[jboss-user] [JBossWS] - Re: SOAP over HTTPS?
DrHok
do-not-reply at jboss.com
Wed Aug 23 06:31:16 EDT 2006
"DrHok" wrote : I would like to change an existing SOAP interface to a JBoss(4.0.2)-based webservice from HTTP to HTTPS, in order to ensure both privacy and integrity of data.
|
| But how do I do it?
Actually it turned out to be easier than I thought (on JBoss 4.0.2):
1. Uncomment and edit the SSL/TLS Connector section in server/default/deploy/jbossweb-tomcat55.sar/server.xml.
2. Generate a server key pair using keytool, see http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html.
3. Export the public key and import it on the client, also using keytool.
Then, if the ws client uses https://server:8443/... instead of http://server:8080/..., SOAP goes over TLS.
The WSDL doesn't need to know about TLS.
Note: I think my description of activating TLS is accurate, but I can't guarantee that it works. I guessed the first two steps by diffing a virgin jboss-4.0.2.zip with a running AS where TLS was activated by someone else. I might have missed some details of the configuration.
"DrHok" wrote : Will this cause a significant delay and load on the AS?
I made a performance comparison between TLS on and off, and surprisingly the effect of TLS is really small.
Neither the response times nor the load on the AS changed much (roughly +10%).
However, the network latency might increase if client and server are further apart in terms of IP hops (I tried up to 3), because sending a SOAP request and receiving a response over TLS requires 6 packet round-trips instead of 3 without TLS.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966920#3966920
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3966920
More information about the jboss-user
mailing list