How to make JAX-WS web service secure - web-services

I have got a simple 'Helloworld' JAX-WS service deployed in Jboss 5.1.0. It works fine and I am able to invoke my service from SoapUI client/ Java client.
Now I want to have the service secure(SSL enabled) and access using https protocol. I have done changes to my default\deploy\jbossweb.sar\server.xml file in Jboss
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/ws.keystore"
keystorePass="install01" sslProtocol = "TLS" />
But when I try to do
https://machinename:8443/abc/webservice?wsdl
it does not work
any idea?

To make this happen, first, go through some materials those suggests how SSL works. The reason being, when you intends to enable the SSL, then there are rounds of talk that happens between the client and server. On the top of that, there are also terms which are very much specific to SSL. I suggest, go through articles first. Hope this helps.

Related

Azure website connection to Azure Service

I have a asp.net MVC website which communicates to a SQL database through a web service. When set up in IIS it all works fine. I recently migrated the whole solution to Azure by publishing the Website and webservice as Web Apps. Under IIS the web.config of the website connects to the service endpoint using:
<client>
<endpoint address="http://localhost:7070/Services.svc"binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ITrain" contract="ServiceReference1.ITrain" name="BasicHttpBinding_ITrain"/>
</client>
In Azure i have changed this to:
<client>
<endpoint address="http://<sitename>.azurewebsites.net/Services.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ITrain" contract="ServiceReference1.ITrain" name="BasicHttpBinding_ITrain" />
</client>
The two web apps do not communicate.
Should i be doing something differently or does the problem lie somewhere else?
If you say the WSDL looked okay, the next thing I would recommend would be building a new simple Console app to try to talk to it. Use Add Service Reference in the Solution Explorer and provide the http://.azurewebsites.net/Services.svc URL. If Add Service Reference has a problem, you have some kind of WSDL error. But if it succeeds, your project will have auto-generated code to talk to that service. The example at https://msdn.microsoft.com/en-us/library/bb386386.aspx walks through this.
If the Console app succeeds in talking to the service, look very carefully at the generated app.config to see if it differs from your existing config files.
Ron Cain MSFT

Exposing WebService on Mule

I wanted expose an WebService on mule and its working.
My concern is that am not sure if this is the right approach to follow in exposing a webservice.
As I wanted to be able to view my Mule HTTP Inbound endpoint wsdl i.e
XXX:8084/HelloService?wsdl
, notice the actual service is running on port 8085.
<flow name="WS_In" doc:name="WS_In">
<http:inbound-endpoint address="http://localhost:8084/HelloService" exchange-pattern="request-response" doc:name="HTTP">
<cxf:proxy-service wsdlLocation="http://localhost:8085/HelloService?WSDL" payload="envelope" namespace="http://example.org/HelloService" service="Hello"/>
</http:inbound-endpoint>
<http:outbound-endpoint exchange-pattern="request-response" host="localhost" port="8085" doc:name="HTTP" path="test"/>
</flow>
So you're not exposing a service but just proxying it right?
Why not using the ready made pattern for that? See: http://www.mulesoft.org/documentation/display/current/Web+Service+Proxy+Pattern
Proxying web services is a very common practice used for different reasons like security or auditing. This pattern allows a short and easy configuration of such a proxy.
With this you can
Transform the SOAP envelope (body or header) to add or remove specific entries.
Rewrite remote WSDLs so they appear to bind to services inside a corporate firewall.
Mule has already defined these proxy transformers in various ways:
Ref: https://docs.mulesoft.com/mule-user-guide/v/3.7/web-service-proxy-pattern#wsdl-redirection

