2 Replies Latest reply on Sep 12, 2005 11:57 AM by maikyal

    Secure Webservice under SSL

    maikyal
    maikyal Sep 2, 2005 11:20 AM

      I'm developing a web sevice and i would like to limit access only for https conections. My services is a JAX-RPC servlet and i can use it with a http connection (non ssl of course). How can i do to limit access throw a non secure connection

      • 3583 Views
      • Tags:
        • 1. Re: Secure Webservice under SSL
          anders.hedstrom
          anders.hedstrom Sep 5, 2005 6:58 AM (in response to maikyal)

          Secure it in your web.xml

          <security-constraint>
 <web-resource-collection>
 <web-resource-name>YourServletName</web-resource-name>
 <url-pattern>/your_pattern</url-pattern>
 <http-method>POST</http-method>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
</security-constraint>


          Create a certificate with keytool and enable the SSL in <jboss_home>/server/configuration/deploy/jbossweb-tomcat55.sar/server.xml 
          <Connector port="8443" address="${jboss.bind.address}"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="false"
 keystoreFile="${jboss.server.home.dir}/conf/your_certkeystore"
 keystorePass="passwd" sslProtocol = "TLS" />



          See:
          http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup
          http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossWS


          Cheers
          Anders

            • Actions
          • 2. Re: Secure Webservice under SSL
            maikyal
            maikyal Sep 12, 2005 11:57 AM (in response to maikyal)

            Thanks anders, i'm going to try it.

              • Actions