This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
We tried to enable the web service message-level security provided by jwsdp (XWS-Security) both at the domain level and the application (actually, method) level. We were successful in enabling security at the domain level, but have not been able to do the same for the application. Here is what we did. In enabling at the domain-level, we followed the instructions provided in: http://docs.sun.com/source/819-0076/ws-security.html This worked well. At the application level, the documentation did not exactly apply because we have JSR-109-based web services and clients. So we looked up the message security entries from the DTD of the server-specific DD and attempted to apply those entries in sun-web.xml, both for the web service and the client. For the web service, we added the following entries (for a sayHello(String) method under the <webservice-endpoint> element: <message-security-binding auth-layer="SOAP" provider-id="ServerProvider"> <message-security> <message> <java-method> <method-name>sayHello</method-name> <method-params> <method-param>java.lang.String</method-param> </method-params> </java-method> </message> <request-protection auth-source="content" /> <response-protection auth-source="content" /> </message-security> </message-security-binding> On the client side, we added the corresponding entries under the <port-info> element: <message-security-binding auth-layer="SOAP" provider-id="ClientProvider"> <message-security> <message> <java-method> <method-name>sayHello</method-name> <method-params> <method-param>java.lang.String</method-param> </method-params> </java-method> </message> <request-protection auth-source="content" /> <response-protection auth-source="content" /> </message-security> </message-security-binding> Upon running the web service, we got the following error message from the server log which seem to indicate that the security header is not being put in the request message: [#|2005-01-21T17:28:48.388-0800|INFO|sun-appserver-pe8.1|javax.enterprise.resource.webservices.security|_ThreadID=23;|==== Received Message Start ==== <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="urn:HelloService/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <env:Body> <ns0:sayHello> <String_1 xsi:type="xsd:string">Rico</String_1> </ns0:sayHello> </env:Body> </env:Envelope> ==== Received Message End ==== |#] [#|2005-01-21T17:28:48.388-0800|SEVERE|sun-appserver-pe8.1|javax.enterprise.resource.webservices.security|_ThreadID=23;|WSS0202: No wsse:Security element in the message|#] [#|2005-01-21T17:28:48.388-0800|SEVERE|sun-appserver-pe8.1|javax.enterprise.system.core.security|_ThreadID=23;|Container-auth: wss: Error validating request com.sun.enterprise.security.jauth.AuthException: Message does not contain wsse:Security Header at com.sun.xml.wss.provider.ServerSecurityAuthModule.validateRequest(ServerSecurityAuthModule.java:60) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) I will be attaching the war files of the web service and the client (a servlet) for your reference.
Created attachment 19961 [details] War file of the web app that contains the web service client
Created attachment 19962 [details] War file that contains the web service
My apologies. This should be filed with the app server in bugtraq. Closing this. Rico
new / invalid