On 16.10.2012 18:51, Munaf Sahaf wrote:
> Thanks Lukas! svn :(
>
> webservices-osgi.jar is this jar part of Metro?
yes, this jar is produced by Metro. It's all-in-bundle consisting of
Metro, JAX-WS RI and some of their dependencies.
--lukas
>
> --Munaf
>
> On Mon, Oct 15, 2012 at 11:10 AM, Lukas Jungmann
> <lukas.jungmann_at_oracle.com>wrote:
>
>> Hi,
>>
>> I'm not sure about the issue you're seeing - leaving that for others
>> but metro sources in svn repository at: https://svn.java.net/svn/wsit~**
>> svn/trunk/wsit/ <https://svn.java.net/svn/wsit~svn/trunk/wsit/>
>>
>> --lukas
>>
>>
>> On 15.10.2012 16:56, Munaf Sahaf wrote:
>>
>>> Hello All,
>>>
>>> I am running into an issue with Metro in Glassfish v3. I have a ejb which
>>> we exposed as secure web service (Message Authentication over SSL), works
>>> great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing
>>> following exception:
>>>
>>> "com.sun.xml.wss.impl.**XWSSecurityRuntimeException: WSS1601: Security
>>> Requirements not met - Transport binding configured in policy but incoming
>>> message was not SSL enabled
>>> at
>>> com.sun.xml.wss.impl.policy.**verifier.**MessagePolicyVerifier.**
>>> verifyPolicy(**MessagePolicyVerifier.java:**125)"
>>>
>>> WS Policy used is *TransportBinding + SignedSupportingTokens/**
>>> usernametoken*
>>>
>>>
>>> The whole communication is over HTTPS but not sure why it say "incoming
>>> message was not SSL enabled".
>>>
>>> *com.sun.xml.wss.impl.policy.**verifier.**MessagePolicyVerifier.java*
>>>
>>> public void [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap)
>>> throws PolicyViolationException {
>>>
>>> MessagePolicy actualPolicy = (MessagePolicy)ap;
>>> MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
>>> JAXBFilterProcessingContext context = null;
>>> if (ctx instanceof JAXBFilterProcessingContext) {
>>> context = (JAXBFilterProcessingContext)**ctx;
>>> }
>>> //this code has been moved from SecurityRecipient.
>>> //because in the presence of alternatives this check has to be
>>> done
>>> //with a specific actualpolicy only.
>>> if (actualPolicy != null) {
>>> if (actualPolicy.isSSL() && context != null &&
>>> !context.isSecure()) {
>>> log.log(Level.SEVERE,
>>> LogStringsMessages.WSS_1601_**SSL_NOT_ENABLED());
>>> throw new
>>> XWSSecurityRuntimeException(**LogStringsMessages.WSS_1601_**
>>> SSL_NOT_ENABLED());
>>> }
>>> }
>>>
>>> ----
>>>
>>> I don't understand why context.isSecure() will return false .. all
>>> communication is made over HTTPS.
>>>
>>>
>>> Any insight into this issue would be helpful. Also is there a public
>>> repository of metro where i can download the source code.
>>>
>>> Thanks,
>>> Munaf
>>>
>>>
>