Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-24168

[QE](7.4.z) No security domain associated error when using WS-Security username authentication

XMLWordPrintable

    • False
    • None
    • False
    • +
    • Hide
      1. Extract the attached reproducer and copy the standalone.xml and jbosswss*.properties files into JBOSS_HOME/standalone/configuration.
      2. Build the reproducer: `mvn clean install`.
      3. Deploy the service war file.
      4. Run the client: `mvn exec:java -f client/pom.xml`
      5. Check the output and server log
      Show
      Extract the attached reproducer and copy the standalone.xml and jbosswss*.properties files into JBOSS_HOME/standalone/configuration. Build the reproducer: `mvn clean install`. Deploy the service war file. Run the client: `mvn exec:java -f client/pom.xml` Check the output and server log

      Invoking the following endpoint (full code in github)

      @WebService
              (
                      portName = "SecurityServicePort",
                      serviceName = "SecurityService",
                      wsdlLocation = "WEB-INF/wsdl/SecurityService.wsdl",
                      targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
                      endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.jaas.ServiceIface"
              )
      @EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
      @InInterceptors(interceptors = {
              "org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor",
              "org.jboss.test.ws.jaxws.samples.wsse.policy.jaas.POJOEndpointAuthorizationInterceptor"}
      )
      public class ServiceImpl implements ServiceIface {
          public String sayHello() {
              return "Secure Hello World!";
          }
      
          public String greetMe() {
              return "Greetings!";
          }
      }
      

      results in an error

      SOAPFaultException: JBWS024058: Failed Authentication : Invalid Subject
      

      accompanied by the following in the server log:

      ERROR [org.jboss.ws.cxf.security] (default task-1) JBWS024114: No security domain associated
      
      WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-1) Interceptor for {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService has thrown exception, unwinding now: java.lang.SecurityException: JBWS024058: Failed Authentication : Invalid Subject
      	at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.createSubject(SubjectCreatingPolicyInterceptor.java:137)
      	at org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor.handleMessage(SubjectCreatingPolicyInterceptor.java:106)
      	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
      	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
      	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
      	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:110)
      	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
      	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
      	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
      	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:523)
      	at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
      	at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
      	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
      	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      	at io.undertow.servlet.handlers.ServletChain.handleRequest(ServletChain.java:68)
      	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
      	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
      	at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access(ServletInitialHandler.java:79)
      	at io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:134)
      	at io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:131)
      	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction.call(ServletRequestContextThreadSetupAction.java:48)
      	at io.undertow.servlet.core.ContextClassLoaderSetupAction.call(ContextClassLoaderSetupAction.java:43)
      	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create(SecurityContextThreadSetupAction.java:105)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create(UndertowDeploymentInfoService.java:1555)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create(UndertowDeploymentInfoService.java:1555)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create(UndertowDeploymentInfoService.java:1555)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create(UndertowDeploymentInfoService.java:1555)
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access(ServletInitialHandler.java:79)
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:100)
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
      	at io.undertow.server.HttpServerExchange.run(HttpServerExchange.java:852)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
      	at org.xnio.XnioWorker$WorkerThreadFactory.run(XnioWorker.java:1282)
      	at java.lang.Thread.run(Thread.java:748)
      

      This is a regression against EAP 7.4.7.GA where the service is working as expected.

              rhn-support-ivassile Ilia Vassilev
              pmackay@redhat.com Peter Mackay
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: