Web Services over SSL with Eclipse WTP [message #200863] |
Mon, 01 October 2007 17:32 |
Eclipse User |
|
|
|
Originally posted by: nicofarr.gmx.de
Hi,
I've developed a web service with Java, Eclipse, Web Tools Platform,
Axis and Tomcat. Everything works fine but now I want to use SSL. I
created a certificate using keytools, I changed the Tomcat config file
and wrote a connector for SSL with the keystore password. Finally I
selected "Enable Security" in the launch settings in Eclipse. I
received some error messages concerning permissions and I granted
these permissions in the java.policy file.
Now there are no further error messages when I try to deploy my Web
Service with enabled security. The problem is that Eclipse creates
Test Client and Server just using the http-port 8060 instead of https-
port 8443. I have the TCP/IP monitor on and of course I see only
unencrypted SOAP-messages...
How can I say Eclipse it should use the SSL connector...? Why does it
not work with the checkbox Enable Security? When I delete the normal
HTTP-Connector in the Tomcat config file I get an error from Eclipse
"URL not found" or so...
Does anybody have an idea?
Many thanks in advance
Regards,
Nico
|
|
|
Re: Web Services over SSL with Eclipse WTP [message #200888 is a reply to message #200863] |
Mon, 01 October 2007 18:51 |
Larry Isaacs Messages: 1354 Registered: July 2009 |
Senior Member |
|
|
With respect to the Tomcat server, the "Enable Security" check box only
adds "-Djava.security.manager" and "-Djava.security.policy=<path to
catalina.policy>" to the launch configuration to enable Java security.
It has nothing to do with SSL. Perhaps the option should be called
"Enable Java Security" to avoid this confusion.
Also, when a command like "Run on Server" asks the Tomcat server for its
base URL, it currently returns a URL for the first HTTP connector found
in the server configuration. On the to-do list for WTP 3.0 is to
provide a way to choose which connector among multiple connectors should
be used for this URL.
I believe if you add a security-constraint to your webapp with a
transport-guarantee of CONFIDENTIAL, Tomcat should forward HTTP requests
to the configured redirectPort. I don't know if this will help in your
circumstance. Otherwise, you may have to manually enter the "https" if
you want to use SSL.
Cheers,
Larry
Nico Farr wrote:
> Hi,
>
> I've developed a web service with Java, Eclipse, Web Tools Platform,
> Axis and Tomcat. Everything works fine but now I want to use SSL. I
> created a certificate using keytools, I changed the Tomcat config file
> and wrote a connector for SSL with the keystore password. Finally I
> selected "Enable Security" in the launch settings in Eclipse. I
> received some error messages concerning permissions and I granted
> these permissions in the java.policy file.
>
> Now there are no further error messages when I try to deploy my Web
> Service with enabled security. The problem is that Eclipse creates
> Test Client and Server just using the http-port 8060 instead of https-
> port 8443. I have the TCP/IP monitor on and of course I see only
> unencrypted SOAP-messages...
>
> How can I say Eclipse it should use the SSL connector...? Why does it
> not work with the checkbox Enable Security? When I delete the normal
> HTTP-Connector in the Tomcat config file I get an error from Eclipse
> "URL not found" or so...
>
> Does anybody have an idea?
>
> Many thanks in advance
>
> Regards,
> Nico
>
|
|
|
Re: Web Services over SSL with Eclipse WTP [message #200913 is a reply to message #200888] |
Mon, 01 October 2007 19:26 |
Eclipse User |
|
|
|
Originally posted by: nicofarr.gmx.de
Thank you very much for the answer.
Even when I put the connector before the non ssl connector it doesn't
work. At least I know now what "Enable Security" means.
Do you know how I add this security constraint?
Thanx again
Nico
|
|
|
|
Re: Web Services over SSL with Eclipse WTP [message #201093 is a reply to message #200919] |
Wed, 03 October 2007 11:11 |
Eclipse User |
|
|
|
Originally posted by: nicofarr.gmx.de
I'm sorry for beeing annoying but the spec doesn't help me. Furthermore I
think the Web.XML of the project is always generated new. I inserted
<security-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
in the web.xml of the server configuration for the workspace.
Unfortunately it doesn't work. Eclipse generates the files always for
http://localhost:anyPort instead of using SSL https.
What else do I need to do besides keytools, server.xml, web.xml ?
Thanks again
|
|
|
|
Re: Web Services over SSL with Eclipse WTP [message #201107 is a reply to message #201101] |
Wed, 03 October 2007 14:08 |
Eclipse User |
|
|
|
Originally posted by: nicofarr.gmx.de
I tried to set the endpoint of the service manually to the ssl port. when
I try to invoke my method I get the following exception:
exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
it looks like the certifacte cannot be found.
When I try the tomcat without eclipse my certificate will be found and
accepted after opening https//localhost:8443 ...
|
|
|
|
Re: Web Services over SSL with Eclipse WTP [message #201293 is a reply to message #201101] |
Thu, 04 October 2007 19:39 |
Kathy Chan Messages: 93 Registered: July 2009 |
Member |
|
|
The Web services wizard just use whatever URL the server returns as the
project URL when forming the Web service endpoint. So according to an
earlier append by Larry, the Tomcat server currently returns a URL for the
first HTTP connector found in the server configuration. So this would be
the URL used by the Web services wizard when creating bottom-up or top-down
Web service. If the URL redirects the request, Web service client that goes
to the original HTTP endpoint will be redirected as well. Hope this info
helps!
Regards,
kathy Chan
"Larry Isaacs" <Larry.Isaacs@sas.com> wrote in message
news:fe03qn$87o$1@build.eclipse.org...
> It has been a while since I have messed with security constraints, but I
> believe you need to specify at minimum one web-resource-collection to
> indicate which portion, or all, of the webapp content is to have
> restricted access. The changes to web.xml won't affect what WTP does. The
> URL initially invoked in a browser would still be http. However, assuming
> you have SSL set up in the Tomcat server, Tomcat will automatically
> redirect http requests to https in an effort to honor the webapp's
> transport guarantee. I'm still not sure whether this will be a help when
> web services are involved.
>
> Cheers,
> Larry
>
> Nico Farr wrote:
>> I'm sorry for beeing annoying but the spec doesn't help me. Furthermore I
>> think the Web.XML of the project is always generated new. I inserted
>> <security-constraint>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> in the web.xml of the server configuration for the workspace.
>> Unfortunately it doesn't work. Eclipse generates the files always for
>> http://localhost:anyPort instead of using SSL https.
>> What else do I need to do besides keytools, server.xml, web.xml ?
>>
>> Thanks again
>>
|
|
|
Powered by
FUDForum. Page generated in 0.04579 seconds