Our architecture is set up with three different web services. WS A is exposed to the world. WS B and WS C only talk to WS A. We use JBoss 5.1.0.GA.
In spite of this, we need to make WS A communicate with WS B and WS C using SSL because our security people want us to. I've raised the point that there's no reason to put SSL on communication between servers within the firewall, but that doesn't seem to matter. So I have a couple of questions:
In our development environments, WS A and WS B run in the same JBoss instance. Is it possible to configure them to use separate keystores/certficates/etc.? The instructions I've found here and elsewhere discuss configuring SSL within JBoss rather than configuring it per-webservice.
And it needs to be configured per-webservice, because although WS A and WS B run in the same JBoss instance in development, they will be in separate instances (likely on separate servers) in production.
For that matter, is there an easy way to set up a build environment so that WS A and WS B *don't* use SSL in development environments, but *do* use them in production environments? In other words, tweaking some configuration XML in production environments so SSL is enabled, but leaving that functionality turned off in development environments?