5 Replies Latest reply on Sep 2, 2010 1:29 AM by mageshbk

EBWS endpoint, contract and WS endpoint publishing using SSL

baribal Aug 16, 2010 5:11 AM

I have red some material on this (ex. http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.0/html/Programmers_Guide/ch04s04.html) but couldn't find how to publish and use ESB Based Web Service through HTTPS. I have provided in, out, fault xml schemas for my EBWS and have got "http://127.0.0.1:8080/..." WS and ESB endpoint and contract published automatically. Is it possible to publish "https://127.0.0.1:8443/..." endpoint and contract automatically for EBWS? Or should I use HTTP Gateway and SOAPPROXY with "http://127.0.0.1:8080/..." endpointURL in order to get SSL access to my ESB Based Web Service? webservice_proxy_security quickstart shows how to access already published WS through ESB by HTTPS but I want to use publish_as_webservice quickstart approach in order to access EBWS by HTTPS. However in this quickstart is shown only how to publish EBWS and WS endpoint and contract by HTTP. Could you please help me?

1. Re: EBWS endpoint, contract and WS endpoint publishing using SSL

mageshbk Aug 18, 2010 12:44 AM (in response to baribal)

Hi Eugene,

When you publish the ESB service as a Webservice, it automatically binds to all available connector ports in that server. So to enable your service to use HTTPS port, you need to just enable the SSL/TLS Connector in server.xml as done by the webservice_proxy_security quickstart.

<!-- copy into jbossesb-server-4.x/server/default/deploy/jboss-web.deployer/server.xml -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
         maxThreads="150" scheme="https" secure="true"
         clientAuth="false" sslProtocol="TLS"
         keyAlias="webservice_proxy_security"
         keystoreFile="/jboss-5.1.0.GA-esb/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore"
         keystorePass="webservice_proxy_security_pass"
         truststoreFile="/jboss-5.1.0.GA-esb/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore"
         truststorePass="webservice_proxy_security_pass"
         />

2. Re: EBWS endpoint, contract and WS endpoint publishing using SSL

baribal Aug 18, 2010 8:44 AM (in response to mageshbk)

Well, nothing changed. I've enabled SSL here "...\server\production\deploy\jbossweb.sar\server.xml":


<Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
redirectPort="8443" />


<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="webservice_proxy_security"
keystoreFile="C:/jboss-soa-p.5.0.2/jboss-as/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore"
keystorePass="webservice_proxy_security_pass"
truststoreFile="C:/jboss-soa-p.5.0.2/jboss-as/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore"
truststorePass="webservice_proxy_security_pass"
/>

I've also put

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="webservice_proxy_security"
keystoreFile="C:/jboss-soa-p.5.0.2/jboss-as/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore"
keystorePass="webservice_proxy_security_pass"
truststoreFile="C:/jboss-soa-p.5.0.2/jboss-as/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore"
truststorePass="webservice_proxy_security_pass"
/>

into the ...\server\production\deployers\jbossweb.deployer\server.xml

I can open https://127.0.0.1:8443. After I had deployed publish_as_webservice quickstart I got in the JBossESB Service List:

HTTP
Endpoint: http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService
Contract: http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl

No mention about https. Also inside "...\server\production\data\wsdl\Quickstart_publish_as_webservice.esb\ESBServiceSample\HelloWorldPubService.wsdl" I have <soap:address location="http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService"/>

However I can open this endpoint and contract by using "https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService" and "https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl". Also I can change to <soap:address location="https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService"/> inside wsdl. But is it the right way? Should I change wsdl manually after EBWS publishing?
Actions
3. Re: EBWS endpoint, contract and WS endpoint publishing using SSL

mageshbk Aug 19, 2010 6:42 AM (in response to baribal)

> I've also put into the ...\server\production\deployers\jbossweb.deployer\server.xml

You don't have to do that. This file will not be used.

> No mention about https.

This is a known issue https://jira.jboss.org/browse/JBESB-3165

> Should I change wsdl manually after EBWS publishing?

When you access the contract using HTTPS, it automatically converts the endpoint address based on the request's host and port and protocol. Is it not happening?
Actions
4. Re: EBWS endpoint, contract and WS endpoint publishing using SSL

baribal Sep 1, 2010 5:33 AM (in response to mageshbk)
Magesh Bojan wrote:

> Should I change wsdl manually after EBWS publishing?

When you access the contract using HTTPS, it automatically converts the endpoint address based on the request's host and port and protocol. Is it not happening?
Well, it is not true. Let's proceed from the beginning:

1. I have enabled SSL in C:\jboss-soa-p.5.0.2\jboss-as\server\production\deploy\jbossweb.sar\server.xml:
 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keyAlias="webservice_proxy_security" keystoreFile="C:/jboss-soa-p.5.0.2/jboss-as/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore" keystorePass="webservice_proxy_security_pass" truststoreFile="C:/jboss-soa-p.5.0.2/jboss-as/samples/quickstarts/webservice_proxy_security/build/webservice_proxy_security.keystore" truststorePass="webservice_proxy_security_pass" />

     2. I have deployed publish_as_webservice quickstart and have got:

JBossWS/Services

Endpoint Name     jboss.ws:context=Quickstart_publish_as_webservice,endpoint=ESBServiceSample_HelloWorldPubService
Endpoint Address     http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService

JBoss ESB Service Deployments

ESBServiceSample:HelloWorldPubService
Hello world ESB Service

JMS
Endpoint: jms:localhost#queue/quickstart_publish_as_webservice_Request_esb
Contract: Unavailable

JMS
Endpoint: jms:127.0.0.1:1099#queue/quickstart_publish_as_webservice_Request_esb
Contract: Unavailable

HTTP
Endpoint: http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService
Contract: http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl

     3. I can open https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl and see there:

<wsdl:types> <xs:schema targetNamespace="http://www.jboss.org/sayHi" version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:include schemaLocation="https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl&resource=request.xsd"/> </xs:schema> <xs:schema targetNamespace="http://www.jboss.org/sayHi" version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:include schemaLocation="https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl&resource=response.xsd"/> </xs:schema> <xs:schema targetNamespace="http://www.jboss.org/sayHi" version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:include schemaLocation="https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl&resource=fault.xsd"/> </xs:schema> </wsdl:types>

Looks like all is ok, but:

<wsdl:service name="HelloWorldPubServiceService"> <wsdl:port binding="tns:HelloWorldPubServiceBinding" name="HelloWorldPubServicePortType"> <soap:address location="http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService"/> </wsdl:port> </wsdl:service>

That's not right. And if I test my service by doing request in soapUI I get:

INFO:Error getting response for [HelloWorldPubServiceBinding.HelloWorldPubServiceOp:Request 1]; java.net.ConnectException: Connection refused: connect

Because it uses http://127.0.0.1:8080/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService endpoint from https://127.0.0.1:8443/Quickstart_publish_as_webservice/ebws/ESBServiceSample/HelloWorldPubService?wsdl wsdl.

So what should I do? Thanks.
Actions
5. Re: EBWS endpoint, contract and WS endpoint publishing using SSL

mageshbk Sep 2, 2010 1:29 AM (in response to baribal)

Edit the file deployers/jbossws.deployer/META-INF/jboss-beans.xml and comment this line

<property name="webServiceHost">${jboss.bind.address}</property>

If 'webServiceHost' is not set, JBossWS uses requesters protocol host when rewriting the <soap:address>.
Actions

Go to original post