3 Replies Latest reply on Jul 2, 2012 5:25 PM by metal.carratt

    dependencies for @WebContext in AS7?

    metal.carratt

      Hi I'm trying to enable ssl for web services between two applications.  In order to get this to work I'm trying to add the following annotation to my web service:

      @WebContext(transportGuarantee = "CONFIDENTIAL")

      However my eclipse cannot find 'webcontext' anywhere, and through searching on the internet I cannot find what jar or other thing I am supposed to include to enable this annotation either.  Can anyone help?

       

      I'm running AS 7.1 for the web service, I have JBoss tools installed in my eclipse, and my colleague (whose hosting the client) is running EAP 6 (which should essentially be the same as AS 7.1...).  I might be looking in the wrong direction here, but any help would be appreciated.

       

      Thanks.

        • 1. Re: dependencies for @WebContext in AS7?
          sfcoy

          Hi there,

           

          Using that annotation doesn't enable SSL for you. (I think all it does is ensure that it is being used). Have a look at AS 7.1 SSL setup guide.

          • 2. Re: dependencies for @WebContext in AS7?
            metal.carratt

            Hi Stephen,

             

            Thanks for your quick reply!  I think we've already set up ssl according to that guide.  However we are not sure what differences in configuration there should be between the client side and the web service side.  Currently I have my jboss standalone.xml configured like this:

             

                    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                        <ssl name="jboss" key-alias="172.17.152.145" password="password" certificate-key-file="c:\dev\gen\ssl_keystore\jboss.keystore" protocol="TLSv1"/>
                    </connector>

            with jboss.keystore being the Java keystore where I created the self-signed private/public key pair.

             

            I exported the certificate and gave it to my colleague, who now has it in his cacerts file, and I believe his standalone.xml looks something like this:

             

            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                            <ssl name="ssl" protocol="TLSv1" ca-certificate-file="c:\java\jdk1.7.0_05\jre\bin\security\cacerts"/>

            </connector>

             

            But ssl is not working!  (I'm unsure here.. am I also supposed to have his certificate and he his own keystore or can it work one way like this?)  I believe the error he received when trying to connect was a http error 400, but I need to confirm.  We were thinking the reason for the error was that it was not forcing ssl, that is it was starting off with https and then reverting back to http.  We believe the reason for that was that the generated wsdl has the following:

             

            <wsdl:service name="SecretCodeService">\

                 <wsdl:port binding="tns:SecretCodeServiceSoapBinding" name="SecretCodePort">

                      <soap:address location="http://172.17.152.145:8080/SecretCodeWS/SecretCode"/>

                 </wsdl:port>

            </wsdl:service>

             

            which is http and port 8080 instead of https and port 8443. (Regardless of whether I access the wsdl over http or https)

            So then, I was trying to enforce ssl by adding that transport guarantee = confidential line, but currently I am unable.

             

            Any thoughts on what we could be doing wrong?  (I should double check what the actual error was later when its possible)

             

            Thanks.

            • 3. Re: dependencies for @WebContext in AS7?
              metal.carratt

              Update: it is "working" now, in that there are no more errors, but still it is not using ssl (I can sniff the messages with wireshark and the soap is being sent over http and the contents are clearly visible to me).

               

              First, we are wondering, how can we force ssl to be used?  (I assume by setting transport guarantee to confidential, although I'm not sure how to do this and whether it needs to specified in xml or can be done through annotations).

               

              Second, if we permit a choice of ssl, how do we make the client choose ssl?  As I said above, the wsdl being generated has a port binding address location which is http not https, regardless of whether we get the wsdl over http or over https.  Furthermore, the client code uses the annotation:

              @WebServiceRef(wsdlLocation="https://172.17.152.145:8443/DisasterReporting/Reporter?wsdl")

              which is an ssl location, but ssl is not being used.