Web service over SSL in Grails-cxf?

0
votes

I need to serve a specific CXF web service over HTTPS (I have several others that need to work over plain HTTP). In SecurityConfig.groovy, I set:

httpsPort = 8443

and tried both of 

secureChannelDefinitionSource = '''
   CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
   PATTERN_TYPE_APACHE_ANT
   /services/doodah/**=REQUIRES_SECURE_CHANNEL
   /**=REQUIRES_INSECURE_CHANNEL
'''

and

channelConfig = [ secure: ['/services/productid/**'], insecure: '/' ]

The service stops responding to http protocol at 8080, but doesn't appear to be on https:8443 - at least, telnet connection to 8443 fails.

If I run the app with grails run-app -https, all the application works over https.

To separate http from https services, I'll probably need to do this: "Automatic http/httpS switching with Grails", but for now I'd like at least to get different services running on two different ports.

  1. What steps should I follow to have one service working over HTTPS only?

  2. Looks like there is something else SSL need to work in war, like in this quesion: SSL, Tomcat and Grails?

My environment is: Grails 1.3.5, acegi-security 0.5.3 (I know it's outdated), Tomcat 6.

1
tomcatgrailshttpscxfspring-security
Hmm, maybe it's not gonna work with grails run-app at all. It looks in TomcatServer.groovy in tomcat plugin that HTTP and HTTPS startup modes are mutually exclusive. It might work differently way if deployed to a full-blown Tomcat, though, if I add SSL Connector to server.xml. - Victor Sergienko

1 Answers

0
votes

Please correct me if I'm wrong.

Both options in SecurityConfig.groovy do work.

In a standalone Tomcat, there's no way to programmatically enable SSL Connector, one has to enable it in global server configuration (server.xml): SSL, Tomcat and Grails.

For run-app, I added scripts/_Events.groovy with a eventConfigureTomcat hook and copied a piece of TomcatServer.groovy in Tomcat plugin:

eventConfigureTomcat = { Tomcat tomcat ->
    keystore = "./some-keystore"
    keystoreFile = new File(keystore)
    keyPassword = "123456"
    System.setProperty('org.mortbay.xml.XmlParser.NotValidating', 'true')

    if (!(keystoreFile.exists())) {
        createSSLCertificate(keystore, keyPassword, keystoreFile)
    }

    def httpsPort = 8443 // TODO: Take from SecurityConfig.groovy

    Connector sslConnector = loadInstance(
        tomcat, 'org.apache.catalina.connector.Connector')
    sslConnector.scheme = "https"
    sslConnector.secure = true
    sslConnector.port = httpsPort
    sslConnector.setProperty("SSLEnabled", "true")
    sslConnector.setAttribute("keystore", keystore)
    sslConnector.setAttribute("keystorePass", keyPassword)
    sslConnector.URIEncoding = 'UTF-8'
    tomcat.service.addConnector sslConnector
}

I don't have to do protocol switch trick, Grails correctly redirects between http and https for me.