dev@glassfish.java.net

Re: Glassfish v3 + Metro issue

From: Munaf Sahaf <munaf.sahaf_at_gmail.com>
Date: Tue, 16 Oct 2012 12:51:50 -0400

Thanks Lukas! svn :(

webservices-osgi.jar is this jar part of Metro?

--Munaf

On Mon, Oct 15, 2012 at 11:10 AM, Lukas Jungmann
<lukas.jungmann_at_oracle.com>wrote:

> Hi,
>
> I'm not sure about the issue you're seeing - leaving that for others
> but metro sources in svn repository at: https://svn.java.net/svn/wsit~**
> svn/trunk/wsit/ <https://svn.java.net/svn/wsit~svn/trunk/wsit/>
>
> --lukas
>
>
> On 15.10.2012 16:56, Munaf Sahaf wrote:
>
>> Hello All,
>>
>> I am running into an issue with Metro in Glassfish v3. I have a ejb which
>> we exposed as secure web service (Message Authentication over SSL), works
>> great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing
>> following exception:
>>
>> "com.sun.xml.wss.impl.**XWSSecurityRuntimeException: WSS1601: Security
>> Requirements not met - Transport binding configured in policy but incoming
>> message was not SSL enabled
>> at
>> com.sun.xml.wss.impl.policy.**verifier.**MessagePolicyVerifier.**
>> verifyPolicy(**MessagePolicyVerifier.java:**125)"
>>
>> WS Policy used is *TransportBinding + SignedSupportingTokens/**
>> usernametoken*
>>
>>
>> The whole communication is over HTTPS but not sure why it say "incoming
>> message was not SSL enabled".
>>
>> *com.sun.xml.wss.impl.policy.**verifier.**MessagePolicyVerifier.java*
>>
>> public void [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap)
>> throws PolicyViolationException {
>>
>> MessagePolicy actualPolicy = (MessagePolicy)ap;
>> MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
>> JAXBFilterProcessingContext context = null;
>> if (ctx instanceof JAXBFilterProcessingContext) {
>> context = (JAXBFilterProcessingContext)**ctx;
>> }
>> //this code has been moved from SecurityRecipient.
>> //because in the presence of alternatives this check has to be
>> done
>> //with a specific actualpolicy only.
>> if (actualPolicy != null) {
>> if (actualPolicy.isSSL() && context != null &&
>> !context.isSecure()) {
>> log.log(Level.SEVERE,
>> LogStringsMessages.WSS_1601_**SSL_NOT_ENABLED());
>> throw new
>> XWSSecurityRuntimeException(**LogStringsMessages.WSS_1601_**
>> SSL_NOT_ENABLED());
>> }
>> }
>>
>> ----
>>
>> I don't understand why context.isSecure() will return false .. all
>> communication is made over HTTPS.
>>
>>
>> Any insight into this issue would be helpful. Also is there a public
>> repository of metro where i can download the source code.
>>
>> Thanks,
>> Munaf
>>
>>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.