Apache CXF - http-conf:conduit proxy setting

In my project i have to configure the conduit settings for web services.To communicate with the web services i have to pass through a proxy.Since , http-conf:basicAuthSupplier it's not working due to http://cxf.547215.n5.nabble.com/svn-commit-r1240059-cxf-trunk-rt-transports-http-src-main-resources-schemas-configuration-http-conf-d-td5453353.html does anybody knows how to configure a proxy setting?
<http-conf:conduit name="*.http-conduit">
<http-conf:authorization>
<sec:UserName>username</sec:UserName>
<sec:Password>password</sec:Password>
</http-conf:authorization>
<http-conf:client Connection="Keep-Alive"
AllowChunking="false"
ProxyServer=proxyIp
ProxyServerPort=proxyPort
ProxyServerType="HTTP"/>
</http-conf:conduit>
I also tried with http-conf:proxyAuthorization
but the same 407 proxy authentification error appears.
Does anybody knows how to resolve it?
Authentication supplier has to be configured as described at http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
<http-conf:conduit name="*.http-conduit">
<http-conf:client ProxyServer="proxyIP" ProxyServerPort="proxyPort" NonProxyHosts="nonProxyHost" />
<http-conf:authSupplier class="org.apache.cxf.transport.http.auth.DefaultBasicAuthSupplier"/>
<http-conf:proxyAuthorization>
<sec:UserName>username</sec:UserName>
<sec:Password>password</sec:Password>
</http-conf:proxyAuthorization>
Also enable basic authentication for HTTPS tunneling using the below JVM flags. Details available at http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
-Djdk.http.auth.proxying.disabledSchemes="" -Djdk.http.auth.tunneling.disabledSchemes=""

Howto setup Apache Web Server for clustering a Web Service on two Tomcats

I'm trying to setup an Apache Web Server, so that it balances requests of a client on two Tomcat servers. For the Web Service I uses Axis2. It is deployed on two Tomcats. When I invoke the Web Service, there is always only one Server answering, although the cluster is established. I used this tutorial, Axis2 1.6.1, Tomcat 7, Apache Web Server 2.2 and I am running it on a Windows 32 bit system.
How is it possible to balance the client requests on both Tomcats?
It might have something to do with the proxy configuration of the Web Server, but its just a thought.
If you need screenshots or else, please let me know. And sorry for my german accent :)
Usually with load-balancing (clustering) one server will be answering first - which one will be decided by load-balancer (proxy) in it's configuration. Load-balancer (proxy) usually queries all clustered servers until it finds one that is less busy. In order to tests clustered environment you have to simulate (or create) high load or you can "slow down" (or stop completely) one of the servers.
Ok it works now. It was a configuration problem in the axis2.xml file, where I had the wrong IP. now I have the following configuration on every instance:
<!-- The host name or IP address of this member -->
<parameter name="localMemberHost">127.0.0.1</parameter>
Also important is the server.xml file of the Tomcat instances. Here the Shutdown port must be different for each instance:
Instance 1:
<Server port="8005" shutdown="SHUTDOWN">
Instance 2:
<Server port="8015" shutdown="SHUTDOWN">
The connector port must be different, too:
Instance 1:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Instance 2:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8010" protocol="AJP/1.3" redirectPort="8443" />
Then I just set these adjustments in the httpd.conf file of the Apache Webserver like this:
BalancerMember ajp://127.0.0.1:8009 min=1 max=1 route=node1 loadfactor=1
BalancerMember ajp://127.0.0.1:8010 min=1 max=1 route=node2 loadfactor=1
and now my cluster works fine. Sometimes you have to go back some steps to understand whats wrong.

How can I set the port for an iis hosted wcf svc?

I have a IIS hosted service http://localhost/someProject/services/myservice.svc . Is it possible to somehow make say http://locahost:9705 point to it? How do I set this up? It seems to be pretty straightforward with a Windows Service hosted WCF service, but I cannot figure how to accomplish this when using .svc files and IIS. In the app.config of a Windows Service I just add a host node...
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:9705"/>
</baseAddresses>
</host>
however when I do the same thing in an IIS hosted svc web.config
<host>
<baseAddresses>
<add baseAddress="http://localhost:9705"/>
</baseAddresses>
</host>
I browse to http://localhost:9705 and I get an IE error cannot display the webpage etc... In the windows hosted services I'm able to browse to the page, although not in this example as I'm using net.tcp, but with other services, it works. What am I doing wrong here? Is this even possible? Please point me in the right direction. Thanks for any tips and/or help.
Cheers,
~ck in San Diego
If you host in IIS, it's IIS that controls where the service is located. You cannot override the IIS settings - if your *.svc file is located under http://localhost/someproject/services/myservice.svc, then that's your service address. Any <baseAddress> settings in your web.config file are ignored and useless.
So either you can configure this in IIS, or you have to switch to self-hosting your WCF service in e.g. a Windows Service or a console app or something.