Hello All,
I am running into an issue with Metro in Glassfish v3. I have a ejb which
we exposed as secure web service (Message Authentication over SSL), works
great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing
following exception:
"com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security
Requirements not met - Transport binding configured in policy but incoming
message was not SSL enabled
at
com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125)"
WS Policy used is *TransportBinding + SignedSupportingTokens/usernametoken*
The whole communication is over HTTPS but not sure why it say "incoming
message was not SSL enabled".
*com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.java*
public void [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap)
throws PolicyViolationException {
MessagePolicy actualPolicy = (MessagePolicy)ap;
MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
JAXBFilterProcessingContext context = null;
if (ctx instanceof JAXBFilterProcessingContext) {
context = (JAXBFilterProcessingContext)ctx;
}
//this code has been moved from SecurityRecipient.
//because in the presence of alternatives this check has to be done
//with a specific actualpolicy only.
if (actualPolicy != null) {
if (actualPolicy.isSSL() && context != null &&
!context.isSecure()) {
log.log(Level.SEVERE,
LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
throw new
XWSSecurityRuntimeException(LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
}
}
----
I don't understand why context.isSecure() will return false .. all
communication is made over HTTPS.
Any insight into this issue would be helpful. Also is there a public
repository of metro where i can download the source code.
Thanks,
Munaf