Friday, July 31, 2015

SSL Configurations for Apache2

SSL Configurations for Apache2

A SSL certificate is a way to encrypt a site's information and create a more secure connection. Additionally, the certificate can show the virtual private server's identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the server's details while a self-signed certificate has no 3rd party corroboration.

SSL support actually comes standard in the Ubuntu 14.04 Apache package. We simply need to enable it to take advantage of SSL on our system.
Enable SSL Module is enabled by command,sudo a2enmod ssl

After you have enabled SSL, you'll have to restart the web server for the change to be recognized:
sudo service apache2 restart

creating a subdirectory within Apache's configuration hierarchy to place the certificate files
sudo mkdir /etc/apache2/ssl

we have our certificate and key available, we can configure Apache to use these files in a virtual host file. You can learn more about how to set up Apache virtual hosts here.
Instead of configure 000-default.conf file,configure default-ssl.conf that contains default ssl configurations.Edit the file with following configurations.

SSLEngine on
SSLCertificateFile    /etc/apache2/sslDummy.crt
SSLCertificateKeyFile /etc/apache2/ssl/Dummy.key
SSLCACertificateFile /etc/apache2/ssl/DigiCertCA.crt

Now that we have configured our SSL-enabled virtual host, we need to enable it.
We can do this by typing:
sudo a2ensite default-ssl.conf
then need to restart Apache to load new virtual host file:
sudo service apache2 restart

Saturday, July 4, 2015

Configure Apache Rewrite Engine

Rewrite Engine is a software located in web application framework running on Apache sever.Users use this feature as a router.This modification is called URL Rewriting.
URL rewriting can be one of the best and quickest ways to improve the usability and search friendliness of your site.

In the begin lets take a example,you have a service page.Its URL is

http://www.spreads.com/service_value/getamount_of_next_index.jsp

but now we want to clean up this url to

http://www.spreads.com/service_value/getamount

we need to tell the server to internally redirect all requests for the URL "getamount" to "getamount_of_next_index.jsp"

To accomplish that we have to configure rewrite engine.By Default apache does not have rewrite engine on.We have to configure it to work. Lets see how to enable rewrite engine in ubuntu installation.I assume that you already have ubuntu and up and running Apache

 1. create .htaccess file in /var/www/ directory with your specific rewrite rule.


   
 2. Requred to enable mod_rewrite module.Use following command to enable.

  sudo a2enmod rewrite

The above Apache2 Enable Module command will add the correct line in the /etc/apache2/apache2.conf file. That is the only change you need to make with the apache2.conf file. Now it's time to make a change to the document root.  
There are some configuration changes with in apache versions.In older versions of Apache all virtual host directory directives were managed in the /etc/apache2/apache2.conf file.Now [Apache/2.4.7] This has changed. Now these alterations are handled within the /etc/apache2/sites-enabled/ directory.

3. Within that directory you will find, by default, a single file called 000-default.


First look in the <Directory /> section and change the line:
 AllowOverride None
 to
 AllowOverride All

Then look the  <Directory /var/www/> section.Do the same thing in here.Some times if there was not that kind of directory tag.Then you have to add following directory tag.

   <Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    allow from all
   </Directory> 

4.Once you have edited the file,then restart the apache2 server.

sudo service apache2 restart

If you want to recheck weather rewrite module is enable or not.Follow the command.
sudo a2enmod rewrite.
If it is already contains,it will appear Enabling module rewrite.

Now you can test your own codes.






Sunday, June 28, 2015

Secure Web service using ESB as Integration Layer

Secure Web service using ESB as Integration Layer


Security is a critical to  web services. Authentication and Authorization are key aspect to a any software system.Security is is even more important for web services because of

most of businesses expect to perform their transactions over the internet those transactions are occur from program to program rather than human consumtions(from human to program.)
more and more business functions are exposed as Web services, the sheer number of participants in a Web services environment will be larger than what we have seen in other environment.

