security web services

Web services security

 

Base Authentication +HTTP+SSL

 

1. Base Authentication +HTTP+SSL

 

1.1 config ..\apache-tomcat-5.5.26\conf\tomcat-users.xml

 

<?xml version='1.0' encoding='utf-8'?>

 

<tomcat-users>

  <role rolename="tomcat"/>

  <role rolename="wsuser"/>

  <role rolename="role1"/>

  <user username="tomcat" password="tomcat" roles="tomcat"/>

  <user username="both" password="tomcat" roles="tomcat,role1"/>

  <user username="wsuser" password="wspwd" roles="wsuser"/>

  <user username="role1" password="tomcat" roles="role1"/>

</tomcat-users>

 

 

           

1.2 config ..\apache-tomcat-5.5.26\webapps\axis\WEB-INF\web.xml

 

<!-- Define a Security Constraint on this Application -->

    <security-constraint>

        <web-resource-collection>

          <web-resource-name>Protected</web-resource-name>

            <url-pattern>/services/*</url-pattern>    

        </web-resource-collection>

        <auth-constraint>

           <!-- NOTE:  This role is not present in the default users file -->

           <role-name>wsuser</role-name>

        </auth-constraint>

    </security-constraint>

 

<!-- Define the Login Configuration for this Application -->

            <login-config>

                        <auth-method>BASIC</auth-method>

                        <realm-name>Protected Web Services</realm-name>

            </login-config>

 

            <security-role>

        <role-name>wsuser</role-name>

    </security-role>

 

 

 1.3 Create Web service on server side

 

package com.arg.services;

 

public class CalculatorWebservice {

 

    public Float Add(Float a,Float b) {

 

        return a+b;

    }

}

 

Compile and copy .class from com\arg\services\CalculatorWebservice.class to C:\axis-1_4\ and deploy

 

สร้าง file deploy_calculator.wsdd

 

<deployment xmlns="http://xml.apache.org/axis/wsdd/"

            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

 

 <service name="CalculatorWebservice" provider="java:RPC">

  <parameter name="className" value="com.arg.services.CalculatorWebservice"/>

  <parameter name="allowedMethods" value="*"/>

 </service>

 

</deployment>

 

 

 

Copy file deploy_calculator.wsdd ไปไว้ที่ C:\axis-1_4\com\arg\services\

 

Deploy CalculatorWebservice on command line

 

java -cp %AXISCLASSPATH% org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/AdminService deploy_ calculator.wsdd

 

 

**** -cp = -CLASSPATH

 

1.4 Create Client for calling web service

package com.arg.client.get;

 

import org.apache.axis.client.Service;

import org.apache.axis.client.Call;

import org.apache.axis.encoding.XMLType;

 

import javax.xml.namespace.QName;

import javax.xml.rpc.ParameterMode;

 

public class Client4 {

 

        public static void main(String[] args)throws Exception{

        String endpoint = "http://localhost:8080/axis/services/CalculatorWebservice?wsdl";

        String namespace = "http://services.arg.com";   //fix namespace for .net

        String opr = "Add"; // operator name<method

        Service service = new Service();

        Call call = (Call) service.createCall();

        call.setTargetEndpointAddress(new java.net.URL(endpoint));

        call.setOperationName( new QName(namespace, opr) );

        call.addParameter( "a",XMLType.XSD_FLOAT,ParameterMode.IN);

        call.addParameter( "b",XMLType.XSD_FLOAT,ParameterMode.IN);

        call.setReturnType( XMLType.XSD_FLOAT);

        call.setUsername("wsuser");

        call.setPassword("wspwd");

        Object result = call.invoke( new Object[] {10F,20F } ); //send parameter

        System.out.println("Result = " + result );

 

    }

}

 

ถ้าต้องการเิพิ่ม HTTPS ต้องทำดังต่อไปนี้

 

1.5 เพิ่ม ssl security ที่ ..\apache-tomcat-5.5.26\conf\server.xml

 

<Connector port="8443"

                        maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

                        enableLookups="true" disableUploadTimeout="true"

                        acceptCount="100" debug="0" scheme="https" secure="true"

                        clientAuth="false" sslProtocol="TLS" keystoreFile="mykeystore.jks" keystorePass="wsuser" keystoreType="jks" />

 

1.6 สร้าง keystore

 

สร้าง keystore ไฟล์ ไว้ที่ %TOMCAT_HOME%
โดยเปิด cmd ขึ้นมา พิมพ์ keytool -genkey -keyalg RSA -alias tomcat -keystore mykeystore.jks 
ใส่รายละเอียดเริ่มต้นคือ storepass, รายละเีอียดของ cert, keypass กำหนดทั้ง storepass และ keypass เป็น password

 

1.7 สร้าง Client เรียก web services ผ่าน https

 

package com.arg.client.get;

 

import org.apache.axis.client.Service;

import org.apache.axis.client.Call;

import org.apache.axis.encoding.XMLType;

 

import javax.xml.namespace.QName;

import javax.xml.rpc.ParameterMode;

 

public class Client4 {

 

        public static void main(String[] args)throws Exception{

        String endpoint = "https://localhost:8443/axis/services/CalculatorWebservice?wsdl"; //wsdl

        String namespace = "http://services.arg.com";   //fix namespace for .net

 

        System.setProperty("javax.net.ssl.trustStore","C:\\ssl-apache-tomcat-5.5.26\\mykeystore.jks");

        String opr = "Add"; // operator name<method> 

        Service service = new Service();

        Call call = (Call) service.createCall();

        call.setTargetEndpointAddress(new java.net.URL(endpoint));

        call.setOperationName( new QName(namespace, opr) );

        call.addParameter( "a",XMLType.XSD_FLOAT,ParameterMode.IN);
call.addParameter( "b",XMLType.XSD_FLOAT,ParameterMode.IN);    

        call.setReturnType( XMLType.XSD_FLOAT);

        call.setUsername("wsuser");

        call.setPassword("wspwd");

        Object result = call.invoke( new Object[] {10F,20F } ); //send parameter

        System.out.println("Result = " + result );

 

    }

}