Glassfish v3 + Metro issue

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Glassfish v3 + Metro issue

munaf
Hello All,

I am running into an issue with Metro in Glassfish v3. I have a ejb which we exposed as secure web service (Message Authentication over SSL), works great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing following exception:

"com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled
 at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125)"

WS Policy used is TransportBinding + SignedSupportingTokens/usernametoken

The whole communication is over HTTPS but not sure why it say "incoming message was not SSL enabled".

com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.java
public void  [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap) throws PolicyViolationException {

        MessagePolicy actualPolicy = (MessagePolicy)ap;
        MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
        JAXBFilterProcessingContext context = null;
        if (ctx instanceof JAXBFilterProcessingContext) {
            context = (JAXBFilterProcessingContext)ctx;
        }
        //this code has been moved from SecurityRecipient.
        //because in the presence of alternatives this check has to be done
        //with a specific actualpolicy only.
        if (actualPolicy != null) {
            if (actualPolicy.isSSL() && context != null && !context.isSecure()) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
                throw new XWSSecurityRuntimeException(LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
            }
        }

----

I don't understand why context.isSecure() will return false .. all communication is made over HTTPS.


Any insight into this issue would be helpful. Also is there a public repository of metro where i can download the source code.

Thanks,
Munaf
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Glassfish v3 + Metro issue

Lukas Jungmann-2
Hi,

    I'm not sure about the issue you're seeing - leaving that for others
but metro sources in svn repository at:
https://svn.java.net/svn/wsit~svn/trunk/wsit/

--lukas

On 15.10.2012 16:56, Munaf Sahaf wrote:

> Hello All,
>
> I am running into an issue with Metro in Glassfish v3. I have a ejb which
> we exposed as secure web service (Message Authentication over SSL), works
> great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing
> following exception:
>
> "com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security
> Requirements not met - Transport binding configured in policy but incoming
> message was not SSL enabled
>   at
> com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125)"
>
> WS Policy used is *TransportBinding + SignedSupportingTokens/usernametoken*
>
> The whole communication is over HTTPS but not sure why it say "incoming
> message was not SSL enabled".
>
> *com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.java*
> public void  [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap)
> throws PolicyViolationException {
>
>          MessagePolicy actualPolicy = (MessagePolicy)ap;
>          MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
>          JAXBFilterProcessingContext context = null;
>          if (ctx instanceof JAXBFilterProcessingContext) {
>              context = (JAXBFilterProcessingContext)ctx;
>          }
>          //this code has been moved from SecurityRecipient.
>          //because in the presence of alternatives this check has to be done
>          //with a specific actualpolicy only.
>          if (actualPolicy != null) {
>              if (actualPolicy.isSSL() && context != null &&
> !context.isSecure()) {
>                  log.log(Level.SEVERE,
> LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
>                  throw new
> XWSSecurityRuntimeException(LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
>              }
>          }
>
> ----
>
> I don't understand why context.isSecure() will return false .. all
> communication is made over HTTPS.
>
>
> Any insight into this issue would be helpful. Also is there a public
> repository of metro where i can download the source code.
>
> Thanks,
> Munaf
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Glassfish v3 + Metro issue

munaf
Thanks Lukas! svn :(

webservices-osgi.jar is this jar part of Metro?

--Munaf

On Mon, Oct 15, 2012 at 11:10 AM, Lukas Jungmann <[hidden email]> wrote:
Hi,

   I'm not sure about the issue you're seeing - leaving that for others but metro sources in svn repository at: https://svn.java.net/svn/wsit~svn/trunk/wsit/

--lukas


On 15.10.2012 16:56, Munaf Sahaf wrote:
Hello All,

I am running into an issue with Metro in Glassfish v3. I have a ejb which
we exposed as secure web service (Message Authentication over SSL), works
great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing
following exception:

"com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security
Requirements not met - Transport binding configured in policy but incoming
message was not SSL enabled
  at
com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125)"

WS Policy used is *TransportBinding + SignedSupportingTokens/usernametoken*


The whole communication is over HTTPS but not sure why it say "incoming
message was not SSL enabled".

