Friday, April 09, 2010

How to secure your webservice,how to call using https instead of http

The scenario is we have SOA Suite installed at our end and we have deployed a process which is accessible via

http://host:port/service/someService

Now our requirement is how to secure this link that is call the service using https so the new request should appear like

https://host:port/service/someService

Again i would like you all to go through this link to get some idea on key and certificate.

http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html

BAsed on this note i will generate a key

OPen a command window and navigate till jdk/bin directory and issue a command

keytool -genkey -alias arpit -server -dname "CN=Arpit, OU=Integration O=Oracle L=Bangalore, S=Karnataka, C=IN" -keyalg RSA -keypass welcome1 -storepass welcome1 -keystore arpit.keystore


It should be like



Once you will execute this command you will find a key with name arpit.keystore getting created in the same folder where you have executed it.



You can copy the arpit.keystore into the $ORACLE_HOME/j2ee/home/config


Nnow again

1. Copy default-web-site.xml to secure-web-site.xml

2. Edit the secure-web-site.xml:
2.1. Change the web-site tag by changing the port to 4443 and adding the element secure="true"
2.1. Add the ssl-config element and point this to the new created keystore.
The file looks like:

<web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd"
port="4443"
secure="true"
display-name="OC4J 10g (10.1.3) Default Web Site"
schema-major-version="10"
schema-minor-version="0" >
...
<ssl-config keystore="Path/server.keystore" keystore-password="welcome" />
...
</web-site>

3. Import the new Web site in your OC4J instance by editing the $ORACLE_HOME/j2ee/home/server.xml file. You need to add or replace the web-site tag. In

...
<web-site default="true" path="./default-web-site.xml" />
<web-site path="./secure-web-site.xml" />
...


Since we have copied the file from the default-web-site, all applications are available using HTTP and HTTPS

Now Start OC4J and test the HTTPS port.

It should work.This is for standalone container

No comments: