I've read source code of wso2 greg, and find that there is a tomcat embedded in it, and there are two connectors: http with port 9763 and https with port 9443. But when I type the url [http://localhost:9763/carbon] in browser, it redirect to https automatically. While I can't find the related source code about the redirecting.
Can anybody help?
thx
The Management Console (UI) of all WSO2 Carbon based products communicate with backend web service called AdminService. These services are secured and that's why it can be accessed only through https.
More info - http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html
Related
I have generated a JAX-WS web service with RAD 8.5 which automatically generated an endpoint for the service at "http:endpoint". I generated a client for the web service from the WSDL and added transport security (SSL) to the web service and added a secure endpoint using the following line of code in my client:
proxy._getDescriptor().setEndpoint("https:endpoint");
Everything seems to work fine. My question is do I need to do anything about the existence of the original endpoint ant "http:endpoint". This is an in-house web service so all of the apps which use it in house will use the secure endpoint, but is the availability of the unsecure endpoint a security risk for the web service? If so, what do I need to do to fix it? Any help would be appreciated.
I am not familiar with the Framework you are using, but there should be a configuration in your proxy to not allow http calls at all. If you have that option, turn it on so that your service only listens on port 443 (secure port).
An alternative would be to rewrite all http requests with https.
I installed and configured WSO2 IS 5.0 But I would like the users access through the proxy. So I would like to know WSO2 has WSO2 IS Proxy or not? Or WSO2 has any product to use for this purpose?
WSO2 has not any proxy related product. Also, there are well known proxy such as Apache HTTP / Nginx and so on. As i know, WSO2 also recommends to use Nginx. Please find details on how you can use proxy with WSO2IS from here
I have used WSO2 IS in production with Nginx and it has worked correctly for me.
You can also review the official documentation here
WSO2 does not provide in-built proxy. However, you you can use well known proxy products for this purpose. Ex: Nginx, HA proxy etc.
If you deploy WSO2 products in cloud environments, you can can use cloud native LBs such as AWS ALB, Azure application gateway etc.
You need 443 LB listener port to forward traffic to 9443 port in WSO2 IS server.
I've created a web service using this example:
http://www.albeesonline.com/blog/2008/07/27/creating-a-webservice-using-rad-7/
When I call the web service to get the WSDL, I use a URL like this:
http://acme.com/storefront/services/InventoryInquiry?wsdl
And WebSphere responds with a WSDL page with a URL like this:
http://acme.com:9082/storefront/services/InventoryInquiry/wsdl/InventoryInquiry.wsdl
What I'd like is for WebSphere to respond using SSL and port 443, and not the WebSphere default host port.
I tried modifying the "Provide HTTP endpoint URL information" page in WebSphere console for the application to use "https://acme.com:443" for the "HTTP URL prefix", but WebSphere doesn't use this, even after restarting WebSphere.
How do I configure WebSphere so that it doesn't use its default ports when responding to web service requests?
I'm using WebSphere 6.1.
Some background information:
The service is included in a J2EE application that uses Struts for its design pattern. The struts-config.xml is configured to serve the app on ports 80 and 443. The WAS server where the app runs is fronted by an Apache web server, which is redirecting requests to the app via a load balancer.
The AWS load balander config is directing requests among four separate WAS servers, each serving a copy of the application. Each WAS server is configured to deliver a unique server ID string back to the user. AWS uses this string to determine which WAS server will handle subsequent requests made by the user. This all works fine for the parts of the J2EE app that are handled by Struts, but the web service exists outside of that context. This seems to be why the web service responds using the WAS default secure port, and not the port defined in Struts.
I can't change the WAS default secure port to 443, because I can't have two instances of WAS on the same server both listening to port 443.
In general you have two choices:
1. You can install IBM Http Server (IHS) and WebSphere Plugin to route requests to WebSphere. IHS uses by default 80 and 443 ports.
2. Change default SSL port in WebSphere - In Server > Ports change the WC_defaulthost_secure from 944x to 443.
There is second issue in your question - do you want to protect using SSL whole service or just WSDL?
To configure it you will either need to define security constraints to protect selected URIs or configure HTTP server to only allow SSL access to the service.
UPDATE
If you have Apache Web server in front, then install and configure WebSphere Plugin (if you currently use mod_proxy or something else). WebSphere Plugin is available for Apache and will do dispatching and load balancing across multiple WAS instances (if they are clustered then you can generate plugin automatically from Deployment Manager, if you have many standalone instances - you will need to merge plugin, there is a tool for that).
It doesn't matter that your app is using Struts, your wsdl can still be served via Http server and plugin.
For redirection to HTTPS you need to solve that issue from your other post - security-constraint in web.xml is not enforced as I assume it is the same environment.
I have a web service hosted in a JBoss AS. Add a app running on Google App Engine. Now I want to access my web service hosted in JBoss AS only by my App Engine app and I want to restrict others from accessing my web service. How can I do that? Please help.
Use the AppEngine URL Fetch Service to call your JBoss web services from your AppEngine app. Use the HTTPS option to secure the network connection. Furthermore create request headers and payload such as to satisfy whatever JBoss security requirements you can establish between JBoss and AppEngine (for example client user authentication).
Are there any special configuration settings you have to do to make a web service work with SSL?
Is there a way to force the service methods to authenticate using a username/password like I can do with a WCF service?
No. SSL support provided by web server (IIS).
Yes. Just configure authentication through web.config