Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Web Tools Project (WTP) » Web Services over SSL with Eclipse WTP
Web Services over SSL with Eclipse WTP [message #200863] Mon, 01 October 2007 17:32 Go to next message
Eclipse User
Originally posted by: nicofarr.gmx.de

Hi,

I've developed a web service with Java, Eclipse, Web Tools Platform,
Axis and Tomcat. Everything works fine but now I want to use SSL. I
created a certificate using keytools, I changed the Tomcat config file
and wrote a connector for SSL with the keystore password. Finally I
selected "Enable Security" in the launch settings in Eclipse. I
received some error messages concerning permissions and I granted
these permissions in the java.policy file.

Now there are no further error messages when I try to deploy my Web
Service with enabled security. The problem is that Eclipse creates
Test Client and Server just using the http-port 8060 instead of https-
port 8443. I have the TCP/IP monitor on and of course I see only
unencrypted SOAP-messages...

How can I say Eclipse it should use the SSL connector...? Why does it
not work with the checkbox Enable Security? When I delete the normal
HTTP-Connector in the Tomcat config file I get an error from Eclipse
"URL not found" or so...

Does anybody have an idea?

Many thanks in advance

Regards,
Nico
Re: Web Services over SSL with Eclipse WTP [message #200888 is a reply to message #200863] Mon, 01 October 2007 18:51 Go to previous messageGo to next message
Larry Isaacs is currently offline Larry Isaacs
Messages: 1305
Registered: July 2009
Senior Member
With respect to the Tomcat server, the "Enable Security" check box only
adds "-Djava.security.manager" and "-Djava.security.policy=<path to
catalina.policy>" to the launch configuration to enable Java security.
It has nothing to do with SSL. Perhaps the option should be called
"Enable Java Security" to avoid this confusion.

Also, when a command like "Run on Server" asks the Tomcat server for its
base URL, it currently returns a URL for the first HTTP connector found
in the server configuration. On the to-do list for WTP 3.0 is to
provide a way to choose which connector among multiple connectors should
be used for this URL.

I believe if you add a security-constraint to your webapp with a
transport-guarantee of CONFIDENTIAL, Tomcat should forward HTTP requests
to the configured redirectPort. I don't know if this will help in your
circumstance. Otherwise, you may have to manually enter the "https" if
you want to use SSL.

Cheers,
Larry

Nico Farr wrote:
> Hi,
>
> I've developed a web service with Java, Eclipse, Web Tools Platform,
> Axis and Tomcat. Everything works fine but now I want to use SSL. I
> created a certificate using keytools, I changed the Tomcat config file
> and wrote a connector for SSL with the keystore password. Finally I
> selected "Enable Security" in the launch settings in Eclipse. I
> received some error messages concerning permissions and I granted
> these permissions in the java.policy file.
>
> Now there are no further error messages when I try to deploy my Web
> Service with enabled security. The problem is that Eclipse creates
> Test Client and Server just using the http-port 8060 instead of https-
> port 8443. I have the TCP/IP monitor on and of course I see only
> unencrypted SOAP-messages...
>
> How can I say Eclipse it should use the SSL connector...? Why does it
> not work with the checkbox Enable Security? When I delete the normal
> HTTP-Connector in the Tomcat config file I get an error from Eclipse
> "URL not found" or so...
>
> Does anybody have an idea?
>
> Many thanks in advance
>
> Regards,
> Nico
>
Re: Web Services over SSL with Eclipse WTP [message #200913 is a reply to message #200888] Mon, 01 October 2007 19:26 Go to previous messageGo to next message
Eclipse User
Originally posted by: nicofarr.gmx.de

Thank you very much for the answer.

Even when I put the connector before the non ssl connector it doesn't
work. At least I know now what "Enable Security" means.

Do you know how I add this security constraint?

Thanx again

Nico
Re: Web Services over SSL with Eclipse WTP [message #200919 is a reply to message #200913] Mon, 01 October 2007 19:36 Go to previous messageGo to next message
Larry Isaacs is currently offline Larry Isaacs
Messages: 1305
Registered: July 2009
Senior Member
It's part of the servlet spec and would go in the web.xml of your
Dynamic Web Project. If you don't have a copy of the spec document, you
can download the latest one here:

http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index. html

Cheers,
Larry

Nico Farr wrote:
> Thank you very much for the answer.
> Even when I put the connector before the non ssl connector it doesn't
> work. At least I know now what "Enable Security" means.
> Do you know how I add this security constraint?
> Thanx again
> Nico
>
Re: Web Services over SSL with Eclipse WTP [message #201093 is a reply to message #200919] Wed, 03 October 2007 11:11 Go to previous messageGo to next message
Eclipse User
Originally posted by: nicofarr.gmx.de

I'm sorry for beeing annoying but the spec doesn't help me. Furthermore I
think the Web.XML of the project is always generated new. I inserted

<security-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

in the web.xml of the server configuration for the workspace.
Unfortunately it doesn't work. Eclipse generates the files always for
http://localhost:anyPort instead of using SSL https.

