Reputation: 13485
Web service over SSL in Grails-cxf?
I need to serve a specific CXF web service over HTTPS (I have several others that need to work over plain HTTP). In SecurityConfig.groovy, I set:
httpsPort = 8443
and tried both of
secureChannelDefinitionSource = '''
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/services/doodah/**=REQUIRES_SECURE_CHANNEL
/**=REQUIRES_INSECURE_CHANNEL
'''
and
channelConfig = [ secure: ['/services/productid/**'], insecure: '/' ]
The service stops responding to http protocol at 8080, but doesn't appear to be on https:8443 - at least, telnet connection to 8443 fails.
If I run the app with grails run-app -https, all the application works over https.
To separate http from https services, I'll probably need to do this: "Automatic http/httpS switching with Grails", but for now I'd like at least to get different services running on two different ports.
What steps should I follow to have one service working over HTTPS only?
Looks like there is something else SSL need to work in war, like in this quesion: SSL, Tomcat and Grails?
My environment is: Grails 1.3.5, acegi-security 0.5.3 (I know it's outdated), Tomcat 6.
Upvotes: 0
Views: 803
Answers (1)
Reputation: 13485
Please correct me if I'm wrong.
Both options in SecurityConfig.groovy do work.
In a standalone Tomcat, there's no way to programmatically enable SSL Connector, one has to enable it in global server configuration (server.xml): SSL, Tomcat and Grails.
For run-app, I added scripts/_Events.groovy with a eventConfigureTomcat hook and copied a piece of TomcatServer.groovy in Tomcat plugin:
eventConfigureTomcat = { Tomcat tomcat ->
keystore = "./some-keystore"
keystoreFile = new File(keystore)
keyPassword = "123456"
System.setProperty('org.mortbay.xml.XmlParser.NotValidating', 'true')
if (!(keystoreFile.exists())) {
createSSLCertificate(keystore, keyPassword, keystoreFile)
}
def httpsPort = 8443 // TODO: Take from SecurityConfig.groovy
Connector sslConnector = loadInstance(
tomcat, 'org.apache.catalina.connector.Connector')
sslConnector.scheme = "https"
sslConnector.secure = true
sslConnector.port = httpsPort
sslConnector.setProperty("SSLEnabled", "true")
sslConnector.setAttribute("keystore", keystore)
sslConnector.setAttribute("keystorePass", keyPassword)
sslConnector.URIEncoding = 'UTF-8'
tomcat.service.addConnector sslConnector
}
I don't have to do protocol switch trick, Grails correctly redirects between http and https for me.
Upvotes: 0
Related Questions
- How to enable TLS/SSL in java, Spring / CXF for Web Service?
- Grails - SSL and Spring security core
- Two-way (mutual) SSL authentication with the Apache CXF client plugin for grails
- SSL, Tomcat and Grails
- How to access the webservice in grails through secure layer
- GRAILS - web service client using client certificate
- Deploying a Grails web app that requires HTTPS on Cloud Foundry
- Tomcat behind Apache and SSL
- Grails application behind https
- how to force https