Pretty sure this is issue with Grizzly...
Grizzly Dev Team, My code changes highlighted in red, is that the issue??
@Override
final public void service(Request req, Response res) throws Exception {
..
..
GrizzlyRequest request = (GrizzlyRequest) req.getNote(ADAPTER_NOTES);
GrizzlyResponse response = (GrizzlyResponse) res.getNote(ADAPTER_NOTES);
if (request == null) {
// Create objects
request = new GrizzlyRequest();
request.setRequest(req);
response = new GrizzlyResponse(chunkingDisabled, false);
response.setResponse(res);
// Link objects
request.setResponse(response);
response.setRequest(request);
// Set as notes
req.setNote(ADAPTER_NOTES, request);
res.setNote(ADAPTER_NOTES, response);
}
//If req was HTTPS, request should be set as Secure.
if (! req.scheme().isNull()) {
// use processor specified scheme to determine secure state
request.setSecure(req.scheme().equals("https"));
}
On Mon, Oct 15, 2012 at 10:56 AM, Munaf Sahaf <munaf.sahaf_at_gmail.com> wrote:
> Hello All,
>
> I am running into an issue with Metro in Glassfish v3. I have a ejb which
> we exposed as secure web service (Message Authentication over SSL), works
> great in Glassfish v2 but when we deploy on Glassfish v3 it is throwing
> following exception:
>
> "com.sun.xml.wss.impl.XWSSecurityRuntimeException: WSS1601: Security
> Requirements not met - Transport binding configured in policy but incoming
> message was not SSL enabled
> at
> com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(MessagePolicyVerifier.java:125)"
>
> WS Policy used is *TransportBinding + SignedSupportingTokens/usernametoken
> *
>
> The whole communication is over HTTPS but not sure why it say "incoming
> message was not SSL enabled".
>
> *com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.java*
> public void [More ...] verifyPolicy(SecurityPolicy ip, SecurityPolicy ap)
> throws PolicyViolationException {
>
> MessagePolicy actualPolicy = (MessagePolicy)ap;
> MessagePolicy inferredSecurityPolicy = (MessagePolicy)ip;
> JAXBFilterProcessingContext context = null;
> if (ctx instanceof JAXBFilterProcessingContext) {
> context = (JAXBFilterProcessingContext)ctx;
> }
> //this code has been moved from SecurityRecipient.
> //because in the presence of alternatives this check has to be done
> //with a specific actualpolicy only.
> if (actualPolicy != null) {
> if (actualPolicy.isSSL() && context != null &&
> !context.isSecure()) {
> log.log(Level.SEVERE,
> LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
> throw new
> XWSSecurityRuntimeException(LogStringsMessages.WSS_1601_SSL_NOT_ENABLED());
> }
> }
>
> ----
>
> I don't understand why context.isSecure() will return false .. all
> communication is made over HTTPS.
>
>
> Any insight into this issue would be helpful. Also is there a public
> repository of metro where i can download the source code.
>
> Thanks,
> Munaf
>