Are there any special configuration settings you have to do to make a web service work with SSL?
Is there a way to force the service methods to authenticate using a username/password like I can do with a WCF service?
No. SSL support provided by web server (IIS).
Yes. Just configure authentication through web.config
Related
I have generated a JAX-WS web service with RAD 8.5 which automatically generated an endpoint for the service at "http:endpoint". I generated a client for the web service from the WSDL and added transport security (SSL) to the web service and added a secure endpoint using the following line of code in my client:
proxy._getDescriptor().setEndpoint("https:endpoint");
Everything seems to work fine. My question is do I need to do anything about the existence of the original endpoint ant "http:endpoint". This is an in-house web service so all of the apps which use it in house will use the secure endpoint, but is the availability of the unsecure endpoint a security risk for the web service? If so, what do I need to do to fix it? Any help would be appreciated.
I am not familiar with the Framework you are using, but there should be a configuration in your proxy to not allow http calls at all. If you have that option, turn it on so that your service only listens on port 443 (secure port).
An alternative would be to rewrite all http requests with https.
I am working on a microservices application that has a webapp backend consuming a RESTful web service endpoint.
I use IntelliJ and I would like to see the traffic (requests, responses, headers, etc.) between the webapp backend (the client) and the web service endpoint.
How is that possible?
Note:
I have tried using the bundled REST Client but it is just meant to issue requests to a web service endpoint.
The chrome console is of no use either because it just monitor the traffic between the SPA and the webapp backend...
My webapp and endpoint are developed in Spring/Java.
I have a web service hosted in a JBoss AS. Add a app running on Google App Engine. Now I want to access my web service hosted in JBoss AS only by my App Engine app and I want to restrict others from accessing my web service. How can I do that? Please help.
Use the AppEngine URL Fetch Service to call your JBoss web services from your AppEngine app. Use the HTTPS option to secure the network connection. Furthermore create request headers and payload such as to satisfy whatever JBoss security requirements you can establish between JBoss and AppEngine (for example client user authentication).
I've read source code of wso2 greg, and find that there is a tomcat embedded in it, and there are two connectors: http with port 9763 and https with port 9443. But when I type the url [http://localhost:9763/carbon] in browser, it redirect to https automatically. While I can't find the related source code about the redirecting.
Can anybody help?
thx
The Management Console (UI) of all WSO2 Carbon based products communicate with backend web service called AdminService. These services are secured and that's why it can be accessed only through https.
More info - http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html
I exposing EJB3.0 stateless session bean as web service using JAX-WS annotations and right now I'm using JBOSS5.1.0 GA as application server and JBOSSWS is generating the WSDL for me when I deploy the EAR.
Now I want to secure the web services by providing authentication and encryption-decryption on the SOAP messages. How do I can achieve that, Is there any annotations available for both in JAX-WS (or) can I achieve by doing any configuration at EJB level. I do not want to do secure web services with respect to JBOSS, because I want to deploy the same EAR in different application as well.
So please help me to build the generic EJB3.0 web services bean with the security implementation ., Thanks a lot in advance
Concerning SOAP WebServices, you can a lot of posts in this forum related to your question. In particular in User authenticate in SOAP I've mentioned that there several ways to authenticate the client.
Supposing that you want to authenticate the client by X.509 certificate. Then:
For JBossWS refer WS-SecurityOptions – X509 Certificate Token
For Metro/JAX-WS services refer Using JAX-WS-Based Web Services with SSL
For Apache CXF refer WS-Security
For Spring Security refer Spring Security With X.509 Certificate