Igor's Blog
Programming, DIY, Games, Hacks, and Tech

I've written earlier about adding basic HTTP authentication to a web service. That example forced the user of the web service to authenticate using basic authentication before a request would be served, however the username and password in this case are prone to sniffing and can be retrieved with relative ease. This is easily addressed by setting up your deployment so that WebLogic forces the use of HTTPS/SSL URLs web making requests.

Making this change is almost trivial. Simply change the transport-guarantee element of your web.xml file. There are three possible values for this, NONE, INTEGRAL and CONFIDENTIAL. Both of the latter force SSL.

Here's more information from WebLogic documentation:
Specifies data security requirements for communications between the client and the server.

Range of values:

NONE—The application does not require any transport guarantees.

INTEGRAL—The application requires that the data be sent between the client and server in such a way that it cannot be changed in transit.

CONFIDENTIAL—The application requires that data be transmitted so as to prevent other entities from observing the contents of the transmission.

WebLogic Server establishes a Secure Sockets Layer (SSL) connection when the user is authenticated using the INTEGRAL or CONFIDENTIAL transport guarantee.


In my case, I change the web.xml to something like this:
 web.xml
...
<user-data-constraint>
<description>The application requires that the data be sent between the client and server in such a way that it cannot be changed in transit.</description>
<transport-guarantee>INTEGRAL</transport-guarantee>
</user-data-constraint>
...




Now even when using basic authentication, since SSL is used, the username and password will be encrypted. It is still possible to send a request to the non-SSL URL for the web service however. In this case, WebLogic will respond with the testing page instead of forwarding the request to the web service.
wlssectestpage.png


-i

comments powered by Disqus
Other posts you may like...

Recent Blog Posts

A hack to create an uber jar with the Maven Shade Plugin using local jar files

Is it worth it? Apple USB-C Digital Multi AV adapter vs a cheap eBay clone

Running X11 graphical applications after changing to another user using 'sudo su'

How to stop Facebook using ad images as post sharing thumbnails

Picking lists for Atari Lynx capacitor replacement kits

Performance - 2012 Retina MacBook Pro vs 2017 MacBook Pro

Look and feel - 2012 Retina MacBook Pro vs 2017 MacBook Pro

Using math to work out the diameter of hard to reach water cooling pipes

How to get the unreachable shard in the Hinterlands in DragonAge Inquisition

Measy RC12 wireless 2.4Ghz keyboard touchpad review

Recent Galleries

Monument Valley 2 is released and does not disappoint

Space Food - Chocolate Ice Cream with Chocolate Chips

Legeod Star Wars AT-DP kit

DIY spare parts computer build with a RAIDMAX Anura case

Fake 'Lepin' brand Lego packaging

Hardwood garden bench with clear resin void filler

Fixing a 3D printer extruder that stopped heating up

Easily increase disk space in a Lenovo Ideapad 100S 14" laptop with an M.2 SSD

Making a multi-piece 3D printed solder spool holder stand

DIY indoor apartment grow light wiring

My Other Web Sites

Igor and Elise's Travels
Riverside Expressway Cam
300 George St Blogumentary

My Online Tools

UUID to OID Converter
Guru JSON-RPC Tester
Extrudifier Object Designer
Travel µBlog

Blogs and Friends

Matt Moores Blog
Georgi's FlatPress Guide
Perplexing Permutations
The Security Sleuth
Ilia Rogatchevski
Travelling Fairy

Blog Activity

Blog Activity
Don't forget to
me for more great articles!
Don't show this again