Securing XMCCat

From D2I Wiki
Jump to: navigation, search

Creating a CSR: Please refer to the following link in order to create a CSR and to obtain a certificate --

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Installing_a_Certificate_from_a_Certificate_Authority

Installing the certificate

Please refer to the following link in order to install the certificate --

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Installing_a_Certificate_from_a_Certificate_Authority


SERVER SIDE CONFIGURATION

Step 1: Make the following changes within the server side TOMCAT_HOME at apache-tomcat/conf/server.xml.

a.) Comment out the non-ssl connection.

b.) Define a SSL HTTP/1.1 connector on a port of your choice.

For Example (Current XMCCat)

  <Connector port="8221" maxHttpHeaderSize="8192"
   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
   enableLookups="false" disableUploadTimeout="true"
   acceptCount="100" scheme="https" secure="true"
   clientAuth="false" sslProtocol="TLS"           
   keystoreFile="/home/xmccat/xmccat_certs/bitternut_cs_indiana_edu_cert.p12"
              keystorePass="xmccat" keystoreType="PKCS12"
              keyAlias="tomcat"/>


Step 2: Deploying Apache axis2 - 1.5.4 and Apache rampart - 1.5.1 module:

a.) Download the Apache Axis2 war distribution and copy axis2.war into the "webapps" directory of Apache Tomcat. Restart the Apache Tomcat and you will see that the axis2 folder appears.

b.) Download Apache Rampart standard binary distribution.

Rampart distribution contains two module files, rampart-1.3 and rahas-1.3.mar. These module files should be copied to the "modules" directory of axis2, which can be found in TOMCAT_HOME/webapps/axis2/WEB-INF/modules.

All the dependency jars needed for Apache Rampart can be found under the libs directory of the Rampart distribution. These have to be copied to the "lib" directory of Axis2, which can found under TOMCAT_HOME/webapps/axis2/WEB-INF/lib.

c.) After deploying both these rampart modules and also getting the dependent jars the tomcat must be restarted to check whether Apache Rampart was successfully deployed.

Note: TOMCAT_HOME is the home directory of the Apache Tomcat server in which axis2.war was deployed.


Go to “https://<server name:port number>/axis2/”. Once you reach the axis2 home page, log in to axis2 as “admin” with the password “axis2” and use 'system components/available modules' option in admin web console. Both "rampart" and "rahas" should be listed under available modules, if both of these were successfully deployed.


Security modules are successfully engaged.


Step 3: Comment the below lines in TOMCAT_HOME/webapps/axis2/WEB-INF/conf/ axis2.xml

   <transportReceiver name="http" class="org.apache.axis2.transport.http.AxisServletListener"/>

And add the below lines:

   <transportReceiver name="http" class="org.apache.axis2.transport.http.AxisServletListener">
   <parameter name="port">8220</parameter>
   </transportReceiver>
   <transportReceiver name="https" class="org.apache.axis2.transport.http.AxisServletListener">
   <parameter name="port">8221</parameter>
   </transportReceiver>


Step 4: Constructing the security policy

a.) Engage the addressing and rampart modules in the services.xml. This can be done by uncommenting the modules

     <module ref="rampart"/>
     <module ref="addressing" />

Server is correctly setup.


CLIENT SIDE CONFIGURATION

Step 1: Within the client side TOMCAT_HOME make the following changes inside apache-tomcat/conf/server.xml.

a.) Comment out the non-ssl connection.

b.) Define a SSL HTTP/1.1 connector on a port of your choice.

     For example (current xmccat-browser)
     <Connector port="8850" protocol="HTTP/1.1" maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
          keystoreFile="/home/binabhas/keys/bitternut.cs.indiana.edu.jks" keystorePass="xmccatbrowser"
          clientAuth="false" sslProtocol="TLS"/>


Step 2: Create Client Repository

Use the client-repo tar that is provided with the package. Untar the client-repo anywhere within your home directory.


Step 3: Modify the client configurations:

a) Add the rampart/lib to client lib folder.

b) Uncomment the below snippets in the faces-config.

<under the workspace managed-bean>

    <managed-property>
     <property-name>securityConfig</property-name>
     <value>”mention path to the client-repo directory”</value>
   </managed-property>

<under the WorkspaceQuery managed-bean>

    <managed-property>
     <property-name>securityConfig</property-name>
     <value>#{Workspace.securityConfig}</value>
   </managed-property>

If you are setting up Xmccat-Browser, modify the catalogUrl Managed-property in the faces-config.xml file to point to the new secure service URL. e.g: https://bitternut.cs.indiana.edu:8221/axis2/services/CatalogService.

The Client is now ready.

Personal tools