原文 http://www.tuicool.com/articles/goto?id=JR3mmy
50th tip on this blog, yaay!
Tech Tip #49explained how to secure WebSockets using username/password and Servlet Security mechanisms. This Tech Tip will explain how to secure WebSockets using HTTPS/TLS on WildFly.
Lets get started!
-
Create a new keystore:
keytool -genkey -alias websocket -keyalg RSA -keystore websocket.keystore -validity 10950 Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Arun Gupta What is the name of your organizational unit? [Unknown]: JBoss Middleware What is the name of your organization? [Unknown]: Red Hat What is the name of your City or Locality? [Unknown]: San Jose What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=Arun Gupta, OU=JBoss Middleware, O=Red Hat, L=San Jose, ST=CA, C=US correct? [no]: yes Enter key password for <websocket> (RETURN if same as keystore password): Re-enter new password:
Used “websocket” as the convenience password.
- Download WildFly 8.1 , unzip, and copy “websocket.keystore” file in
standalone/configuration
directory. - Start WildFly as
./bin/standalone.sh
- Connect to it using jboss-cli as:
./bin/jboss-cli.sh -c
-
Add a new security realm as:
[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm:add() {"outcome" => "success"}
And configure it:
[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm/server-identity=ssl:add(keystore-path=websocket.keystore, keystore-relative-to=jboss.server.config.dir, keystore-password=websocket) { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } }
- Add a new HTTPS listener as:
[standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=WebSocketRealm) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} }
- A simple sample to show TLS-based security for WebSocket is available at github.com/javaee-samples/javaee7-samples/tree/master/websocket/endpoint-wss
. Clone the workspace and change directory to “websocket/endpoint-wss”. The sample’s deployment descriptor has:
<security-constraint> <web-resource-collection> <web-resource-name>Secure WebSocket</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
This ensures that any request coming to this application will be auto-directed to an HTTPS URL.
- Deploy the sample by giving the command:
mvn wildfly:deploy
Now accessing http://localhost:8080/endpoint-wss redirects to https://localhost:8080/endpoint-wss . The browsers may complain about self-signed certificate. For example, Chrome shows the following warning:
And Safari shows the following warning:
In either case, click on “Proceed to localhost” or “Continue” to proceed further. And then a secure WebSocket connection is established.
Another relevant point to understand is that a non-secure WebSocket connection cannot be made from an https-protected page. For example the following code in our sample:
new WebSocket("ws://localhost:8080/endpoint-wss/websocket");
will throw the following exception in Chrome Developer Tools:
[blocked] The page at 'https://localhost:8443/endpoint-wss/index.jsp' was loaded over HTTPS, but ran insecure content from 'ws://localhost:8080/endpoint-wss/websocket': this content should also be loaded over HTTPS. Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
Enjoy!
相关推荐
ML教程-由Dr.-Arun-Chauhan- 该存储库包含ML的所有教程代码
Java.EE.6.Pocket.Guide(2012.9)].Arun.Gupta.文字版
Bridging the gap between introductory vibration courses and the techniques used in actual practice, Vibration Simulation Using MATLAB and ANSYS builds the foundation that allows you to simulate your ...
Author: Arun Gupta, Geertjan Wielenga, John Brock Length: 176 pages Edition: 1 Language: English Publisher: McGraw-Hill Osborne Media Publication Date: 2014-03-25 ISBN-10: 0071823093 ISBN-13: ...
Added examples.0.9.2.1b- Fixed a bug when send a mail and the first line disappear (thanks to Arun)- Now, you could do MySMTP.MsgTo := ‘a@doma.com; b@domb.com;c@domc.com‘; the spaces before/after ...
CVE-2020-35682 SD-91948:CVE-2020-35682:在ServiceDesk Plus中进行SAML登录期间,身份验证绕过漏洞。 (如)。 如果目标ServiceDesk Plus(<...┌─[✗]─[felli0t@damnlab]─[~/POCs/CVE-2020-35682] └──╼
#FEWD 课程 - Arun Sood ##Week 2:布局 ###Day 2: ##第 3 周:高级布局 ###Day 2: ##第 4 周:编程简介 ###Day 2: ##第 5 周:JavaScript 继续 ###第一天: ###Day 2: ##第 6 周:回顾 ###Day 1: ###...
■■ Learn the fundamentals of Minecraft Forge and other tools, such as Eclipse ■■ Start out by building and testing a simple chat message mod ■■ Build cool mods that make things explode on ...
fab packages.go-install -H [user]@[host] 而且您的工作时间不到15秒。 假设您要在Macbook Pro上启动ssh隧道代理服务, 您需要做的就是运行 invoke patches.proxy 1 6666 [user]@[host] Wi-Fi --r
chetty-arun.github.io chettyarun.in 的投资组合
使用Gatsby CLI创建一个新站点,并指定此项目gatsby new project-name https://github.com/LekoArts/gatsby-starter-portfolio-cara 开始开发。 导航到新站点的目录并启动。 cd project-namegatsby develop 打开...
rcnn代码具有综合图像语言线索的短语定位和视觉关系检测 pl-clc包含我们的实现,它比最初的 arXiv 提交有几个实现改进。 如果您发现此代码对您的研究有用,请考虑引用: @inproceedings{plummerPLCLC2017, Author = ...
PS-XT编码分配 一个前端应用程序,它将...$ git https://github.com/arun-maddheshia/ps-xt-coding-assignment.git [your-project-name] $ cd [your-project-name] # set up `origin` $ git remote set-url origin [yo
Vue.js样板此样板建立在Vue CLI 3.0的顶部。 这提供了有助于编写灵活且模块化的大型Vue.js样板的体系结构。该样板建立在Vue CLI 3.0的顶部。 这提供了一种有助于使用Vue.js编写灵活的模块化大规模应用程序的体系结构...
Arun Teaches Python A Step by Step Guide to Programming in Python
'arun' >>>print(str(my_first_name) + 'mano121@outlook.com') 随意分叉并添加任何增强功能,并让我知道是否需要合并请求的合并请求。 如果您在研究中使用这项工作,请引用使用; @software{ArunManohar_20210322, ...
to Visible Face Images Using a Semantic-Guided Generative Adversarial Network}, author={Chen, Cunjian and Ross, Arun}, booktitle={IEEE International Conference on Automatic Face & Gesture Recognition}...
Learning how to write better Django code to build more maintainable websites either takes a lot of experience or familiarity with various design patterns. Filled with several idiomatic Django patterns...
* Example command to run: spark-submit --class "com.cloudwick.spark.loganalysis.HitsPerHour" --master local[4] target/scala-2.10/scala-2.10/myspark_2.10-1.0.jar /Users/arun/mylogpath/mock_apache...
作者:Arun Ravindran 出版日期:March 2015 特色:Easily build maintainable websites with powerful and relevant Django design patterns 级别:Mastering 页数:Paperback 222 pages 第三章预览 第三章 模型 本...