Saturday, September 15, 2012

Secure JAX-WS with Apache CXF (Some links)

Some useful links for my reference, related to securing JAX-WS services when using Apache CXF:


Some background:

If you want to create a JAX-WS web service as standalone Java program (i.e., one that starts with a main(String..) method), there are two approaches:


1. If you can deploy your application on the Sun JVM, you can probably easily use Sun's HTTP server that comes bundled with it.
Something on the lines of:
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load..
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance..
keyManagerFactory.init..
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init..
HttpsServer httpsServer = HttpsServer.create..
httpsServer.setHttpsConfigurator.. (pass the sslContext here)
HttpContext httpContext = httpsServer.createContext..
httpContext.setAuthenticator.. (for example, a BasicAuthenticator)
httpsServer.start();
Endpoint e = Endpoint.create(impl)
and e.publish(httpContext)


2. Instead, if you want you application to be portable and be able to run on any JVM, one way is to use an alternate JAX-WS implementation, such as Apache CXF.
Doing this would mean the following:
- Download the CXF distribution and add a large number of JARs that it needs to the classpath.
- If SSL and authentication is not needed, a simple one-liner is all that's needed:
http://cxf.apache.org/docs/a-simple-jax-ws-service.html#AsimpleJAX-WSservice-Publishingyourservice

- If SSL is needed, refer to the wsdl_first_https sample in the CXF distrbution, and set up a Spring configuration file to enable SSL on the embedded Jetty that CXF internally uses:
http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https
http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/resources/ServerConfig.xml
And make your Java program use that Spring configuration:
http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java

-If basic authentication is desired, add a Jetty handler to that Spring configuration file,
 <httpj:handlers>
        <beans:bean class="org.example.MyLoginHandler">
 </beans:bean></httpj:handlers>
where the handler MyLoginHandler extends ConstraintSecurityHandler, and in its constructor, initializes itself.
Some links on initializing a SecurityHandler:
http://wiki.eclipse.org/RAP/FAQ#How_can_I_use_Jetty_basic_authentication_in_my_application.3F
http://stackoverflow.com/questions/8056851/basic-authentication-with-embedded-jetty-7-server-and-no-web-xml-file

Miscellaneous references:
http://cxf.apache.org/docs/jetty-configuration.html
http://stackoverflow.com/questions/12423862/using-j2se-endpoint-with-embedded-tomcat

Monday, September 3, 2012

Five months of Linux

Back in April earlier this year, I made a decision to switch over from Windows to Linux. And now it's September - probably a good time to write about it.

It was my work Laptop that I decided to migrate to Linux. I use it all day at office for my regular job, and in that sense, it was probably a pretty risky decision.

Nevertheless, IBM, where I work, has good IT support for employees wanting to switch over to Linux. I got a custom Linux distro DVD from them (based on Red Hat), with a good lot of IBM software pre-installed. The installation went pretty smoothly, and I was up and running in a few hours.  


Do I miss Windows? Sometimes yes.

But only occasionally.

1. Look and feel

The Windows look and feel is certainly addictive - for someone who has used Windows for years together, it's natural to feel a bit uncomfortable in Linux - and I had anticipated this. Five months down the road, I feel quite happy with the Linux (GNOME) look and feel now.

2. Power management

Windows does a few other things better too - and the one that I realized a little late is its good power management capability. There's a little feature that goes by the name of "switchable graphics" that I got into trouble with when I moved over to Linux.

Basically if your motherboard has an in-built graphics controller and you also have a more feature-rich, but power-hungry discrete graphics controller attached, Windows makes a choice for your as to which one of these graphics controllers to use. If you're watching a movie or playing a game, probably you'd need the discrete controller, and for normal use, the in-built one is good enough.

My Linux, however, just kept using the discrete one all the time - draining out power quickly and heating up like a stove within a few hours of use. The fan control wasn't good either and I was very worried about it in the first few days of my Linux use. Thankfully, there was a way out in the BIOS setting of the motherboard that I could use to turn off the discrete controller altogether, and I sailed out of the problem.

3. Support for hardware devices

More generally, Windows seems to have better support for hardware devices.
  - My home printer, a Canon PIXMA, wouldn't work in Linux (there's no driver)
  - My phone, a Nokia, can't be connected to Linux (there's no PC suite for Linux)

With Linux, I always need to be ready for trouble every time I attach any hardware - be it a modem, or an internet data card, a camera or whatever. But for me, hardware support is not a very big deal. This is my work PC - I don't "need" to attach any phone, camera or portable printer to it per-se, I just "want" to, at times, and I can adjust to not being able to do so.

And why won't I switch back to Windows?

Well, to be honest, inertia is certainly one of the factors - I don't want to do all the backup/install/restore/get-accustomed-to business all over again. But that's neither the only factor nor the strongest one.

The way I instinctively feel that Windows looks good, and the way I feel that it works with any hardware I might plug in, I "feel" certain things about Linux too. I feel that my Linux is rock solid - I feel that it won't crash. I feel that Linux gives me the power to make my computer work for me.

Windows makes me feel that my computer is a friend of mine. Linux makes me feel that I'm the boss commanding my computer to do what I want.


Now to the details:

  •  I have SELinux enabled.I have full disk encryption LUKS, as well as an Antivirus suite.

  • I really adore ssh, scp, sftp, gzip, split and other wonderful utilities now. They are far better, faster, and natively integrated here in Linux than PuTTY and other clones that I had to use back there in Windows.

  • Software installation and upgrades are a breeze. I found almost anything I needed in the GNOME package manager - from Octave (for data analysis) to Calibre (e-book reader), KColorPaint (much better than the Windows Paint) and many more.

  • When building from source, it's almost impossible in Windows - I'd need to struggle with Cygwin and stuff like that. It's a trivial affair now in Linux.

  • And I've really got used to the little widgets on my desktop panels - GNote, the GNOME Calc, the system monitor and so on.

  • IBM software too work well and feel pretty robust in Linux (I have many of them installed to do my job - Rational Software Architect, WebSphere App Server, DB2, Lotus Symphony, Notes, Sametime, and others).

  • I never need to worry about stuff like disk de-fragmentation, long file names, or accidentally deleting something in C:\Windows - (only on a handful of times have I had to switch over to root). Backups are easy too. I just tell Deja Dup to backup up my home folder and I can be sure there's nothing else scattered around all over the place.

And to conclude, at least for now..

Do I like Linux? Well, not the way I'd adore a beautiful sky with a bright sun and a rainbow on the other side. But I do like Linux the way I'd like the cockpit of a supersonic aircraft at thousand miles above the ground, with me inside.