*com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.java*

public void  [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap)
throws PolicyViolationException {

         MessagePolicy actualPolicy = (MessagePolicy)ap;
         MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
         JAXBFilterProcessingContext context = null;
         if (ctx instanceof JAXBFilterProcessingContext) {
             context = (JAXBFilterProcessingContext)ctx;
         }
         //this code has been moved from SecurityRecipient.
         //because in the presence of alternatives this check has to be done
         //with a specific actualpolicy only.
         if (actualPolicy != null) {
             if (actualPolicy.isSSL() && context != null &&
!context.isSecure()) {
                 log.log(Level.SEVERE,
LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
                 throw new
XWSSecurityRuntimeException(LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
             }
         }

----

I don't understand why context.isSecure() will return false .. all
communication is made over HTTPS.


Any insight into this issue would be helpful. Also is there a public
repository of metro where i can download the source code.

Thanks,
Munaf


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Glassfish v3 + Metro issue

Lukas Jungmann-2
On 16.10.2012 18:51, Munaf Sahaf wrote:
> Thanks Lukas! svn :(
>
> webservices-osgi.jar is this jar part of Metro?

yes, this jar is produced by Metro. It's all-in-bundle consisting of
Metro, JAX-WS RI and some of their dependencies.

--lukas

>
> --Munaf
>
> On Mon, Oct 15, 2012 at 11:10 AM, Lukas Jungmann
> <[hidden email]>wrote:
>
>> Hi,
>>
>>     I'm not sure about the issue you're seeing - leaving that for others
>> but metro sources in svn repository at: https://svn.java.net/svn/wsit~**
>> svn/trunk/wsit/ <https://svn.java.net/svn/wsit~svn/trunk/wsit/>
>>
>> --lukas
>>
>>
>> On 15.10.2012 16:56, Munaf Sahaf wrote:
>>
>>> Hello All,
>>>
>>> I am running into an issue with Metro in Glassfish v3. I have a ejb which
>>> we exposed as secure web service (Message Authentication over SSL), works
>>> great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing
>>> following exception:
>>>
>>> "com.sun.xml.wss.impl.**XWSSecurityRuntimeException: WSS1601: Security
>>> Requirements not met - Transport binding configured in policy but incoming
>>> message was not SSL enabled
>>>    at
>>> com.sun.xml.wss.impl.policy.**verifier.**MessagePolicyVerifier.**
>>> verifyPolicy(**MessagePolicyVerifier.java:**125)"
>>>
>>> WS Policy used is *TransportBinding + SignedSupportingTokens/**
>>> usernametoken*
>>>
>>>
>>> The whole communication is over HTTPS but not sure why it say "incoming
>>> message was not SSL enabled".
>>>
>>> *com.sun.xml.wss.impl.policy.**verifier.**MessagePolicyVerifier.java*
>>>
>>> public void  [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap)
>>> throws PolicyViolationException {
>>>
>>>           MessagePolicy actualPolicy = (MessagePolicy)ap;
>>>           MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
>>>           JAXBFilterProcessingContext context = null;
>>>           if (ctx instanceof JAXBFilterProcessingContext) {
>>>               context = (JAXBFilterProcessingContext)**ctx;
>>>           }
>>>           //this code has been moved from SecurityRecipient.
>>>           //because in the presence of alternatives this check has to be
>>> done
>>>           //with a specific actualpolicy only.
>>>           if (actualPolicy != null) {
>>>               if (actualPolicy.isSSL() && context != null &&
>>> !context.isSecure()) {
>>>                   log.log(Level.SEVERE,
>>> LogStringsMessages.WSS_1601_**SSL_NOT_ENABLED());
>>>                   throw new
>>> XWSSecurityRuntimeException(**LogStringsMessages.WSS_1601_**
>>> SSL_NOT_ENABLED());
>>>               }
>>>           }
>>>
>>> ----
>>>
>>> I don't understand why context.isSecure() will return false .. all
>>> communication is made over HTTPS.
>>>
>>>
>>> Any insight into this issue would be helpful. Also is there a public
>>> repository of metro where i can download the source code.
>>>
>>> Thanks,
>>> Munaf
>>>
>>>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Glassfish v3 + Metro issue

munaf
In reply to this post by munaf
Pretty sure this is issue with Grizzly...

Grizzly Dev Team, My code changes highlighted in red, is that the issue??

