Solved

Enable SSL and Non-SSL JBoss Application

Posted on 2004-09-14
14
861 Views
Last Modified: 2012-06-27
hi all,
I have 2 different application running in JBoss 3.2.5 (says myApp1 and myApp2). I wish to enable SSL for myApp1 but not for myApp2. eg i probably may access myApp1 at https://localhost:8443/myApp1 and acceee myApp2 at http://localhost:8080/myApp2. Can I achieve this? if yes, can you please give me some guidance?

How about if i wanted to configure such that when user access to certain page only it's required SSL? can i do that as well??

please guide...thanks
0
Comment
Question by:pleasure
  • 6
  • 6
  • 2
14 Comments
 
LVL 3

Accepted Solution

by:
msterjev earned 200 total points
Comment Utility
In the web.xml add something like this:

 <security-constraint>
    <display-name>SSL Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Resource Constraint</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

The key is the element:

<transport-guarantee>CONFIDENTIAL</transport-guarantee>
0
 

Author Comment

by:pleasure
Comment Utility
hi mster jev,
First of all, thanks for the response.
Can you please explain a bit about your posting? or may be you can give me some url where i can read about this.

Thanks..:-)
0
 
LVL 12

Expert Comment

by:Giant2
Comment Utility
0
 
LVL 3

Expert Comment

by:msterjev
Comment Utility
Copy Paste the segment after the element:

 <welcome-file-list>
0
 
LVL 3

Expert Comment

by:msterjev
Comment Utility
The link supplied by Giant2 is for configuring JBoss SSL. As I understand you have already SSL in place.

We instruct the container that all communication should be done using SSL by adding security-constraint with transport-guarantee set to CONFIDENTIAL.

In order to validate you web.xml (if you are not sure where to insert the element security-constraint) you can use NetBeans. Just right click the xml file and choose validate xml.

The setting CONFIDENTIAL means encryption+integrity check(HMAC on the content, but don't bother with that)
The setting INTEGRAL means onlu integrity check
The last setting is NONE (I suppouse you know what this is :-)))

The specified <url-pattern>/*</url-pattern> means that all application resources should be accessed thru SSL. If you don't want that you can specify specific url. This way you can specify sensitive parts of your application to be accessed thru SSL,but all the other stuff can be accessible without SSL protection.
0
 

Author Comment

by:pleasure
Comment Utility
ok guys,
basically what i understand is I should allow client to connect to my application via 8080 and 8443, but for specific pages, i can enforce that the pages must be accessed via SSL(which is via 8443). Which to do this, i can use the method suggested by msterjev. Am I understand correctly?

Actually, the initial intention i asked this is because i have developed a stateless session bean and I exposed it as a web services. What I wished to achieve is whenever user consumes the web services, they are required to use SSL. Can we specify any url pattern for session bean?? Am I doing the wrong way???
0
 
LVL 3

Expert Comment

by:msterjev
Comment Utility
Yes you understanded correctly. The web service has also URL so you can protect that way. I have not worked with web services on JBoss, but I suppouse that it is the same story as in the WebLogic.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 12

Expert Comment

by:Giant2
Comment Utility
Sure, they could be "protected".
0
 

Author Comment

by:pleasure
Comment Utility
msterjev,
JBoss is using JBoss.Net to implement web services. When u need to consume a web services we need to specify the endpoint as http://localhost:8080/jboss-net/services/myService. As you might realize, it's actually pointing to the other web application. Therefore we need to change web.xml in jboss-net in stead of web.xml in my own application. It work fine by doing so.(This is actually another problem i need to search for solution - how to deploy a web service under my own application instead of jboss-net. So next time client will set their endpoint as http://localhost:8080/myApp/services/myService instead of http://localhost:8080/jboss-net/services/myService).
0
 
LVL 3

Expert Comment

by:msterjev
Comment Utility
Thanks for the points. I think you problem is solved here. I don't think you can invoke web service directly from your application because your application does not have a framework for handling SOAP marshalling.
0
 

Author Comment

by:pleasure
Comment Utility
you are welcome.
May be we need to do something in order to invoke the web service from my application. Perhaps by copying the neccesary jar file into my /WEB-INF/lib folder? Need to try, i will post this question later, perhpas someone already done this before..:p
0
 

Author Comment

by:pleasure
Comment Utility
just to share with u all, i managed to deploy the web services under my own application by copying necesary jar files into my own application and little modifications on web.xml. So now, client can consume my web service by pointing to
http://localhost:8080/myApp/services/myService instead of  http://localhost:8080/jboss-net/services/myService.

But this cause another problem, as I already modified that SSL + Client authentication is required when client consuming my web services. Therefore, user is required to point to https://localhost:8443/myApp/services/myService, but the problem is the wsdl file generated is not connect. The wsdl end point is specified as  https://localhost:8080/myApp/services/myService, which is not correct. I'm still on how to resolve this issue...:(
0
 
LVL 3

Expert Comment

by:msterjev
Comment Utility
Lets conclude this. You can modify the endpoint wsdl by hand. But you don't need that.
Let's talk about client.
Assume client uses Axis, i.e. WSDL2Java to generate stub classes. The service class has two methods for getting the port (SOAP port): one with no URL (this is exctracted from the WSDL) and one with the URL specified. This way you can change among URL's without modifying client stub code. This is the same with the WebLogic generated stubs,Microsoft .NET stubs. If you use GLUE (by the way it is totally not compatible with the specification), you don't need stubs, just constructor with the WSDL file URL and that is all.

Thanks
0
 

Author Comment

by:pleasure
Comment Utility
msterjev,
you are saying that the client need to explicitly specifies the url, am i rite??? but i think this is not quite good, because we need to inform the client that they need to use different url from the one specified in the wsdl. By right, the url should be transparent to the client. As long as they can get the wsdl, they should be allowed to consume the web service. Do u agree? :)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

An old method to applying the Singleton pattern in your Java code is to check if a static instance, defined in the same class that needs to be instantiated once and only once, is null and then create a new instance; otherwise, the pre-existing insta…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now