Solved

Enable SSL and Non-SSL JBoss Application

Posted on 2004-09-14
14
868 Views
Last Modified: 2012-06-27
hi all,
I have 2 different application running in JBoss 3.2.5 (says myApp1 and myApp2). I wish to enable SSL for myApp1 but not for myApp2. eg i probably may access myApp1 at https://localhost:8443/myApp1 and acceee myApp2 at http://localhost:8080/myApp2. Can I achieve this? if yes, can you please give me some guidance?

How about if i wanted to configure such that when user access to certain page only it's required SSL? can i do that as well??

please guide...thanks
0
Comment
Question by:pleasure
  • 6
  • 6
  • 2
14 Comments
 
LVL 3

Accepted Solution

by:
msterjev earned 200 total points
ID: 12054175
In the web.xml add something like this:

 <security-constraint>
    <display-name>SSL Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Resource Constraint</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

The key is the element:

<transport-guarantee>CONFIDENTIAL</transport-guarantee>
0
 

Author Comment

by:pleasure
ID: 12054296
hi mster jev,
First of all, thanks for the response.
Can you please explain a bit about your posting? or may be you can give me some url where i can read about this.

Thanks..:-)
0
 
LVL 12

Expert Comment

by:Giant2
ID: 12054354
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 3

Expert Comment

by:msterjev
ID: 12054424
Copy Paste the segment after the element:

 <welcome-file-list>
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12054537
The link supplied by Giant2 is for configuring JBoss SSL. As I understand you have already SSL in place.

We instruct the container that all communication should be done using SSL by adding security-constraint with transport-guarantee set to CONFIDENTIAL.

In order to validate you web.xml (if you are not sure where to insert the element security-constraint) you can use NetBeans. Just right click the xml file and choose validate xml.

The setting CONFIDENTIAL means encryption+integrity check(HMAC on the content, but don't bother with that)
The setting INTEGRAL means onlu integrity check
The last setting is NONE (I suppouse you know what this is :-)))

The specified <url-pattern>/*</url-pattern> means that all application resources should be accessed thru SSL. If you don't want that you can specify specific url. This way you can specify sensitive parts of your application to be accessed thru SSL,but all the other stuff can be accessible without SSL protection.
0
 

Author Comment

by:pleasure
ID: 12054635
ok guys,
basically what i understand is I should allow client to connect to my application via 8080 and 8443, but for specific pages, i can enforce that the pages must be accessed via SSL(which is via 8443). Which to do this, i can use the method suggested by msterjev. Am I understand correctly?

Actually, the initial intention i asked this is because i have developed a stateless session bean and I exposed it as a web services. What I wished to achieve is whenever user consumes the web services, they are required to use SSL. Can we specify any url pattern for session bean?? Am I doing the wrong way???
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12054683
Yes you understanded correctly. The web service has also URL so you can protect that way. I have not worked with web services on JBoss, but I suppouse that it is the same story as in the WebLogic.
0
 
LVL 12

Expert Comment

by:Giant2
ID: 12054722
Sure, they could be "protected".
0
 

Author Comment

by:pleasure
ID: 12062175
msterjev,
JBoss is using JBoss.Net to implement web services. When u need to consume a web services we need to specify the endpoint as http://localhost:8080/jboss-net/services/myService. As you might realize, it's actually pointing to the other web application. Therefore we need to change web.xml in jboss-net in stead of web.xml in my own application. It work fine by doing so.(This is actually another problem i need to search for solution - how to deploy a web service under my own application instead of jboss-net. So next time client will set their endpoint as http://localhost:8080/myApp/services/myService instead of http://localhost:8080/jboss-net/services/myService).
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12063638
Thanks for the points. I think you problem is solved here. I don't think you can invoke web service directly from your application because your application does not have a framework for handling SOAP marshalling.
0
 

Author Comment

by:pleasure
ID: 12063750
you are welcome.
May be we need to do something in order to invoke the web service from my application. Perhaps by copying the neccesary jar file into my /WEB-INF/lib folder? Need to try, i will post this question later, perhpas someone already done this before..:p
0
 

Author Comment

by:pleasure
ID: 12071384
just to share with u all, i managed to deploy the web services under my own application by copying necesary jar files into my own application and little modifications on web.xml. So now, client can consume my web service by pointing to
http://localhost:8080/myApp/services/myService instead of  http://localhost:8080/jboss-net/services/myService.

But this cause another problem, as I already modified that SSL + Client authentication is required when client consuming my web services. Therefore, user is required to point to https://localhost:8443/myApp/services/myService, but the problem is the wsdl file generated is not connect. The wsdl end point is specified as  https://localhost:8080/myApp/services/myService, which is not correct. I'm still on how to resolve this issue...:(
0
 
LVL 3

Expert Comment

by:msterjev
ID: 12072278
Lets conclude this. You can modify the endpoint wsdl by hand. But you don't need that.
Let's talk about client.
Assume client uses Axis, i.e. WSDL2Java to generate stub classes. The service class has two methods for getting the port (SOAP port): one with no URL (this is exctracted from the WSDL) and one with the URL specified. This way you can change among URL's without modifying client stub code. This is the same with the WebLogic generated stubs,Microsoft .NET stubs. If you use GLUE (by the way it is totally not compatible with the specification), you don't need stubs, just constructor with the WSDL file URL and that is all.

Thanks
0
 

Author Comment

by:pleasure
ID: 12072896
msterjev,
you are saying that the client need to explicitly specifies the url, am i rite??? but i think this is not quite good, because we need to inform the client that they need to use different url from the one specified in the wsdl. By right, the url should be transparent to the client. As long as they can get the wsdl, they should be allowed to consume the web service. Do u agree? :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Protect jar file - windows app 2 65
Arrays.asList  VS  ArrayList 4 71
Eclipse Java import and method not resolved 4 47
hashmap order 17 36
By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question