0

I am trying to implement HTTPS communication between two apps and I am not entirely sure what exactly I need to do as I find several different tutorials articles and they are not consistent, also none of them provides the complete solution. What I know so far is that I need to:

1.Generate the keystore with following command

keytool -genkey -alias tomcat -keyalg RSA -keystore NAME_OF_KEYSTORE -validity NUMBER_OF_DAYS

(This will create a self-signed certificate)

2.Configure JBoss (JBoss AS 7) xml files (I am not sure which ones and what exactly I need to specify)

3.Configure Spring Security:

-add a Spring Security application context file to the contextConfigLocation context-param:

<context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>/WEB-INF/spring/root-context.xml
           /WEB-INF/spring/appServlet/application-security.xml           
          </param-value>
</context-param>

-add the Spring Security filter and filter-mapping:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

-modify application-security.so it contains:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

       <http auto-config='true' >
          <intercept-url pattern="/**" requires-channel="https" />    
       </http>

       <authentication-manager>
       </authentication-manager>

</beans:beans>

Now if the internet doesn't lie to me it seems like that would be all I need to have it working on the server side, however I need a bit of advice on step 2. What JBoss configuration files need to be configured and how?

I have other concerns as well but I need to have this working first. I appreciate any attempt of help.

Lucas
  • 3,181
  • 4
  • 26
  • 45
  • [Crosspost](http://crypto.stackexchange.com/questions/15002/implementing-ssl-on-jboss-app-using-spring-security) from crypto.SE. – Jeroen Vannevel Mar 14 '14 at 15:46
  • Yes I reposted it to get help a bit faster, as SO seems to be more relevant place for this sort of questions – Lucas Mar 14 '14 at 15:49
  • This depends on your JBoss version. There is a major difference between the configuration of versions up to 6 and JBoss 7. – Steven Pessall Mar 14 '14 at 15:53
  • It's JBoss AS 7. I'll edit the question. – Lucas Mar 14 '14 at 15:53
  • I've personally only activated SSL on older versions, but here is a similar question: http://stackoverflow.com/questions/8081381/setting-up-ssl-in-jboss-as-7 – Steven Pessall Mar 14 '14 at 16:05

0 Answers0