I am working on a microservices application that has a webapp backend consuming a RESTful web service endpoint.
I use IntelliJ and I would like to see the traffic (requests, responses, headers, etc.) between the webapp backend (the client) and the web service endpoint.
How is that possible?
Note:
I have tried using the bundled REST Client but it is just meant to issue requests to a web service endpoint.
The chrome console is of no use either because it just monitor the traffic between the SPA and the webapp backend...
My webapp and endpoint are developed in Spring/Java.
Related
In our architecture there are clients (web or mobile) that connects to the frontend webapp protected with SSO from an authentication filter using WSO2 Identity Server to enforce user login.
I developed a proxy servlet to wrap all invocations to the backend services, this servlet is deployed in the fronted webapp. Everithing works until this point.
The architecture is the following:
User <--> Firewall <--> Apache Proxy <--> Frontend WAR <--> Backend WAR
The problem is that these clients need to connect to a Websocket endpoint deployed on the backend WAR.
Looking around I found that WSO2 Api Manager starting from version 2.1 has the Websocket support.
I tried to follow the provided tutorial: https://docs.wso2.com/display/AM210/Create+a+WebSocket+API
But in the example is not mentioned how to connect to the API exposed endpoint using a pure javascript.
Do you have any suggestion on how to achieve this?
Regards
How do I set up a web application with OAuth2 authentication, where the web application connects to two underlying REST services (through client-side JavaScript from the user's browser)?
I am controlling all servers, and I need to make sure that nobody accesses the web application and the REST services without authentication.
How should this be done?
Should I configure all three servers (the web application and the two REST services) using a single application id?
BTW:I plan to use IdentityServer4 as the authentication server.
Best regards,
Morten :-)
I have generated a JAX-WS web service with RAD 8.5 which automatically generated an endpoint for the service at "http:endpoint". I generated a client for the web service from the WSDL and added transport security (SSL) to the web service and added a secure endpoint using the following line of code in my client:
proxy._getDescriptor().setEndpoint("https:endpoint");
Everything seems to work fine. My question is do I need to do anything about the existence of the original endpoint ant "http:endpoint". This is an in-house web service so all of the apps which use it in house will use the secure endpoint, but is the availability of the unsecure endpoint a security risk for the web service? If so, what do I need to do to fix it? Any help would be appreciated.
I am not familiar with the Framework you are using, but there should be a configuration in your proxy to not allow http calls at all. If you have that option, turn it on so that your service only listens on port 443 (secure port).
An alternative would be to rewrite all http requests with https.
I have a web service hosted in a JBoss AS. Add a app running on Google App Engine. Now I want to access my web service hosted in JBoss AS only by my App Engine app and I want to restrict others from accessing my web service. How can I do that? Please help.
Use the AppEngine URL Fetch Service to call your JBoss web services from your AppEngine app. Use the HTTPS option to secure the network connection. Furthermore create request headers and payload such as to satisfy whatever JBoss security requirements you can establish between JBoss and AppEngine (for example client user authentication).
I exposing EJB3.0 stateless session bean as web service using JAX-WS annotations and right now I'm using JBOSS5.1.0 GA as application server and JBOSSWS is generating the WSDL for me when I deploy the EAR.
Now I want to secure the web services by providing authentication and encryption-decryption on the SOAP messages. How do I can achieve that, Is there any annotations available for both in JAX-WS (or) can I achieve by doing any configuration at EJB level. I do not want to do secure web services with respect to JBOSS, because I want to deploy the same EAR in different application as well.
So please help me to build the generic EJB3.0 web services bean with the security implementation ., Thanks a lot in advance
Concerning SOAP WebServices, you can a lot of posts in this forum related to your question. In particular in User authenticate in SOAP I've mentioned that there several ways to authenticate the client.
Supposing that you want to authenticate the client by X.509 certificate. Then:
For JBossWS refer WS-SecurityOptions – X509 Certificate Token
For Metro/JAX-WS services refer Using JAX-WS-Based Web Services with SSL
For Apache CXF refer WS-Security
For Spring Security refer Spring Security With X.509 Certificate