Skip to main content

where in the tube sequence should i put my custom tube?

5 replies [Last post]
wboyd
Offline
Joined: 2003-08-11

hello forum,

my system: metro jax-ws ri 2.1.4, wsit 1.3, jaxb 2.1.9, windows xp sp3, jboss 4.2.3

i've got my service and client configured with wsit for mutual certificate security. it works fine. now, i need runtime programatic access to the ws.* elements in the soap msg.

i thought i could use jax-ws 2.1 soaphandlers (http://forums.java.net/jive/thread.jspa?threadID=60755&tstart=15). but i've now realized handlers are not going to get me what i need. so, i've discovered tubes and tubeline assemblers.

i've coded and deployed the attached tubeline implementation. i've assembled my custom tube like so:

<br />
 	public NextAction processRequest(Packet packet) {</p>
<p>		System.out.println("in AuthNLoggingTube.processRequest()");<br />
		Message msg = packet.getMessage();<br />
		if (msg == null) {          // oneway<br />
            return super.processRequest(packet);<br />
        }<br />
		HeaderList allHeaders = msg.getHeaders();<br />
		if ( allHeaders != null ) {<br />
			int numHdrs = allHeaders.size();</p>
<p>			System.out.println("got " + numHdrs +  " headers in AuthNLoggingTube.processRequest()");<br />
			for (int i = 0; i < numHdrs; i++ ){<br />
				Header hdr = allHeaders.get(i);<br />
				System.out.println("uri: " + hdr.getNamespaceURI());<br />
				System.out.println("elem name: " + hdr.getLocalPart());</p>
<p>			}<br />
			...<br />
		return super.processRequest(packet);<br />
	}</p>
<p>	public Tube createClient(ClientTubeAssemblerContext context) {<br />
		 Tube head = context.createTransportTube();<br />
	        head = context.createSecurityTube(head);<br />
	        head = context.createWsaTube(head);<br />
	        head = context.createClientMUTube(head);<br />
	        return context.createHandlerTube(head);<br />
	}</p>
<p>   	public Tube createServer(ServerTubeAssemblerContext context) {<br />
		 Tube head = context.getTerminalTube();<br />
	        head = context.createHandlerTube(head);<br />
	        head = context.createMonitoringTube(head);<br />
	        head = context.createServerMUTube(head);<br />
	        head = context.createWsaTube(head);<br />
	        head = context.createSecurityTube(head);<br />
	        head = new AuthNLoggingTube(head);<br />
	        return head;<br />
	}<br />

the above and attached are not a million miles away from this: http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Modules/jax-ws-r..., i don't think. i followed along pretty closely with this tutorial from the author of that StandaloneTubeAssembler.java source.

i deploy everything successfully. my server logs report:

<br />
   DEBUG [com.sun.xml.ws.api.pipe.TubelineAssemblerFactory] class metro.dev.java.net.ws.security.AuthNLoggingTubelineAssemblerFactory successfully created metro.dev.java.net.ws.security.AuthNLoggingTubelineAssembler@1c6bb75<br />

before deploying this tube, the wsit runtime correctly put all the expected security stuff in both the request and the response. however, with this tube deployed, the wsit runtime doesn't add any security stuff to neither the request nor the response anymore. the only headers present (in request and response) is "To", "Action", "Reply To", "MessageID". but not "Security" header.

what gives?

for what its worth, the test client is deployed on the same machine as the service.

please, can somebody point me in the right direction? thanks in advance for your help.

many thanks

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
m_potociar
Offline
Joined: 2006-05-03

hi,

> good question. i'd assumed that because the wsit runtime logged the following, that my custom tube was definately being created

by "proper handling" i meant if you are sure that your tube somehow does not loose the link to the security tube... but that is really just a long shot...

Marek

m_potociar
Offline
Joined: 2006-05-03

Hello William,
did you try to debug? Is really security tube getting created when your TubelineAssembler kicks in?

Also, what is the context of the zipped files you attached? All I can see is that both WSIT config and WSDL have security policies in it and I can see there are four messages - two encrypted and two not encrypted. Unfortunately I don't see how that could help me to find your issue. I don't have a running code that reproduces the issue which I could try to debug.

So, all I can do right now is just guess again. Are you sure you properly handle tube creation and Tube instance copying? Try to move your tube instance up and down the tubeline and see if it doesn't make other tubes to "disappear" or stop working as well. And definitely try to debug inside your TubelineAssembler and inside your tubes.

Also, I noticed that you are running on jboss. Could you try glassfish v2 and check if the same issue can be reproduced there?

Thanks,
Marek

wboyd
Offline
Joined: 2003-08-11

thanks marek,

apologies for the fuzzy context. i will do what you suggested and report back with my findings.

>...Are you sure you properly handle tube creation...

good question. i'd assumed that because the wsit runtime logged the following, that my custom tube was definately being created:

[code] DEBUG [com.sun.xml.ws.api.pipe.TubelineAssemblerFactory] class metro.dev.java.net.ws.security.AuthNLoggingTubelineAssemblerFactory successfully created metro.dev.java.net.ws.security.AuthNLoggingTubelineAssembler@1c6bb75
[/code]

i will investigate that further though to make double sure.

sincere thanks, marek

m_potociar
Offline
Joined: 2006-05-03

The only thing that comes to my mind is that you don't have security configured propery via wsit config file(s)... Bud then you say you do have a proper config. Can you verify that?

Marek

wboyd
Offline
Joined: 2003-08-11

hi marek,

thanks again for your reply.

when i use the attached wsit config files (_without_ the custom tubeline that i attached in my previous msg), it works. by "it works", i mean the wsit runtime produces the attached soap request and response msgs with the expected tokens, signature and encryption.

however, deploying the service with the exact same attached wsit config files together _with_ the custom tubeline components, then the soap request and response messages that are produced are just as if i never configured the wsit (even though the wsit configuration _is_ deployed). that is, the jax-ws pipleline stuff "works", but the security stuff takes a vacation ;¬).

i've "obfuscated" some of the element names, namespaces and values for confidentiality. but the structure of the data and of course all of the ws-* stuff is unchanged from what it is when i actually deploy and test the service.

sincere thanks for any guidance you can offer, marek. much appreciated.

keep up the good work :¬)

many thanks