0 Replies Latest reply on Jan 17, 2017 6:08 AM by Radim Vansa

    Let webservice use SSL

    Radim Vansa Master

      Hello,

       

      with WF 8.2.1, I am trying to make existing webservice (JAX-WS) use SSL, but I haven't seen any use of SSL in quickstarts and the information I was able to google is limited. So far I've added this to web.xml:

       

      security-constraint>

        <display-name>Foo security</display-name>

        <web-resource-collection>

         <web-resource-name>FooService</web-resource-name>

         <url-pattern>/foo/FooService</url-pattern>

         <http-method>POST</http-method>

        </web-resource-collection>

        <user-data-constraint>

         <transport-guarantee>CONFIDENTIAL</transport-guarantee>

        </user-data-constraint>

      </security-constraint>

       

      and this is in my standalone.xml:

       

      <subsystem xmlns="urn:jboss:domain:webservices:1.2">

         <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>

         <endpoint-config name="Standard-Endpoint-Config"/>

         <endpoint-config name="Recording-Endpoint-Config">

         <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">

         <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>

         </pre-handler-chain>

         </endpoint-config>

         <client-config name="Standard-Client-Config"/>

      </subsystem>

       

      but apparently that's not enough; when I look into standalone/data/wsdl/foo.ear/foo.war/FooService/Bar.wsdl I see:

       

      <service name="FooService">

        <port binding="foowsb:FooBinding" name="FooBinding">

         <soap:address location="http://localhost:8080/foo/FooService"/>

        </port>

      </service>

       

      Note that in the EAR/WAR, the soap:address.location is filled just with a placeholder (I suppose that the value is ignored).

       

      I've found some info about setting up security realm, and creating the self-signed certificate using keytool (which I did), but I completely miss how this should be linked together.

       

      I've also tried to setup wsdl-uri-scheme but it seems this is supported only in later versions of CXF.

       

      Thanks a lot for your hints.

       

      ----------

      Crosspost: http://stackoverflow.com/questions/41694099/let-webservice-use-ssl