I've created a web service using this example:
http://www.albeesonline.com/blog/2008/07/27/creating-a-webservice-using-rad-7/
When I call the web service to get the WSDL, I use a URL like this:
http://acme.com/storefront/services/InventoryInquiry?wsdl
And WebSphere responds with a WSDL page with a URL like this:
http://acme.com:9082/storefront/services/InventoryInquiry/wsdl/InventoryInquiry.wsdl
What I'd like is for WebSphere to respond using SSL and port 443, and not the WebSphere default host port.
I tried modifying the "Provide HTTP endpoint URL information" page in WebSphere console for the application to use "https://acme.com:443" for the "HTTP URL prefix", but WebSphere doesn't use this, even after restarting WebSphere.
How do I configure WebSphere so that it doesn't use its default ports when responding to web service requests?
I'm using WebSphere 6.1.
Some background information:
The service is included in a J2EE application that uses Struts for its design pattern. The struts-config.xml is configured to serve the app on ports 80 and 443. The WAS server where the app runs is fronted by an Apache web server, which is redirecting requests to the app via a load balancer.
The AWS load balander config is directing requests among four separate WAS servers, each serving a copy of the application. Each WAS server is configured to deliver a unique server ID string back to the user. AWS uses this string to determine which WAS server will handle subsequent requests made by the user. This all works fine for the parts of the J2EE app that are handled by Struts, but the web service exists outside of that context. This seems to be why the web service responds using the WAS default secure port, and not the port defined in Struts.
I can't change the WAS default secure port to 443, because I can't have two instances of WAS on the same server both listening to port 443.
In general you have two choices:
1. You can install IBM Http Server (IHS) and WebSphere Plugin to route requests to WebSphere. IHS uses by default 80 and 443 ports.
2. Change default SSL port in WebSphere - In Server > Ports change the WC_defaulthost_secure from 944x to 443.
There is second issue in your question - do you want to protect using SSL whole service or just WSDL?
To configure it you will either need to define security constraints to protect selected URIs or configure HTTP server to only allow SSL access to the service.
UPDATE
If you have Apache Web server in front, then install and configure WebSphere Plugin (if you currently use mod_proxy or something else). WebSphere Plugin is available for Apache and will do dispatching and load balancing across multiple WAS instances (if they are clustered then you can generate plugin automatically from Deployment Manager, if you have many standalone instances - you will need to merge plugin, there is a tool for that).
It doesn't matter that your app is using Struts, your wsdl can still be served via Http server and plugin.
For redirection to HTTPS you need to solve that issue from your other post - security-constraint in web.xml is not enforced as I assume it is the same environment.
Related
We have a back-end website deployed on AWS. I deploy a front-end website in local tomcat and send a request to back-end website in order to get some object data with homemade soap api. Dose it work?
Yes , literally you are trying to access a remote api from local environment. After the deployment in AWS do make sure the security groups allows the protocol and port number, to be communicated from remotely.
By default there ports are not allowed.
Looks like you are trying to connect to a SOAP Webservice hosted in AWS. There is no reason it shouldn't be working, Only thing is you have to properly configure your AWS security groups attached to your backend server, to allow connections from your frontend website. Use front-end server port as the source ip in your security group. You might also have to allow outgoing connections from the network where your frontend server is hosted if it is protected by a firewall.
I have generated a JAX-WS web service with RAD 8.5 which automatically generated an endpoint for the service at "http:endpoint". I generated a client for the web service from the WSDL and added transport security (SSL) to the web service and added a secure endpoint using the following line of code in my client:
proxy._getDescriptor().setEndpoint("https:endpoint");
Everything seems to work fine. My question is do I need to do anything about the existence of the original endpoint ant "http:endpoint". This is an in-house web service so all of the apps which use it in house will use the secure endpoint, but is the availability of the unsecure endpoint a security risk for the web service? If so, what do I need to do to fix it? Any help would be appreciated.
I am not familiar with the Framework you are using, but there should be a configuration in your proxy to not allow http calls at all. If you have that option, turn it on so that your service only listens on port 443 (secure port).
An alternative would be to rewrite all http requests with https.
I am using Service Bus 11gR1
I have created a proxy service
I can view it's WSDL if I point my browser to:
https://wlsdev.mydomain.com/osb/RJMTest/XXIC_ErrorQueryAsync_Proxy?wsdl
When I look at the returned WSDL I can see the binding element lists the actual host rather than the load balancer:
</WL5G3N0:binding>
<WL5G3N0:service name="query_ptBindingQSService">
<WL5G3N0:port binding="WL5G3N2:query_ptBinding" name="query_ptBindingQSPort">
<WL5G3N3:address location="http://internalserver.com:8010/osb/RJMTest/XXIC_ErrorQueryAsync_Proxy"/>
</WL5G3N0:port>
</WL5G3N0:service>
My question is what setting in OSB do I need to change to alter what the SOAP wsdl is using to generate the WSDL?
(In SOA there was a ServerURL setting)
You will have to update the cluster http frontend host to the load balancer address. This will need to be done on WebLogic Admin console
Login to http://{host}:{port}/console
Clicked on Lock and Edit button
Select Cluster
Click on HTTP
Configure Front End Host address to the pool name of load balancer
Configure http and https port where managed servers listen to
Click Save.
You will need to restart the managed servers.
I've read source code of wso2 greg, and find that there is a tomcat embedded in it, and there are two connectors: http with port 9763 and https with port 9443. But when I type the url [http://localhost:9763/carbon] in browser, it redirect to https automatically. While I can't find the related source code about the redirecting.
Can anybody help?
thx
The Management Console (UI) of all WSO2 Carbon based products communicate with backend web service called AdminService. These services are secured and that's why it can be accessed only through https.
More info - http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html
We have an external service that is currently accessible via the http (port 80, non-SSL) and https (port 443, SSL) addresses.
What is the best way to limit connections to only the https address? Is it something we can do via IIS or does it have to be done via code.
Additional info: Regular ASP.NET web service (.asmx) running on IIS on Windows 2003 server. Service is built with C# on .NET 3.5.
Require SSL on the application
In a custom error page for the 403 redirect the browser to the incoming URL, changing http to https along the way.
Note: Keep port 80 open for this - or there won't be a server to listen for requests to redirect.
Just to clarify Greg's point 1. IIS Manager > Site properties > Directory Security > Secure Communications > Require Secure Channel (SSL)
Is just not accepting any connections on port 80 an option? I'm a complete web server noob so I don't know if the server can operate without an unsecured listen port but if the server can operate only listen on port 443 that would seem to be simplest option.
Another option would be a redirect from the unsecure port to the secure one