Web services are client and server applications that communicate over the World Wide Web's (WWW) HyperText Transfer Protocol (HTTP) .
It is good practice to keep a web service endpoint secure. This article is going to show you how to secure a web service endpoint with Secure Sockets Layer (SSL).
This is a good reference to checkout when setting up SSL in tomcat6.
Steps:
Make sure JAVA_HOME and CATALINA_HOME is configured/setup in your environment.
JAVA_HOME has a utility called the keytool that would help generate an SSL certificate. We would be using this tool.
Type in the following command into the console in your home directory all on one line :
JAVA_HOME\bin\keytool -genkey -alias extendit.us -keypass xitadmin -keystore extendit.bin -storepass xitadmin
What is your first and last name?
[Unknown]: uw
What is the name of your organizational unit?
[Unknown]: uw
What is the name of your organization?
[Unknown]: uw
What is the name of your City or Locality?
[Unknown]: austin
What is the name of your State or Province?
[Unknown]: tx
What is the two-letter country code for this unit?
[Unknown]: us
Is CN=uw, OU=uw, O=uw, L=austin, ST=tx, C=us correct?
[no]: yes
Answer the questions according to your situation.
The extendit.bin file will be created in your home directory or the directory in which you ran the command in.
The next thing on the list would be to setup tomact6 to know how to locate the file and use SSL.
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration,
when using APR, the connector should be
using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxThreads="150"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${user.home}/extendit.bin"
keystorePass="xitadmin" />
This enables tomcat to listen for https request on port 8443.
When you try to request the url https://localhost:8443/ after you start tomcat, the browser will require that you add the certification to your list of acceptable certs.
Accept the cert and tomcat is now configured to use SSL.
The next step is to test out a JAXWS endpoint using SSL. We will test a simple IHelloService endpoint. Create the interface below;
package us.extendit.ws;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService
public interface IHelloService {
@WebMethod
public String say();
}
Create the implementation below;
package us.extendit.ws;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService
public class HelloServiceImpl implements IHelloService{
@Override
@WebMethod
public String say() {
return "Hello End point";
}
}
The next step would be to configure the JAXWS servlet(WSServletContextListener) to listen to the endpoint.
This needs to be done in the web.xml file and the sun-jaxws.xml file. web.xml
<web-app>
<display-name>Archetype Created Web Application</display-name>
<!--Web Service Servlet Mapping -->
<listener>
<listener-class>
com.sun.xml.ws.transport.http.servlet.WSServletContextListener
</listener-class>
</listener>
<servlet>
<servlet-name>hello</servlet-name>
<servlet-class>
com.sun.xml.ws.transport.http.servlet.WSServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>hello</servlet-name>
<url-pattern>/hello</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>trackr</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
sun-jaxws.xml
<?xml version="1.0" encoding="UTF-8"?>
<endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime" version="2.0">
<endpoint
name="hello"
implementation="us.extendit.ws.HelloServiceImpl"
url-pattern="/hello">
</endpoint>
</endpoints>
After these files are placed under the WEB-INF folder, deploy your app to tomcat and start the server.
Tomcat should have already been configured with metro for this to work properly.
Next you can test your SSL secured application by using this URL https://host-name:8443/app-name/hello?wsdl.
Your application is now using SSL to respond to request.