my tech blog: True ssl web service on jboss 4.2.x

Do you think that your web service responde really over https port?

Setting https connector on jboss ( https jboss configuration ) is not really enougth , this is only the first configuration step.

Infact you may check if your web service endpoint is exposed in http or in https from jboss ws console.

You may see a tipical web service miss-configuration in picture below which refers to jboss with https connector enabled but without any specific configuration over web service iteself (web service was created by @wsdl annotation).

You may notice that jboss exposes wsdl file over an https url, but wsdl endpoint is an http path .

To fix this miss configuration issue you have to do two extra operations:

1- Provide a web.xml file containing security constraints as follows:

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">

<servlet-name>ResiIFWSImpl</servlet-name>

<servlet-class>resiIf.impl.ResiIFWSImpl</servlet-class>

</servlet>

<servlet-mapping>

<servlet-name>ResiIFWSImpl</servlet-name>

<url-pattern>/ResiIFWSImpl</url-pattern>

</servlet-mapping>

<security-constraint>

<web-resource-collection>

<web-resource-name>All resources</web-resource-name>

<url-pattern>/ResiIFWSImpl</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

</web-app>

2- Modify jboss-beans.xml file under $jboss_home\server\default\deploy\jbossws.sar\jbossws.beans\META-INF

As follows:

<property name="webServiceHost">${jboss.bind.address}</property>

<property name="webServiceSecurePort">8443</property>

my tech blog

domenica 1 aprile 2012

True ssl web service on jboss 4.2.x

Nessun commento:

Posta un commento