In SOA environment many services are integrated to provide aggregated functionalities.Since those services should always authenticate and authorize the user.There are different level of access roles to the users.those data are stored as policy in a file.System needs to check aginst policy file when it gets user request for  different access functionality.This is authorization.
And also system should ensure the user identity before the authorization process.System need to ensure whether request comes from human or impersonal request.

In an SOA environment which most of the time is realized using web services, Username Token and HTTP basic authentication can be used to authenticate the users
WS-security provide different type of standards security techniques
1.user name token,
2.X509 signature based authentication.
3.kerborse token based authentication

In here I use easiest user name token method.
Now I am going to create secure proxy service to secure my OrderProcessing web service which is already deployed in axis2 server.

1. Add a new pass through proxy  and specify an endpoint of a running service there.To specify the target end point you have to use your axis service URI.
First start the axis2 server:
[axis2Home]/bin$ sh axis2server.sh
 
example:Orderprocessing service
http://localhost:8080/axis2/services/SampleOrderProcessService?wsdl
2. Then go to the  services list,now you can see OrderProcessingProxy  service displays as unsecured.
  




Click on the service which you want to secure.

 







Click "Security" in the "Quality of Service Configuration" panel.Then it will redirect to the place where user can enable username password security for the specific webservice.

3. Select usernametoken under the basic  scenarios

4. then select the user group who can access the service.

 











WSO2 ESB admin console will display the service as secured, and we can only invoke this service using https:// endpoint now.

5.Now we can test secured web service using client.I have used SOAP UI as a sample client.I created soap project using  OrderProcessingService wsdl.


 



while requesting the service client need to provide username and password.Since I have given admin as user group i used default  username:admin,password:admin to access my secured web service.

Friday, June 5, 2015

Create a simple web service with Axis2

Introduction of Axis2

Apache Axis2 is the next generation of the apache web services stack. Apache axis2 was born with experiences of past two generations of apache service stack,Apache SOAP and Axis1.x. Axis2 comes with lots of new features,enhancements and new industry specifications including AXIOM, Asynchronous Web services, MTOM, MEP support and archive based deployment architecture.
Axis2 is mainly a soap processing engine. its main task is to deliver incoming soap messages to target endpoints.

 AXIOM

One of the main goal of introducing axis2 is to provide better xml processing mechanism. Axis used DOM as xml processing mechanism. but there are some of drawbacks,because it needs to keep complete object hierarchy in memory. Therefore Axis2 introduce Axiom(Axis2 object model).All messages in axis2 are represented as object models. 

  • This sample demonstrate the complete process for the deploy web services through a axis2 server.


    1.Run the Axis2 soap engine

    first need to download Axis2 Standard binary distribution here .Distribution includes variety of *.jar 's and scripts that ease development.

    <Axis2_Home>/bin/ directory includes axis2server.sh (axis2server.bat) file that enable start the axis2 server engine.

    ~/Documents/axis2-1.6.2/bin$ sh axis2server.sh

    1.Axis2 Server started



       


    2.Create Order Processing web service

    This is my sample order processing web service. There are three methods

     i    addOrder- allow users to add orders- take argument, return values
  • ii. cancelOrder-allow users to cancel the order- only  argument, no return     values.

    iii. getOrders-allow users to retrieve back only all placed orders-take argument,return value.

    + create web service by using Eclips IDE. First of all create java project as SampleOrderProcessingService.

    + then add

        axiom-api-x.x.xx
        axiom-dom.x.x.xx
        axiom-impl.x.x.xx
        
     as external JAR s to the project. These JARs can be found in <AXIS2_HOME>/lib folder.

    2.jar files

    +add the following service class codes to your own service class

  •     This is my Model.java class

    complete Sample OrderprocessingService class can be download in following link.here

    + need to write service.xml file for deploy above service through Axis2 Server by specifing service operations.
    First create META-INF folder at the root level.Add the services.xml to in it.


    Now our sampleOrderProcessing Service has already deployed in the server.

    SampleOrderProcessing File can download from here:here
    That's all my blog post regarding creating axis2 web service.I expect to post  client program to invoke the above web service in my next post.