Guys,

since we worked further on the above here a few new things even if it isn't solved.

The example tutorial was rebuild and deployed on the test-server. Client and Server Test app. Both are working fine when started locally on the test-server.

If we configure how ever a client from remote to use the same web-service with the same security information, we find the same error like with our other application.

Therefore I assume it has something to do with the configurations o Access Manager, but no idea which one.

I hope that helps anyone to help me.
Thanks!