Securing JAX-RS 2.0 client by using SSL

You can secure the communications between your Java™ API for RESTful Web Services (JAX-RS) application and clients that call the application by using Secure Sockets Layer (SSL) transport layer security.

Before you begin

This task assumes that you completed the following steps:
  • You defined a cell profile to an application server or to an application server that is federated to a network deployment manager. Read about creating cell profiles to learn how to create cell profiles that contain a federated application server node and a deployment manager.
  • You installed your JAX-RS 2.0 application onto the application server.

About this task

JAX-RS 2.0 client programs can take advantage of transport security that uses SSL to protect requests and responses from JAX-RS 2.0 resources.

If you configured your JAX-RS 2.0 application to use an SSL channel for transport level security, the JAX-RS 2.0 client might use the SSL connection to call the REST resources. For example, if your JAX-RS 2.0 application is configured to use basic authentication, use SSL for the user credentials to be transported over secure connections.

To illustrate this scenario, assume that you have one application server in your cell, and that you deployed JAX-RS 2.0 resources on this server. The JAX-RS 2.0 resources on this server require the use of SSL. You can use the client for JAX-RS 2.0 to call one of these secure resources that requires the use of SSL. JAX-RS 2.0 client is a higher-level API than HttpURLConnection as well as integration with JAX-RS providers, and it is provided by this product.

Important: If you call JAX-RS 2.0 resources from within an application that is running in a WebSphere® Application Server environment. For example, when you are making a downstream call, no additional configuration for SSL is necessary. You do not need to configure SSL connections for this resource because the application server SSL runtime and configuration is used.

Proceed with the following steps to configure SSL with the client for JAX-RS.

Procedure

  1. Configure the SSL properties in the WebSphere Application Server 傳統版 administrative console. For more information, see Creating a Secure Sockets Layer configuration.
  2. Enable security for your JAX-RS application and configure your application to use an SSL channel for transport when it calls the REST resources.

    At application development or deployment time, edit the web.xml file to add a security constraint that requires use of SSL for your resources. See the securing JAX-RS applications within the web container information for more details on enabling SSL for your application.

    The following element within the security-constraint element specifies to enforce SSL for your application:
    <user-data-constraint id="UserDataConstraint_1">
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
  3. To enable client SSL when you develop your client application, add a client property in your client application code.

    Set the client property key to com.ibm.ws.jaxrs.client.ssl.config and its value to true. See the following code snippet as reference:

    ClientBuilder cb = ClientBuilder.newBuilder();
    cb.property("com.ibm.ws.jaxrs.client.ssl.config", "NodeDefaultSSLSettings");
    Tip: The property value equals to the server SSL alias that you set. For more information, go to Application servers->server n, where n is the number that you assigned to the application server.->Web container transport chains->WCInboundDefaultSecure->SSL inbound channel (SSL_2) to check it under the SSL configuration field.
  4. Deploy your client application to WebSphere Application Server 傳統版 by using the administrative console.
  5. Start the client application in the WebSphere Application Server 傳統版 administrative console. To start your application, go to Applications->Application types->WebSphere enterprise applications->Start.

Results

You define a secure connection between the client and the target server that uses SSL to enable integrity and confidentiality of the communication between the JAX-RS application and your client.


指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:18
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twbs_jaxrs_impl_securejaxrs2
檔名:twbs_jaxrs_impl_securejaxrs2.0_clientssl.html