Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Enable SSL and Non-SSL JBoss Application

Posted on 2004-09-14
14
Medium Priority
?
886 Views
Last Modified: 2012-06-27
hi all,
I have 2 different application running in JBoss 3.2.5 (says myApp1 and myApp2). I wish to enable SSL for myApp1 but not for myApp2. eg i probably may access myApp1 at https://localhost:8443/myApp1 and acceee myApp2 at http://localhost:8080/myApp2. Can I achieve this? if yes, can you please give me some guidance?

How about if i wanted to configure such that when user access to certain page only it's required SSL? can i do that as well??

please guide...thanks
0
Comment
Question by:pleasure
  • 6
  • 6
  • 2
14 Comments
 
LVL 3

Accepted Solution

by:
msterjev earned 600 total points
ID: 12054175
In the web.xml add something like this:

 <security-constraint>
    <display-name>SSL Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Resource Constraint</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

The key is the element:

<transport-guarantee>CONFIDENTIAL</transport-guarantee>
0
 

Author Comment

by:pleasure
ID: 12054296
hi mster jev,
First of all, thanks for the response.
Can you please explain a bit about your posting? or may be you can give me some url where i can read about this.

Thanks..:-)
0
 
LVL 12

Expert Comment

by:Giant2
ID: 12054354
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:msterjev
ID: 12054424
Copy Paste the segment after the element:

 <welcome-file-list>
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12054537
The link supplied by Giant2 is for configuring JBoss SSL. As I understand you have already SSL in place.

We instruct the container that all communication should be done using SSL by adding security-constraint with transport-guarantee set to CONFIDENTIAL.

In order to validate you web.xml (if you are not sure where to insert the element security-constraint) you can use NetBeans. Just right click the xml file and choose validate xml.

The setting CONFIDENTIAL means encryption+integrity check(HMAC on the content, but don't bother with that)
The setting INTEGRAL means onlu integrity check
The last setting is NONE (I suppouse you know what this is :-)))

The specified <url-pattern>/*</url-pattern> means that all application resources should be accessed thru SSL. If you don't want that you can specify specific url. This way you can specify sensitive parts of your application to be accessed thru SSL,but all the other stuff can be accessible without SSL protection.
0
 

Author Comment

by:pleasure
ID: 12054635
ok guys,
basically what i understand is I should allow client to connect to my application via 8080 and 8443, but for specific pages, i can enforce that the pages must be accessed via SSL(which is via 8443). Which to do this, i can use the method suggested by msterjev. Am I understand correctly?

Actually, the initial intention i asked this is because i have developed a stateless session bean and I exposed it as a web services. What I wished to achieve is whenever user consumes the web services, they are required to use SSL. Can we specify any url pattern for session bean?? Am I doing the wrong way???
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12054683
Yes you understanded correctly. The web service has also URL so you can protect that way. I have not worked with web services on JBoss, but I suppouse that it is the same story as in the WebLogic.
0
 
LVL 12

Expert Comment

by:Giant2
ID: 12054722
Sure, they could be "protected".
0
 

Author Comment

by:pleasure
ID: 12062175
msterjev,
JBoss is using JBoss.Net to implement web services. When u need to consume a web services we need to specify the endpoint as http://localhost:8080/jboss-net/services/myService. As you might realize, it's actually pointing to the other web application. Therefore we need to change web.xml in jboss-net in stead of web.xml in my own application. It work fine by doing so.(This is actually another problem i need to search for solution - how to deploy a web service under my own application instead of jboss-net. So next time client will set their endpoint as http://localhost:8080/myApp/services/myService instead of http://localhost:8080/jboss-net/services/myService).
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12063638
Thanks for the points. I think you problem is solved here. I don't think you can invoke web service directly from your application because your application does not have a framework for handling SOAP marshalling.
0
 

Author Comment

by:pleasure
ID: 12063750
you are welcome.
May be we need to do something in order to invoke the web service from my application. Perhaps by copying the neccesary jar file into my /WEB-INF/lib folder? Need to try, i will post this question later, perhpas someone already done this before..:p
0
 

Author Comment

by:pleasure
ID: 12071384
just to share with u all, i managed to deploy the web services under my own application by copying necesary jar files into my own application and little modifications on web.xml. So now, client can consume my web service by pointing to
http://localhost:8080/myApp/services/myService instead of  http://localhost:8080/jboss-net/services/myService.

But this cause another problem, as I already modified that SSL + Client authentication is required when client consuming my web services. Therefore, user is required to point to https://localhost:8443/myApp/services/myService, but the problem is the wsdl file generated is not connect. The wsdl end point is specified as  https://localhost:8080/myApp/services/myService, which is not correct. I'm still on how to resolve this issue...:(
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12072278
Lets conclude this. You can modify the endpoint wsdl by hand. But you don't need that.
Let's talk about client.
Assume client uses Axis, i.e. WSDL2Java to generate stub classes. The service class has two methods for getting the port (SOAP port): one with no URL (this is exctracted from the WSDL) and one with the URL specified. This way you can change among URL's without modifying client stub code. This is the same with the WebLogic generated stubs,Microsoft .NET stubs. If you use GLUE (by the way it is totally not compatible with the specification), you don't need stubs, just constructor with the WSDL file URL and that is all.

Thanks
0
 

Author Comment

by:pleasure
ID: 12072896
msterjev,
you are saying that the client need to explicitly specifies the url, am i rite??? but i think this is not quite good, because we need to inform the client that they need to use different url from the one specified in the wsdl. By right, the url should be transparent to the client. As long as they can get the wsdl, they should be allowed to consume the web service. Do u agree? :)
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question