GeeCON Prague 2014*
The moose likes Web Services and the fly likes SSL and Web Service - Need a bit of help Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Web Services
Bookmark "SSL and Web Service - Need a bit of help" Watch "SSL and Web Service - Need a bit of help" New topic
Author

SSL and Web Service - Need a bit of help

Christopher Frankland
Ranch Hand

Joined: Jan 22, 2005
Posts: 42
Hi,

I have a simple web service that I deployed to my websphere application server and I have a quick question regarding SSL. My WAS instance has what is called a default "SSL configuration repertoire".

What do I need to add to my web service to force it be used over an SSL connection? I deployed the web service, but I am a little bit confused over how to get it to run with SSL. Also, what role does the <web-resource-name> play in the web.xml? Is it supposed to match up with anything?

Here is my web.xml for the web service:



Any help would be much appreciated.

Thanks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42038
    
  64
"web-resource-name" doesn't need to match anything - it's just informational.

If SSL is all set up for that server (certificate installed, port configured etc.), you could simply try to have the WS client use an "https:" URL instead of an "http:" (assuming that the default SSL port -443- is what you have SSL set up for).


Ping & DNS - my free Android networking tools app
Christopher Frankland
Ranch Hand

Joined: Jan 22, 2005
Posts: 42
Cheers Ulf. Is there anything else that needs to be added to the web service?

Also, am I correct in thinking that SSL and WS-Security are two different things altogether? I am a little unclear on the latter since I thought it was something that had to be hand coded into the web service? Or does WAS take care of that for me?

Thanks again.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42038
    
  64
Is there anything else that needs to be added to the web service?

No, SSL should work transparently to the WS.

am I correct in thinking that SSL and WS-Security are two different things altogether?

Yes. WS-Security provides authentication, encryption and signature services, but not based on HTTP approaches like Basic Authentication and SSL. If at all feasible I'd prefer WS-Security over the older approaches these days (and it should be feasible, as WS-Security is supported by all major SOAP stacks).

I am a little unclear on the latter since I thought it was something that had to be hand coded into the web service? Or does WAS take care of that for me?

WS-Security is generally configured (either using config files or through a GUI), not coded. How exactly depends on the SOAP stack you're using. I'm not sure what WAS can do in that area, but given that it costs serious bucks, I'd assume that it has a GUI for this.
Christopher Frankland
Ranch Hand

Joined: Jan 22, 2005
Posts: 42
Thanks Ulf. Off to do a bit of reading. One last question. Do I need to update the wsdl:address portion of my WSDL to point to HTTPS port 443?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42038
    
  64
It shouldn't be necessary. Just changing "http" to "https" should be sufficient.
 
GeeCON Prague 2014
 
subject: SSL and Web Service - Need a bit of help