What else do I need to do besides keytools, server.xml, web.xml ?

Thanks again
Re: Web Services over SSL with Eclipse WTP [message #201101 is a reply to message #201093] Wed, 03 October 2007 13:01 Go to previous messageGo to next message
Larry Isaacs is currently offline Larry Isaacs
Messages: 1305
Registered: July 2009
Senior Member
It has been a while since I have messed with security constraints, but I
believe you need to specify at minimum one web-resource-collection to
indicate which portion, or all, of the webapp content is to have
restricted access. The changes to web.xml won't affect what WTP does.
The URL initially invoked in a browser would still be http. However,
assuming you have SSL set up in the Tomcat server, Tomcat will
automatically redirect http requests to https in an effort to honor the
webapp's transport guarantee. I'm still not sure whether this will be a
help when web services are involved.

Cheers,
Larry

Nico Farr wrote:
> I'm sorry for beeing annoying but the spec doesn't help me. Furthermore
> I think the Web.XML of the project is always generated new. I inserted
> <security-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> in the web.xml of the server configuration for the workspace.
> Unfortunately it doesn't work. Eclipse generates the files always for
> http://localhost:anyPort instead of using SSL https.
> What else do I need to do besides keytools, server.xml, web.xml ?
>
> Thanks again
>
Re: Web Services over SSL with Eclipse WTP [message #201107 is a reply to message #201101] Wed, 03 October 2007 14:08 Go to previous messageGo to next message
Eclipse User
Originally posted by: nicofarr.gmx.de

I tried to set the endpoint of the service manually to the ssl port. when
I try to invoke my method I get the following exception:

exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target

it looks like the certifacte cannot be found.

When I try the tomcat without eclipse my certificate will be found and
accepted after opening https//localhost:8443 ...
Re: Web Services over SSL with Eclipse WTP [message #201124 is a reply to message #201107] Wed, 03 October 2007 15:03 Go to previous messageGo to next message
Larry Isaacs is currently offline Larry Isaacs
Messages: 1305
Registered: July 2009
Senior Member
Since the Tomcat batch scripts are not used in any way for the Eclipse
Tomcat server, you may have to add arguments to the launch configuration
for the Tomcat server. For background info about the Tomcat support in
WTP see:

http://www.eclipse.org/webtools/faq/TomcatServerFAQ.php

It still covers just WTP 1.5 (adding WTP 2.0 info is in the works), but
most of the information still applies. It should be possible to have
the Tomcat launch configuration in Eclipse launch Tomcat with
effectively the same Java command that is being executed outside of
Eclipse, which should get SSL working.

Cheers,
Larry

Nico Farr wrote:
>
> I tried to set the endpoint of the service manually to the ssl port.
> when I try to invoke my method I get the following exception:
>
> exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> it looks like the certifacte cannot be found.
> When I try the tomcat without eclipse my certificate will be found and
> accepted after opening https//localhost:8443 ...
>
Re: Web Services over SSL with Eclipse WTP [message #201293 is a reply to message #201101] Thu, 04 October 2007 19:39 Go to previous message
Kathy Chan is currently offline Kathy Chan
Messages: 93
Registered: July 2009
Member
The Web services wizard just use whatever URL the server returns as the
project URL when forming the Web service endpoint. So according to an
earlier append by Larry, the Tomcat server currently returns a URL for the
first HTTP connector found in the server configuration. So this would be
the URL used by the Web services wizard when creating bottom-up or top-down
Web service. If the URL redirects the request, Web service client that goes
to the original HTTP endpoint will be redirected as well. Hope this info
helps!

Regards,
kathy Chan

"Larry Isaacs" <Larry.Isaacs@sas.com> wrote in message
news:fe03qn$87o$1@build.eclipse.org...
> It has been a while since I have messed with security constraints, but I
> believe you need to specify at minimum one web-resource-collection to
> indicate which portion, or all, of the webapp content is to have
> restricted access. The changes to web.xml won't affect what WTP does. The
> URL initially invoked in a browser would still be http. However, assuming
> you have SSL set up in the Tomcat server, Tomcat will automatically
> redirect http requests to https in an effort to honor the webapp's
> transport guarantee. I'm still not sure whether this will be a help when
> web services are involved.
>
> Cheers,
> Larry
>
> Nico Farr wrote:
>> I'm sorry for beeing annoying but the spec doesn't help me. Furthermore I
>> think the Web.XML of the project is always generated new. I inserted
>> <security-constraint>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> in the web.xml of the server configuration for the workspace.
>> Unfortunately it doesn't work. Eclipse generates the files always for
>> http://localhost:anyPort instead of using SSL https.
>> What else do I need to do besides keytools, server.xml, web.xml ?
>>
>> Thanks again
>>
Previous Topic:Add XML Tag Template to XML Editor
Next Topic:XML Editor: No Error hint in the Design View
Goto Forum:
  


Current Time: Wed Sep 17 19:36:49 GMT 2014

Powered by FUDForum. Page generated in 0.12939 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software