pleasure
asked on
Enable SSL and Non-SSL JBoss Application
hi all,
I have 2 different application running in JBoss 3.2.5 (says myApp1 and myApp2). I wish to enable SSL for myApp1 but not for myApp2. eg i probably may access myApp1 at https://localhost:8443/myApp1 and acceee myApp2 at http://localhost:8080/myApp2. Can I achieve this? if yes, can you please give me some guidance?
How about if i wanted to configure such that when user access to certain page only it's required SSL? can i do that as well??
please guide...thanks
I have 2 different application running in JBoss 3.2.5 (says myApp1 and myApp2). I wish to enable SSL for myApp1 but not for myApp2. eg i probably may access myApp1 at https://localhost:8443/myApp1 and acceee myApp2 at http://localhost:8080/myApp2. Can I achieve this? if yes, can you please give me some guidance?
How about if i wanted to configure such that when user access to certain page only it's required SSL? can i do that as well??
please guide...thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have seen here?
http://www.huihoo.com/jboss/online_manual/3.0/ch14s12.html
http://www.huihoo.com/jboss/online_manual/3.0/ch14s12.html
Copy Paste the segment after the element:
<welcome-file-list>
<welcome-file-list>
The link supplied by Giant2 is for configuring JBoss SSL. As I understand you have already SSL in place.
We instruct the container that all communication should be done using SSL by adding security-constraint with transport-guarantee set to CONFIDENTIAL.
In order to validate you web.xml (if you are not sure where to insert the element security-constraint) you can use NetBeans. Just right click the xml file and choose validate xml.
The setting CONFIDENTIAL means encryption+integrity check(HMAC on the content, but don't bother with that)
The setting INTEGRAL means onlu integrity check
The last setting is NONE (I suppouse you know what this is :-)))
The specified <url-pattern>/*</url-patte
We instruct the container that all communication should be done using SSL by adding security-constraint with transport-guarantee set to CONFIDENTIAL.
In order to validate you web.xml (if you are not sure where to insert the element security-constraint) you can use NetBeans. Just right click the xml file and choose validate xml.
The setting CONFIDENTIAL means encryption+integrity check(HMAC on the content, but don't bother with that)
The setting INTEGRAL means onlu integrity check
The last setting is NONE (I suppouse you know what this is :-)))
The specified <url-pattern>/*</url-patte
ASKER
ok guys,
basically what i understand is I should allow client to connect to my application via 8080 and 8443, but for specific pages, i can enforce that the pages must be accessed via SSL(which is via 8443). Which to do this, i can use the method suggested by msterjev. Am I understand correctly?
Actually, the initial intention i asked this is because i have developed a stateless session bean and I exposed it as a web services. What I wished to achieve is whenever user consumes the web services, they are required to use SSL. Can we specify any url pattern for session bean?? Am I doing the wrong way???
basically what i understand is I should allow client to connect to my application via 8080 and 8443, but for specific pages, i can enforce that the pages must be accessed via SSL(which is via 8443). Which to do this, i can use the method suggested by msterjev. Am I understand correctly?
Actually, the initial intention i asked this is because i have developed a stateless session bean and I exposed it as a web services. What I wished to achieve is whenever user consumes the web services, they are required to use SSL. Can we specify any url pattern for session bean?? Am I doing the wrong way???
Yes you understanded correctly. The web service has also URL so you can protect that way. I have not worked with web services on JBoss, but I suppouse that it is the same story as in the WebLogic.
Sure, they could be "protected".
ASKER
msterjev,
JBoss is using JBoss.Net to implement web services. When u need to consume a web services we need to specify the endpoint as http://localhost:8080/jboss-net/services/myService. As you might realize, it's actually pointing to the other web application. Therefore we need to change web.xml in jboss-net in stead of web.xml in my own application. It work fine by doing so.(This is actually another problem i need to search for solution - how to deploy a web service under my own application instead of jboss-net. So next time client will set their endpoint as http://localhost:8080/myApp/services/myService instead of http://localhost:8080/jboss-net/services/myService).
