I am looking into migrating from Tomcat to Jetty 8 for a custom web application that will essentially be a portal (though it won't be using a JSR-168 or similar portal container). The key concept for the purposes of this post is that the user will only need to log in once, and then he will need to access URLs from several different web applications all running on the same Jetty server. Once the user has logged in they should automatically be authenticated to any other web application running on the server.
Tomcat has the org.apache.catalina.authenticator.SingleSignOn valve which accomplishes this exact task. Once you log into a web application, the SingleSignOn valve will automatically log you into any other web applications.
So, is there a similar way to provide this same functionality in Jetty 8? It seems that there is a separate SessionManager for each web application. Can you configure or programatically assign the same SessionManager instance to each web application? Is there some other solution that is provided by Jetty out of the box?
HashSSORealm provides a simple way to use SingleSign on with Jetty. See:
http://docs.codehaus.org/display/JETTY/Single+Sign+On+-+Jetty+HashSSORealm
Related
WSO2 folks,
I'm looking at WSO2 Application Server, and I created a web app to invoke System.exit(), which brings down the whole app server. I'm asking because the apps from multiple tenants could be running on the same Application Server, and we need to prevent a malicous tenant from killing the whole JVM.
My first thought was to use a SecurityManager to restrict the access, but I'm not sure where should I set the SecurityManager, and how should I code the SecurityManager to ensure a secure app server.
Is SecurityManager the correct approach, or is there some other way to accomplish my requirement?
It has been protected using Java Security Manager and system is configured with policies ,which do not allow such calls.
my issue is about web services and all the stuff around that. I've developed a java web app, using hibernate (to connect with a mysql DB), jsf and primefaces. The only thing I have to show to the user is the index.xhtml which will search a data in a database. All of this is running on my PC with my local apache server.
But a doubt comes to my mind when I wonder if I deploy this web app in the apache server of the company, do we need something such as a web service o something like that o they just can access to the index.xhtml and start the queries?
Sorry for this but I'm totally new repesct web services, web app, web server and all these stuff.
PS. So, when do we use web services? and web server?
Thanks in advance :)
A web service is typically used as an API that might be integrated into another application. For example, if you have a way to accept payment information. You could make that a web service that would let some other application (e.g. an auction site) make calls into your web service to do some work.
Think of it a bit like a DLL that is accessible on the web. It won't have an interface, it is a collection of methods that either return data or execute some code. It will not return a UI.
So when you use a web service would be a similar question to when you need to break code out into a separate assembly.
On your specific question above, you would not need a web service, if your web application is doing everything you need it to do, then all you need is a web application.
I am using a gwt based application and I want to introduce web service [Apache CXF ] to provide access business layer to other application which is build up in other technology like php, iphone and android.
As per client requirement,
->create gui pages in php
->create login module (with oauth concept) in php
->Use php webservice for login process
->Use java webservice to access business layer
Now my question is to access particular business layer for security reason we have to maintain user session some how. right?
so as I mention requirement how can I manage session in my Java EE app server. should I have to create a session for per user request?
How could I maintain session for user if my login module on Apache server?
Note: Please note that my login is using a php app which has some oauth feature and that will redirect to Java EE app.
Passing JSESSIONID between instances of application server will do you nothing. Unless sessions are clustered, each application has it's own session container and cannot be shared, (unless you write a custom valve that will search for all sessions in application server). Plus WS does not have a notion of http session, you would have to implement your own mechanism. Plese elaborate what are you trying to achieve? And then we will be able to help you more.
I have two questions, but let me set the stage first:
Say you have a typical scenario where you have a web application and a mid-tier web service.
The web application receives a request from the user, queries the web service and sends a response to the user.
If the web service and the web application were running on the same machine, the web app would go through localhost:port to access the web service.
(I do understand that AppHarbor web and background workers are not running on traditional machines but it's easier to use that metaphor)
To make this slightly complex, the web service is actually a console app running a HTTP server and thus acting as a web service, let's call it webservice.exe.
My first question is: will AppHarbor run webservice.exe on the same machine as the web application and so enable the web application to access the web service via localhost:port.
If not, will the machine name where the console app is running always be static (which allows web app to reliably access machinename:port). If so, will the webservice.exe machine allow incoming connections from the web application machine?
My second question is if both apps run on the same machine (the localhost scenario), will external users be able to access webservice.exe via myapp.apphb.com:port ?
Thanks!!
AppHarbor does not currently support background workers (which is where your console application would be running) attaching to ports.
If you instead decide to host the service in an ASP.NET application and run it in a web worker on AppHarbor (as a normal web site), then it would be available at myawesomeapplication.apphb.com or using a custom hostname if you decide to add one.
If the service-abstraction is not needed, you might also want to just do away with it and fold it into the main web site.
I am using Axis2 (1.5.3 currently) and Tomcat (6.0.26 currently) and am running a web service. I would like to also host HTML pages for configuring the web service.
What is the best way to go about this? I assume keeping the same context is key, but perhaps it is not.
My current distribution is located under a folder structure similar to this:
Tomcat/webapps/mycompany
With the actual service code here:
Tomcat/webapps/mycompany/WEB-INF/services/myService
In a browser, I can hit my web service by going to here:
/mycompany/services/myService
I note that I can drop actual HTML files in this path and Tomcat will, indeed serve them up.
For instance, if I put "index.html" under Tomcat/webapps/mycompany, I can navigate to /mycompany/index.html and see my html.
What I want to do is have this HTML be attached to JAR/class files that can interact with the already-existing service class files in the same context as the service. Therefore, I can have the browser configure the web service directly.
Is this possible, and is there a tutorial or something out there that will help me with this? Note that I have been working with Tomcat and Axis2 for a while now for this particular web service, but I have never actually deployed a web application/html using Tomcat before.
Thanks.
First of all what do you mean by a configuring a service. Normally in SOA world services are analogous to interfaces. IMHO you can just change a service, since their are other users that rely on the services you are exposing.
If i want to change a service i would rather introduce a new version of the service after deprecating the existing one.
Are you talking about applying QoS to existing serviecs. Then that makes sense.
Anyway, If you want to have a web-app alongside with axis2 service engine, it is possible. If you look inside the axis2 war file you'll find the web.xml entry to Axis2Servlet. It is this servlet that serves the web services requests.
So, what you need is the Axis2Servlet mapping in your web-app along with your usual servlet-mappings. Number of possible ways to configure your services using web-app files. One options is to use web-services call itself to (with authentication) to configure it.
By "configure a service", take this example:
The service has a set of datasets.
Each dataset exists in a separate database.
The service can manage 0..n datasets.
The service must be configured to know about each dataset.
This is what I'm configuring. I'm not trying to configure Axis itself or redefine the service.
I would like to host the HTML using the same instance of Tomcat that I'm hosting the web service with. It needs to manage sessions, have login capability, an whatnot, and has to be able to configure the web service live.
From what I'm reading, it's probably best to make an interface to the web service that the web application module can call into from a different context.
Is there a better way?