users@glassfish.java.net

Reproducible Security error using EJB3.0 Tech Tip

From: <glassfish_at_javadesktop.org>
Date: Fri, 09 Mar 2007 13:17:55 PST

Hi.

I had a previous post about this, but now have confirmed my error using EJB 3.0 Tech Tip, rather than my own code. It appears that there is an issue with the auth-recipient attribute when specifying message-security-binding.

Steps to follow to reproduce:
1) Retrieve EJB 3.0 Tech Tip sample and get running http://java.sun.com/developer/EJTechTips/2006/tt0327.html#1.

2) Setup Client and Server security to be request policy of auth-source="content" and auth-recipient="after-content".
Note: Ensure client keystores are set, -Djava.protocol.handler.pkgs=javax.net.ssl -Djavax.net.ssl.keyStore=/opt/server/glassfish/domains/domain1/config/keystore.jks -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=/opt/server/glassfish/domains/domain1/config/cacerts.jks

3) Ensure that the sample still runs as expected.

4) Now deploy app with sun-ejb-xml.jar by creating etc directory and then creating a sun-ejb-jar.xml file there containing:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<sun-ejb-jar>
  <enterprise-beans>
    <ejb>
      <ejb-name>Calculator</ejb-name>
      <webservice-endpoint>
        <port-component-name>Calculator</port-component-name>

        <message-security-binding auth-layer="SOAP" provider-id="ServerProvider">
          <message-security>
            <request-protection auth-source="content" auth-recipient="after-content" />
            <response-protection auth-source=""/>
          </message-security>
        </message-security-binding>

      </webservice-endpoint>
    </ejb>
   </enterprise-beans>
</sun-ejb-jar>

In addition, include after line 102 of the build.xml to include the following line when building app jar:
<metainf dir="etc" includes="*.xml"/>

This will jar the descriptor into the application jar.

5) When running ant build deploy, the web service is deployed, and the generated sun-ejb-jar.xml file contains the info above. The only different with the generated descriptor and sun-ejb-jar.xml file deployed with package is:
<message-security-binding auth-layer="SOAP" provider-id="ServerProvider">
<message-security>
<request-protection auth-recipient="after-content" auth-source="content"/>
<response-protection/>
</message-security>
</message-security-binding>

6) Running the code now produces a SOAP exception:

[#|2007-03-09T13:41:20.832-0700|SEVERE|sun-appserver-pe9.0|javax.enterprise.resource.webservices.jaxws.server.
soapmd|_ThreadID=16;_ThreadName=httpWorkerThread-8080-0;_RequestID=8b67fc77-22b9-41
fc-84dc-618e5ba213db;|Error in decoding SOAP Message
Error in decoding SOAP Message
        at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:89)
        at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.toMessageInfo(SOAPMessageDispatcher.java:187)
        at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher$SoapInvoker.invoke(SOAPMessageDispatcher.java:571)
        at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:145)
        at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
        at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:160)
        at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:89)
        at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:178)
        at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:109)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:100)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
        at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
        at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
        at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
        at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
        at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
        at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
        at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
        at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
        at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
        at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
Caused by: javax.xml.ws.soap.SOAPFaultException: Cannot find the dispatch method
        at com.sun.xml.ws.encoding.soap.SOAPDecoder.raiseFault(SOAPDecoder.java:674)
        at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.decodeDispatchMethod(SOAPXMLDecoder.java:152)
        at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBodyContent(SOAPDecoder.java:337)
        at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBody(SOAPDecoder.java:327)
        at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeEnvelope(SOAPDecoder.java:250)
        at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:81)
        ... 29 more
  

Questions:
Should this work?
If yes, why the error?
If no, is it because there needs to be something more in the webservices.xml, the generated sun-ejb-jar.xml file is bad? Something else?

Not sure where to go from here. It appears that everything should work as I outlined. Could there be a bug? I tried to minimize the steps to reproduce as much as possible and isolate to glassfish and it supporting jars.
[Message sent by forum member 'fefland' (fefland)]

http://forums.java.net/jive/thread.jspa?messageID=207180
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.