JBoss is using JBoss.Net to implement web services. When u need to consume a web services we need to specify the endpoint as http://localhost:8080/jboss-net/services/myService. As you might realize, it's actually pointing to the other web application. Therefore we need to change web.xml in jboss-net in stead of web.xml in my own application. It work fine by doing so.(This is actually another problem i need to search for solution - how to deploy a web service under my own application instead of jboss-net. So next time client will set their endpoint as http://localhost:8080/myApp/services/myService instead of http://localhost:8080/jboss-net/services/myService).
Thanks for the points. I think you problem is solved here. I don't think you can invoke web service directly from your application because your application does not have a framework for handling SOAP marshalling.
ASKER
you are welcome.
May be we need to do something in order to invoke the web service from my application. Perhaps by copying the neccesary jar file into my /WEB-INF/lib folder? Need to try, i will post this question later, perhpas someone already done this before..:p
May be we need to do something in order to invoke the web service from my application. Perhaps by copying the neccesary jar file into my /WEB-INF/lib folder? Need to try, i will post this question later, perhpas someone already done this before..:p
ASKER
just to share with u all, i managed to deploy the web services under my own application by copying necesary jar files into my own application and little modifications on web.xml. So now, client can consume my web service by pointing to
http://localhost:8080/myApp/services/myService instead of http://localhost:8080/jboss-net/services/myService.
But this cause another problem, as I already modified that SSL + Client authentication is required when client consuming my web services. Therefore, user is required to point to https://localhost:8443/myApp/services/myService, but the problem is the wsdl file generated is not connect. The wsdl end point is specified as https://localhost:8080/myApp/services/myService, which is not correct. I'm still on how to resolve this issue...:(
http://localhost:8080/myApp/services/myService instead of http://localhost:8080/jboss-net/services/myService.
But this cause another problem, as I already modified that SSL + Client authentication is required when client consuming my web services. Therefore, user is required to point to https://localhost:8443/myApp/services/myService, but the problem is the wsdl file generated is not connect. The wsdl end point is specified as https://localhost:8080/myApp/services/myService, which is not correct. I'm still on how to resolve this issue...:(
Lets conclude this. You can modify the endpoint wsdl by hand. But you don't need that.
Let's talk about client.
Assume client uses Axis, i.e. WSDL2Java to generate stub classes. The service class has two methods for getting the port (SOAP port): one with no URL (this is exctracted from the WSDL) and one with the URL specified. This way you can change among URL's without modifying client stub code. This is the same with the WebLogic generated stubs,Microsoft .NET stubs. If you use GLUE (by the way it is totally not compatible with the specification), you don't need stubs, just constructor with the WSDL file URL and that is all.
Thanks
Let's talk about client.
Assume client uses Axis, i.e. WSDL2Java to generate stub classes. The service class has two methods for getting the port (SOAP port): one with no URL (this is exctracted from the WSDL) and one with the URL specified. This way you can change among URL's without modifying client stub code. This is the same with the WebLogic generated stubs,Microsoft .NET stubs. If you use GLUE (by the way it is totally not compatible with the specification), you don't need stubs, just constructor with the WSDL file URL and that is all.
Thanks
ASKER
msterjev,
you are saying that the client need to explicitly specifies the url, am i rite??? but i think this is not quite good, because we need to inform the client that they need to use different url from the one specified in the wsdl. By right, the url should be transparent to the client. As long as they can get the wsdl, they should be allowed to consume the web service. Do u agree? :)
you are saying that the client need to explicitly specifies the url, am i rite??? but i think this is not quite good, because we need to inform the client that they need to use different url from the one specified in the wsdl. By right, the url should be transparent to the client. As long as they can get the wsdl, they should be allowed to consume the web service. Do u agree? :)
ASKER
First of all, thanks for the response.
Can you please explain a bit about your posting? or may be you can give me some url where i can read about this.
Thanks..:-)