Web Services over SSL with Eclipse WTP [message #200863] |
Mon, 01 October 2007 13:32  |
Eclipse User |
|
|
|
Originally posted by: nicofarr.gmx.de
Hi,
I've developed a web service with Java, Eclipse, Web Tools Platform,
Axis and Tomcat. Everything works fine but now I want to use SSL. I
created a certificate using keytools, I changed the Tomcat config file
and wrote a connector for SSL with the keystore password. Finally I
selected "Enable Security" in the launch settings in Eclipse. I
received some error messages concerning permissions and I granted
these permissions in the java.policy file.
Now there are no further error messages when I try to deploy my Web
Service with enabled security. The problem is that Eclipse creates
Test Client and Server just using the http-port 8060 instead of https-
port 8443. I have the TCP/IP monitor on and of course I see only
unencrypted SOAP-messages...
How can I say Eclipse it should use the SSL connector...? Why does it
not work with the checkbox Enable Security? When I delete the normal
HTTP-Connector in the Tomcat config file I get an error from Eclipse
"URL not found" or so...
Does anybody have an idea?
Many thanks in advance
Regards,
Nico
|
|
|
Re: Web Services over SSL with Eclipse WTP [message #200888 is a reply to message #200863] |
Mon, 01 October 2007 14:51   |
Eclipse User |
|
|
|
With respect to the Tomcat server, the "Enable Security" check box only
adds "-Djava.security.manager" and "-Djava.security.policy=<path to
catalina.policy>" to the launch configuration to enable Java security.
It has nothing to do with SSL. Perhaps the option should be called
"Enable Java Security" to avoid this confusion.
Also, when a command like "Run on Server" asks the Tomcat server for its
base URL, it currently returns a URL for the first HTTP connector found
in the server configuration. On the to-do list for WTP 3.0 is to
provide a way to choose which connector among multiple connectors should
be used for this URL.
I believe if you add a security-constraint to your webapp with a
transport-guarantee of CONFIDENTIAL, Tomcat should forward HTTP requests
to the configured redirectPort. I don't know if this will help in your
circumstance. Otherwise, you may have to manually enter the "https" if
you want to use SSL.
Cheers,
Larry
Nico Farr wrote:
> Hi,
>
> I've developed a web service with Java, Eclipse, Web Tools Platform,
> Axis and Tomcat. Everything works fine but now I want to use SSL. I
> created a certificate using keytools, I changed the Tomcat config file
> and wrote a connector for SSL with the keystore password. Finally I
> selected "Enable Security" in the launch settings in Eclipse. I
> received some error messages concerning permissions and I granted
> these permissions in the java.policy file.
>
> Now there are no further error messages when I try to deploy my Web
> Service with enabled security. The problem is that Eclipse creates
> Test Client and Server just using the http-port 8060 instead of https-
> port 8443. I have the TCP/IP monitor on and of course I see only
> unencrypted SOAP-messages...
>
> How can I say Eclipse it should use the SSL connector...? Why does it
> not work with the checkbox Enable Security? When I delete the normal
> HTTP-Connector in the Tomcat config file I get an error from Eclipse
> "URL not found" or so...
>
> Does anybody have an idea?
>
> Many thanks in advance
>
> Regards,
> Nico
>
|
|
|
|
|
|
|
|
|
Re: Web Services over SSL with Eclipse WTP [message #201293 is a reply to message #201101] |
Thu, 04 October 2007 15:39  |
Eclipse User |
|
|
|
The Web services wizard just use whatever URL the server returns as the
project URL when forming the Web service endpoint. So according to an
earlier append by Larry, the Tomcat server currently returns a URL for the
first HTTP connector found in the server configuration. So this would be
the URL used by the Web services wizard when creating bottom-up or top-down
Web service. If the URL redirects the request, Web service client that goes
to the original HTTP endpoint will be redirected as well. Hope this info
helps!
Regards,
kathy Chan
"Larry Isaacs" <Larry.Isaacs@sas.com> wrote in message
news:fe03qn$87o$1@build.eclipse.org...
> It has been a while since I have messed with security constraints, but I
> believe you need to specify at minimum one web-resource-collection to
> indicate which portion, or all, of the webapp content is to have
> restricted access. The changes to web.xml won't affect what WTP does. The
> URL initially invoked in a browser would still be http. However, assuming
> you have SSL set up in the Tomcat server, Tomcat will automatically
> redirect http requests to https in an effort to honor the webapp's
> transport guarantee. I'm still not sure whether this will be a help when
> web services are involved.
>
> Cheers,
> Larry
>
> Nico Farr wrote:
>> I'm sorry for beeing annoying but the spec doesn't help me. Furthermore I
>> think the Web.XML of the project is always generated new. I inserted
>> <security-constraint>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> in the web.xml of the server configuration for the workspace.
>> Unfortunately it doesn't work. Eclipse generates the files always for
>> http://localhost:anyPort instead of using SSL https.
>> What else do I need to do besides keytools, server.xml, web.xml ?
>>
>> Thanks again
>>
|
|
|
Powered by
FUDForum. Page generated in 0.05724 seconds