JBOSS: Encrypting web communication
Enabling HTTPS
To handle HTTPS requests, you must do the following:
■ Create or obtain a certificate for your server.
■ Make sure that certificate is in a keystore.
■ Define a secure HTTP connector.
■ Point the connector to your keystore
In order to enable HTTPS in JBoss Web Server, you have to obtain or create a keystore with a certificate for your server
After creating the keystore with a certificate in it, you must set up a connector in JBoss Web Server to listen for the SSL traffic.
A secure HTTP connector that points to keystore
<Connector port=”8443″
…
scheme=”https”
secure=”true”
clientAuth=”false”
keystoreFile=”${jboss.server.home.dir}/conf/server.keystore”
keystorePass=”serverpass”
sslProtocol = “TLS” />
After enabling this connector, clients can access your secure server using their web browsers.
Enabling transport guarantees
If you want an application to only be accessed securely? Java EE defines a mechanism called a transport guarantee
that allows you to specify this.
The transport guarantee is defined in the security-constraint
element in your application’s standard web deployment descriptor, WEB-INF/web.xml.
If a transport guarantee is enabled and a user tries to access your application through an insecure connector, the connector forwards the request to the port specified by the redirectPort
attribute
The transport guarantee itself is defined in the security-constraint block in
your application’s WEB-INF/web.xml file, as follows:
<security-constraint>
…
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
The value of the transport-guarantee
element can be one of three options: CONFIDENTIAL,
INTEGRAL, and NONE.
A setting of CONFIDENTIAL
specifies that the application requires that data be transmitted to prevent other entities from observing the contents of the transmission.
A setting of INTEGRAL
means that the data sent between a client and the server can’t be changed in transit. As far as JBoss Web Server is concerned, if the transport guarantee is set to CONFIDENTIAL
or INTEGRAL, insecure requests for the URLs defined in the security-constraint block get redirected to the secure connector (using SSL).
Setting the transport guarantee to NONE
is the equivalent of not setting the transport guarantee at all.
