Tuesday, September 27, 2011

InfoSphere DataStage and Web Service - Series 2


SSL Authentication
Security is a major concern in Web Services Implementation. In an unsecure environment SOAP messages are transferred in plain text over the network, so anyone with a sniffer could intercept the SOAP message and read it. In order to avoid such conditions the web service must be secured with SSL.The SSL and TLS protocols have become the de facto standard for securing network communications. These protocols provide confidentiality, authentication and message integrity. In order to achieve this,the Web Service Container should be SSL enabled by using a Digital Certificate issued by a Certificate Authority. The Web Service Client needs the Certificate details to invoke the Web Service. The SSL and TLS protocols define the rules SSL clients and servers use to communicate with each other. These rules specify the order in which messages are sent, the format of each message, and the way cryptographic algorithms are applied to network communications.

SSL Authentication in DataStage Web Services Pack v2.0
In order to access the Web Service deployed over HTTPS DataStage Web Service Client should fetch the server certificate from the Web Service Container and create a keystore file using keytool and import the server certificate in this keystore. The path of the generated keystore file must be mentioned in the Web Service Client->Stage Tab->Security Tab.Check the SSL Encryption Required> option and mention the path of the keystore file in the Keystore File option.In this sample, SSL is enabled on Tomcat and an Axis Web Service is deployed over it.
Please refer the link http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html for details on configuring SSL in Tomcat Server Please refer the job named WS_SSL in the attachment for SSL functionality

SSL Authentication in Web Service Pack
Web Service Client SSL Options

Debugging SSL Web Service
SSL adds additional complexity to web service client-server communications.Understanding SSL connection problems can sometimes be difficult, especially when it is not clear what messages are actually being sent and received.With the help of the JVM property, javax.net.debug, we can turn on the SSL socket communication debug option. The debug output message can help you to know what exactly happens at the SSL layer. To enable SSL debugging in the Web Service Pack, add the JVM option -Djavax.net.debug in Web Service Client(Grid Style)->Stage Tab->Properties Tab->JVM Options and set it to true.When the DataStage job is compliled and run you can view the SSL debug log messages in the Director Log.

SSL Debugging in Web Service Pack
SSL Debugging

Listing 1. SSL Debug Messages in Director Log.




The above SSL debug messages show important information like the type of SSLSocketFactory,type of keystore/truststore,Algorithm used for encryption(RSA) and validity of the certificate etc.
Please refer the job named WS_SSL_Dbg for SSL Debugging options in Web Service Pack
 In Series 3 will take it forward to Web Services with Complex SOAP headers.

 
-Ritesh
Disclaimer: The postings on this site are my own and don't necessarily represent IBM's positions, strategies or opinions

No comments:

Post a Comment