@Override
    final public void service(Request req, Response res) throws Exception {   
       .. 
       ..
        GrizzlyRequest request = (GrizzlyRequest) req.getNote(ADAPTER_NOTES);
        GrizzlyResponse response = (GrizzlyResponse) res.getNote(ADAPTER_NOTES);
        
        if (request == null) {
            // Create objects
            request = new GrizzlyRequest();
            request.setRequest(req);
            response = new GrizzlyResponse(chunkingDisabled, false);
            response.setResponse(res);

            // Link objects
            request.setResponse(response);
            response.setRequest(request);

            // Set as notes
            req.setNote(ADAPTER_NOTES, request);
            res.setNote(ADAPTER_NOTES, response);
        }
//If req was HTTPS, request should be set as Secure.
if (! req.scheme().isNull()) {
             // use processor specified scheme to determine secure state
             request.setSecure(req.scheme().equals("https"));
         } 

On Mon, Oct 15, 2012 at 10:56 AM, Munaf Sahaf <[hidden email]> wrote:
Hello All,

I am running into an issue with Metro in Glassfish v3. I have a ejb which we exposed as secure web service (Message Authentication over SSL), works great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing following exception:

"com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled
 at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125)"

WS Policy used is TransportBinding + SignedSupportingTokens/usernametoken

The whole communication is over HTTPS but not sure why it say "incoming message was not SSL enabled".

com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.java
public void  [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap) throws PolicyViolationException {

        MessagePolicy actualPolicy = (MessagePolicy)ap;
        MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
        JAXBFilterProcessingContext context = null;
        if (ctx instanceof JAXBFilterProcessingContext) {
            context = (JAXBFilterProcessingContext)ctx;
        }
        //this code has been moved from SecurityRecipient.
        //because in the presence of alternatives this check has to be done
        //with a specific actualpolicy only.
        if (actualPolicy != null) {
            if (actualPolicy.isSSL() && context != null && !context.isSecure()) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
                throw new XWSSecurityRuntimeException(LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
            }
        }

----

I don't understand why context.isSecure() will return false .. all communication is made over HTTPS.


Any insight into this issue would be helpful. Also is there a public repository of metro where i can download the source code.

Thanks,
Munaf

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Glassfish v3 + Metro issue

munaf
Forgot to mention file name: com.sun.grizzly.tcp.http11.GrizzlyAdapter.java


On Mon, Dec 3, 2012 at 4:35 PM, Munaf Sahaf <[hidden email]> wrote:
Pretty sure this is issue with Grizzly...

Grizzly Dev Team, My code changes highlighted in red, is that the issue??

@Override
    final public void service(Request req, Response res) throws Exception {   
       .. 
       ..
        GrizzlyRequest request = (GrizzlyRequest) req.getNote(ADAPTER_NOTES);
        GrizzlyResponse response = (GrizzlyResponse) res.getNote(ADAPTER_NOTES);
        
        if (request == null) {
            // Create objects
            request = new GrizzlyRequest();
            request.setRequest(req);
            response = new GrizzlyResponse(chunkingDisabled, false);
            response.setResponse(res);

            // Link objects
            request.setResponse(response);
            response.setRequest(request);

            // Set as notes
            req.setNote(ADAPTER_NOTES, request);
            res.setNote(ADAPTER_NOTES, response);
        }
//If req was HTTPS, request should be set as Secure.
if (! req.scheme().isNull()) {
             // use processor specified scheme to determine secure state
             request.setSecure(req.scheme().equals("https"));
         } 

On Mon, Oct 15, 2012 at 10:56 AM, Munaf Sahaf <[hidden email]> wrote:
Hello All,

I am running into an issue with Metro in Glassfish v3. I have a ejb which we exposed as secure web service (Message Authentication over SSL), works great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing following exception:

"com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security Requirements not met - Transport binding configured in policy but incoming message was not SSL enabled
 at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125)"

WS Policy used is TransportBinding + SignedSupportingTokens/usernametoken

The whole communication is over HTTPS but not sure why it say "incoming message was not SSL enabled".

com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.java
public void  [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap) throws PolicyViolationException {

        MessagePolicy actualPolicy = (MessagePolicy)ap;
        MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
        JAXBFilterProcessingContext context = null;
        if (ctx instanceof JAXBFilterProcessingContext) {
            context = (JAXBFilterProcessingContext)ctx;
        }
        //this code has been moved from SecurityRecipient.
        //because in the presence of alternatives this check has to be done
        //with a specific actualpolicy only.
        if (actualPolicy != null) {
            if (actualPolicy.isSSL() && context != null && !context.isSecure()) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
                throw new XWSSecurityRuntimeException(LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
            }
        }

----

I don't understand why context.isSecure() will return false .. all communication is made over HTTPS.


Any insight into this issue would be helpful. Also is there a public repository of metro where i can download the source code.

Thanks,
Munaf


Loading...