I dont believe you can secure REST calls as you would need to pass along the security credentials (key/username/password) which REST clearly does not support..on the other hand you can eaily secure your webservice using SOAP 1.2 Request and Response as seen here
<!-- domain.xml -->
<security-service>
<!--Admin functions (optional) -->
<!--
http://docs.oracle.com/cd/E19830-01/819-4712/ablpj/index.html -->
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"></property>
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<!--File based Authentication (optional) -->
<!--
https://netbeans.org/kb/docs/javaee/ecommerce/security.html -->
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
<property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"></property>
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<!--you will definitely need to secure your Realm with certificate.. so be sure to include the following lines in -->
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
<!--if you have JACC Provider pre-configured then you will need to identify the JACC Provider to Glassfish here -->
<!--
http://docs.oracle.com/cd/E18930_01/html/821-2433/create-jacc-provider-1.html -->
<!-- this JACC Provider supports ReadLock and WriteLock so lets use this provider -->
<!--
http://grepcode.com/file/repo1.maven.org/maven2/org.glassfish.security/security/3.1.1/com/sun/enterprise/security/provider/PolicyConfigurationFactoryImpl.java#PolicyConfigurationFactoryImpl.getContextDirectoryName%28java.lang.String%29
-->
<jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
<!-- granted.policy would go here -->
<!--
http://docs.oracle.com/cd/E19798-01/821-1752/beabz/index.html -->
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<!-- SimplePolicyProvider does NOT support ReadLocks and WriteLocks so lets beg off this -->
<!-- jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider -->
<!-- here is the SOAP part -->
<message-security-config auth-layer="SOAP">
<provider-config provider-type="client" provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule">
<request-policy auth-source="content"></request-policy>
<response-policy auth-source="content"></response-policy>
<property name="encryption.key.alias" value="s1as"></property>
<property name="signature.key.alias" value="s1as"></property>
<property name="dynamic.username.password" value="false">If true, signals the provider runtime to collect the user name and password from the CallbackHandler for each request. If false, the user name and password for wsse:UsernameToken(s) is collected once, during module initialization. This property is only applicable for a ClientAuthModule</property>
<property name="debug" value="false"></property>
</provider-config>
<provider-config provider-type="client" provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule">
<request-policy auth-source="content"></request-policy>
<response-policy auth-source="content"></response-policy>
<property name="encryption.key.alias" value="s1as"></property>
<property name="signature.key.alias" value="s1as"></property>
<property name="dynamic.username.password" value="false"></property>
<property name="debug" value="false"></property>
<property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"></property>
</provider-config>
so the username/password passed into the SOAPRequest would look something like:
<?xml version="1.0" encoding="iso-8859-1"?>
<soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="
http://schemas.xmlsoap.org/ws/2003/06/secext">
<wsse:UsernameToken wsu:Id="sample"
xmlns:wsu="
http://schemas.xmlsoap.org/ws/2003/06/utility">
<wsse:Username>sample</wsse:Username>
<wsse:Password Type="wsse:PasswordText">oracle</wsse:Password>
<wsu:Created>2004-05-19T08:44:51Z</wsu:Created>
</wsse:UsernameToken>
http://docs.oracle.com/cd/E24191_01/common/tutorials/authn_ws_user.html
where the contents of the supplied key most notably the password must agree with the password you supply to SOAP Header Request
For testing I would strongly recommend using SOAPUI to test out your keys and WS-Security configuration
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html#2-keystores-and-truststores
Entiendes?
Martin
______________________________________________
Porfavor..no altere ni interrumpir esta communicacion..Gracias
_____ _ _____ _ _____ ___ _ _____ _ _ _
|_ _| |_ ___ | _ |___ ___ ___| |_ ___ | __|___| _| |_ _ _ _ ___ ___ ___ | __|___ _ _ ___ _| |___| |_|_|___ ___
| | | | -_| | | . | .'| _| | -_| |__ | . | _| _| | | | .'| _| -_| | __| . | | | | . | .'| _| | . | |
|_| |_|_|___| |__|__| _|__,|___|_|_|___| |_____|___|_| |_| |_____|__,|_| |___| |__| |___|___|_|_|___|__,|_| |_|___|_|_|
|_|
From: Andreas.Zindel_at_eads.net
To: users_at_glassfish.java.net
Date: Mon, 19 May 2014 15:04:39 +0000
Subject: [gf-users] javax.servlet.ServletException: org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default SSL context
I’m using the Apache Jena API in a Jersey web service. The Jena API uses the HTTPClient API. When I call specific Jena functions I get an:
javax.servlet.ServletException: org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default SSL context
The Jersey web service runs on a Glassfish V4 Application Server locally for testing. I don’t know much about SSL so my research hasn’t got me anywhere near a solution. I already tried to create a new certificate and attach it onto the corresponding http listener bot nothing changed. I also tried to run the web service on a fresh Glassfish4 installation with the same results. Maybe a member of the mailing list get give me a hint in the right direction. I wrote a small example web service that gives me the same error message:
@Path("/test/client/")
public class TestHttpClient {
@GET
@Path("http")
public Response testClient() {
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet("
http://www.verisign.com/");
try {
HttpResponse response = httpclient.execute(httpget);
System.out.println(response.getStatusLine());
}
catch (ClientProtocolException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
finally {
httpget.releaseConnection();
}
return Response.status(201).entity("service still running!").build();
}
}
This gives me the following error message:
2014-05-14T15:45:35.737+0200|Warning: StandardWrapperValve[Jersey Web Application]: Servlet.service() for servlet Jersey Web Application threw exception
java.security.KeyStoreException: problem accessing trust storejava.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:75)
at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:229)
at org.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:358)
at org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(SSLSocketFactory.java:175)
at org.apache.http.impl.conn.SchemeRegistryFactory.createDefault(SchemeRegistryFactory.java:49)
at org.apache.http.impl.client.AbstractHttpClient.createClientConnectionManager(AbstractHttpClient.java:306)
at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
at org.apache.http.impl.client.AbstractHttpClient.createHttpContext(AbstractHttpClient.java:286)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:851)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at com.airbus.group.iw.webservices.TestHttpClient.testClient(TestHttpClient.java:29)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:125)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:91)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:346)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:341)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:101)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:224)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:198)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:946)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:323)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:357)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:260)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:188)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:744)
Any help is appreciated.
Greetings