0

I've created a web service using this example:

http://www.albeesonline.com/blog/2008/07/27/creating-a-webservice-using-rad-7/

When I call the web service to get the WSDL, I use a URL like this:

http://acme.com/storefront/services/InventoryInquiry?wsdl

And WebSphere responds with a WSDL page with a URL like this:

http://acme.com:9082/storefront/services/InventoryInquiry/wsdl/InventoryInquiry.wsdl

What I'd like is for WebSphere to respond using SSL and port 443, and not the WebSphere default host port.

I tried modifying the "Provide HTTP endpoint URL information" page in WebSphere console for the application to use "https://acme.com:443" for the "HTTP URL prefix", but WebSphere doesn't use this, even after restarting WebSphere.

How do I configure WebSphere so that it doesn't use its default ports when responding to web service requests?

I'm using WebSphere 6.1.

Some background information:

The service is included in a J2EE application that uses Struts for its design pattern. The struts-config.xml is configured to serve the app on ports 80 and 443. The WAS server where the app runs is fronted by an Apache web server, which is redirecting requests to the app via a load balancer.

The AWS load balander config is directing requests among four separate WAS servers, each serving a copy of the application. Each WAS server is configured to deliver a unique server ID string back to the user. AWS uses this string to determine which WAS server will handle subsequent requests made by the user. This all works fine for the parts of the J2EE app that are handled by Struts, but the web service exists outside of that context. This seems to be why the web service responds using the WAS default secure port, and not the port defined in Struts.

I can't change the WAS default secure port to 443, because I can't have two instances of WAS on the same server both listening to port 443.

Michael Sobczak
  • 1,045
  • 1
  • 24
  • 45

1 Answers1

1

In general you have two choices:
1. You can install IBM Http Server (IHS) and WebSphere Plugin to route requests to WebSphere. IHS uses by default 80 and 443 ports.
2. Change default SSL port in WebSphere - In Server > Ports change the WC_defaulthost_secure from 944x to 443.

There is second issue in your question - do you want to protect using SSL whole service or just WSDL?
To configure it you will either need to define security constraints to protect selected URIs or configure HTTP server to only allow SSL access to the service.

UPDATE
If you have Apache Web server in front, then install and configure WebSphere Plugin (if you currently use mod_proxy or something else). WebSphere Plugin is available for Apache and will do dispatching and load balancing across multiple WAS instances (if they are clustered then you can generate plugin automatically from Deployment Manager, if you have many standalone instances - you will need to merge plugin, there is a tool for that).
It doesn't matter that your app is using Struts, your wsdl can still be served via Http server and plugin.
For redirection to HTTPS you need to solve that issue from your other post - security-constraint in web.xml is not enforced as I assume it is the same environment.

Community
  • 1
  • 1
Gas
  • 17,601
  • 4
  • 46
  • 93
  • I added some additional information to my post about the application's architecture. I already have Apache Web Server in place to handle requests on ports 80 and 443. The application containing the web service uses Struts to serve pages on ports 80 and 443, but the web service urls are not included because they do not use Struts. Also, since I'm load balancing the application across multiple WAS instances on the same server, I can't change the default secure port for WAS to 443. Maybe I need to do something with the Apache Web Server config, or the web.xml for the application itself? – Michael Sobczak Sep 17 '14 at 12:59
  • "you will need to merge plugin, there is a tool for that" What tool are you referring to? – Michael Sobczak Sep 17 '14 at 16:59
  • Actually, the "security-constraint in web.xml is not enforced" post is for a separate web app being run on the same server. – Michael Sobczak Sep 17 '14 at 16:59
  • @MichaelSobczak 6.1 is too old, there is no tool for that version, sorry. But here you have manual procedure for 6.1 - http://www-01.ibm.com/support/docview.wss?uid=swg21139573 – Gas Sep 17 '14 at 18:42
  • I think load balancing via the WebSphere plugin only works if the servers are clustered: http://www-01.ibm.com/support/docview.wss?uid=swg21219567 Is that correct? – Michael Sobczak Sep 18 '14 at 16:25
  • @MichaelSobczak That link is not relevant. You can load balance non clusterd servers - see here - http://www-01.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/twsv_configsimplelb.html?lang=en – Gas Sep 18 '14 at 17:29
  • Are you sure that procedure applies to WebSphere 6.1? – Michael Sobczak Sep 19 '14 at 13:45
  • 1
    @MichaelSobczak Yes, I'm sure. But if you don't believe me, here is the link for v6.1, which you could easily find by yourself - http://www-01.ibm.com/support/knowledgecenter/SSAW57_6.1.0/com.ibm.websphere.base.doc/info/aes/ae/twsv_configsimplelb.html – Gas Sep 19 '14 at 14:11
  • OK, looks like I have some work to do. I'll see if I can get the TEST environment to work this way. Thanks for your help! Enjoy your bounty points! Also, I may update this post with more questions when I look into this next week. – Michael Sobczak Sep 19 '14 at 15:28
  • @MichaelSobczak Thanks. Ping, if you stuck somewhere. Good luck! – Gas Sep 19 '14 at 15:30
  • I've installed the WebSphere plugin for Apache Web Server. Now, the web service is responding on port 80 and port 443, and not internal WebSphere ports. Is it possible to restrict access to the web service to be only port 443? – Michael Sobczak Sep 29 '14 at 16:09
  • 1
    @MichaelSobczak If you don't need 80 port the easiest is to disable 80 port in Apache, otherwise you may redirect using Apache (https://wiki.apache.org/httpd/RedirectSSL) or on WAS (using security-constraint -> CONFIDENTIAL as you did in your other post). – Gas Sep 29 '14 at 16:28
  • I'm having issues trying to get the merged Plugin-cfg.xml file to serve requests to more than just one WebSphere server instance. Should I post the Plugin-cfg.xml file contents here, or ask a new question? – Michael Sobczak Sep 30 '14 at 00:12
  • @MichaelSobczak Ask new one, and put contents of all three. – Gas Sep 30 '14 at 05:55
  • plugin-cfg.xml, httpd.conf and what else? – Michael Sobczak Sep 30 '14 at 10:55
  • @MichaelSobczak Just two plugin-cfg.xml that you want to merge, the resulting one and some description what issues you have. – Gas Sep 30 '14 at 11:21
  • Done. New question posted here: http://stackoverflow.com/questions/26122809/websphere-issue-merging-plugin-cfg-xml-for-load-balancing Thanks! – Michael Sobczak Sep 30 '14 at 14:02