We have a web application that is comprised of various web services that are exposed to our front end development team. We are a small shop so security has never been a concern for us, but we still want to know how to implement it.
We are using Netbeans 7.0.1, Glassfish 3.1.1 b12, and SOAP. We have configured basic security through the wizards in Netbeans and had that working. We then tried to added Transport Security and we verified that it was added to the WSDL file. It is when we tried to add SSL that we are getting the following errors:
On the Server side:
SEVERE: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled SEVERE: WSITPVD0035: Error in Verifying Security in Inbound Message. com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:983) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:232) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:586) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:360) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:263) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:173) at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144) at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
On the Client side:
09:36:16,464 WARNING [org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor] (http--127.0.0.1-443-1) Request does not contain Security header, but it's a fault. 09:36:16,467 ERROR [org.jboss.ejb3.invocation] (http--127.0.0.1-443-1) JBAS014134: EJB Invocation failed on component ActivityEJB for method public ja va.util.List com.enginsol.ActivityEJB.getActivities(int): javax.ejb.EJBException: javax.xml.ws.soap.SOAPFaultException: Invalid Security Header at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:166) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:230) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:304) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:190) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.0.Final.jar:7. 1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.Final.jar:7 .1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
Each web service is protected basically the same way in the sun-ejb-jar.xml:
<ejb>
<ejb-name>ActivityWS</ejb-name>
<webservice-endpoint>
<port-component-name>ActivityWS</port-component-name>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</webservice-endpoint>
</ejb>因为我们已经清除了与缺少密钥库和密钥库密码错误相关的启动错误,我们最近添加的RESTful服务运行良好(弹出一个用户名/密码对话框,并通过SSL运行)客户端和服务器最初都部署到Glassfish,但我们创建了一个小的服务消费者,并将其部署到JBoss 7。1来尝试排除Glassfish错误。
这是我们在SO上能找到的最接近的答案,OP给出的答案很模糊,所以我们仍然没有解决办法。Java Glassfish - How to consume SSL web service?
更新日期:
我浏览了吉姆贴出的指南,我向sun-ejb-jar添加了安全角色,并向Web服务添加了允许注解的角色(以前,在一个sun-application.xml和另一个ejb-jar.xml中处理角色)。我们的服务是EJB端点,所以我浏览了指南中的相关信息,但仍然得到相同的错误。
1条答案
按热度按时间gblwokeq1#
您将证书添加到了glassfish中domain 1/config目录下的?keystore.jks的什么位置?您是否将SSL http侦听器指向了新证书的别名?您是否通过ssl端口(默认为8181)连接到了glassfish?