Skip to content
Skip to breadcrumbs
Skip to header menu
Skip to action menu
Skip to quick search
Quick Search
Browse
Pages
Blog
Labels
Attachments
Mail
Advanced
What’s New
Space Directory
Feed Builder
Keyboard Shortcuts
Confluence Gadgets
Log In
Sign Up
Dashboard
Groovy
Copy Page
You are not logged in. Any changes you make will be marked as
anonymous
. You may want to
Log In
if you already have an account. You can also
Sign Up
for a new account.
This page is being edited by
.
Paragraph
Paragraph
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Preformatted
Quote
Bold
Italic
Underline
More colours
Strikethrough
Subscript
Superscript
Monospace
Clear Formatting
Bullet list
Numbered list
Outdent
Indent
Align left
Align center
Align right
Link
Table
Insert
Insert Content
Image
Link
Attachment
Symbol
Emoticon
Wiki Markup
Horizontal rule
tinymce.confluence.insert_menu.macro_desc
Info
JIRA Issue
Status
Gallery
Tasklist
Table of Contents
Other Macros
Page Layout
No Layout
Two column (simple)
Two column (simple, left sidebar)
Two column (simple, right sidebar)
Three column (simple)
Two column
Two column (left sidebar)
Two column (right sidebar)
Three column
Three column (left and right sidebars)
Undo
Redo
Find/Replace
Keyboard Shortcuts Help
<p>Before adding WS-Security to your web services, you must make sure to have:</p> <ol> <li>Access to a certificate authority (CA) - either your own using OpenSSL for example or an external one like <a href="http://www.cacert.org">CACert </a></li> <li>Acess to keytool (usually through your Java SDK)</li> </ol> <h2>Securing a server</h2> <p>This is quite easy. You need first to create a keystore with a key pair. During that process you will be asked for passwords for protecting your keystore and private key. Let's choose 'groovyws' for <span style="text-decoration: underline;">both</span> of them. This can be done for example with:</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> keytool -genkey -keyalg RSA -dname "C=FR, O=GroovyWS Inc, OU=GroovyWS Test Centre, CN=Server" -alias server \ -keystore Server.jks </pre></td></tr></table> <p>Then you need to generate the Certificate Signing Request like this:</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> keytool -certreq -alias server -file ServerCertificateRequest.pem -keystore Server.jks </pre></td></tr></table> <p>You need to get the server certificate from your CA using the newly generated request. Let's assume you get back the file named ServerCertificate.pem. You need to include that certificate into your keystore. Ususaly this won't be possible unless your keystore contains the certificate of your CA. Let's add those two certificates:</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> keytool -import -alias TheCA -file TheCACert.pem -keystore Server.jks keytool -import -alias server -file ServerCertificate.pem -keystore Server.jks </pre></td></tr></table> <p>You are now ready to start your server:</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> Map<String, String> mapServer = [ "https.keystore":"path/to/Server.jks", "https.keystore.pass":"groovyws", "https.truststore":"", "https.truststore.pass":"" ] server = new WSServer(myServiceUrl) server.setSSL(mapServer) server.setClientAuthentication(false) server.start() </pre></td></tr></table> <p>In the above example, the client authentication is not required. If you turn the flag to true (or omit the line, it is true by default), the client must trust the server, you therefore have to provide a keystore containing the server certificate.</p> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> keytool -import -alias server -file ServerCertificate.pem -keystore TrustingTheServer.jks </pre></td></tr></table> <table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre> Map<String, String> mapClient = [ "https.keystore":"", "https.keystore.pass":"", "https.truststore":"path/to/TrustingTheServer.jks", "https.truststore.pass":"client" ] def proxy = new WSClient(myServiceUrl+"?wsdl", this.class.classLoader) proxy.setSSLProperties(mapClient) proxy.initialize() assert proxy.add(2.0 as double, 5.0 as double) == 7.0 assert proxy.square(4.0 as double) == 16.0 </pre></td></tr></table> <p>You may also setup more complex configurations where both the client & server need to trust each others ...</p>
Please type the word appearing in the picture.
Attachments
Labels
Location
Watch this page
< Edit
Preview >
Loading…
Save
Cancel
Next hint
search
attachments
weblink
advanced