Steps to secure web services

balecomputerΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

87 εμφανίσεις

Steps to secure web services


Step 1:

Get/Generate Server and Client Key store

Step 2:

Configure web/application server to use SSL using the server key store

Step 3:

Enable client to use the client key store in order to access secure web service


Generate
Server and Client Key store

(If you don’t have one)


This requires JDK 1.4 and above.


Step1:

Modify the KeyStore.bat with appropriate parameters like

a)

server name for which the Key Store is to be generated (for e.g. CN=localhost)

b)

modify the password from

“changeit” to any preferred password

Step 2:

Execute the KeyStore.bat file. This will generate Client and Server key stores with their certificates.



Configure JBoss/Tomcat to use SSL


Step 1:

Open <jboss
-
home>/server/default/deploy/<tomcat.sar>/server.x
ml

Step 2:

Find an entry for the SSL connector entry and uncomment it.

Step 3:

Change the SSL connector entry to point to server key store and provide the store password with it


<!
--

SSL/TLS Connector configuration using the admin devl guide keystore
--
>

<
Connector port="8443" address="${jboss.bind.address}"

maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"

emptySessionPath="true"

scheme="https" secure="true" clientAuth="false"

keystoreFile="C:
\
<keystore
-
directory>
\
server.keystore"

keystorePass="chan
geit" sslProtocol = "TLS" />



Enable client to use the client key store in order to access secure web service


Note: Web service address will be changed from


http://<server>:{port}
/<context>/services/<service
-
name>

to

https://<server>:8443
/<context>/ser
vices/<service
-
name>

(8443 is the port used in configuration file)



Insert Following code before making a call to the web service


String store="

c
:
\
\
<keystore
-
directory>
\
\
client.keystore";

String storePassword="changeit";


System.setProperty("java.proto
col.handler.pkgs","com.sun.net.ssl.internal.www.protocol");

System.setProperty("javax.net.ssl.trustStore",store);

System.setProperty("javax.net.ssl.trustStorePassword", storePassword);

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());