3.5 Configuring Security
HydraExpress provides security at the transport level through the HTTPS transport.
3.5.1 Transport-Level Security: HTTPS
The HydraExpress Agent automatically handles messages sent on secure transports (HTTPS) through its HTTPS connector. The default port for receiving HTTPS requests is 8443.
The HTTPS connector is configured in the main Agent configuration file, rwagent-express.xml, located in your <installdir>\conf directory, shown below:
<rwsf:connector name="HTTPS (HTTP/1.1)"
class="rwsf_transport_https35.createHttpsConnectorImp"
handlerChain="http">
<rwsf:property name="accepter-threads" value="2"/>
<rwsf:property name="thread-pool-min" value="5"/>
<rwsf:property name="thread-pool-max" value="10"/>
<rwsf:property name="host" value="localhost"/>
<rwsf:property name="port" value="8443"/>
<rwsf:property name="request-backlog" value="5"/>
<rwsf:property name="request-buffersize" value="4096"/>
<rwsf:property name="request-timeout" value="30000"/>
<rwsf:property name="ssl-quiet-shutdown" value="false"/>
<rwsf:property name="ssl-certificate"
value="${RWSF_CONF}/certs/localhost.crt"/>
<rwsf:property name="ssl-private-key"
value="${RWSF_CONF}/certs/localhost.key"/>
<rwsf:property name="security-init-seed" value="123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"/>
<rwsf:property name="security-init-seed-type" value="string"/>
</rwsf:connector>
Table 6 lists the configurable properties.
Table 6: HTTPS connector properties
| Property name | Types | Description |
accepter-threads |
int | Specifies the number of threads that should be spawned listening for new connections. Defaults to 1. |
thread-pool-min |
int | The minimum number of threads to be created in the thread pool. Defaults to 5. |
thread-pool-max |
int | The maximum number of threads to be created in the thread pool. Defaults to 10. |
port |
string | Port name used to create a listener socket. Defaults to 8443. |
request-backlog |
int | The number of pending connection requests allowed before the system starts refusing connections. The value specified in the default configuration files is 5. |
request-buffersize |
long | Size of the buffer used to receive incoming messages. Smaller values may result in slower performance. Larger values may result in wasted space. The value specified in the default configuration files is 4096. If no value is specified, the default is no buffering. |
request-timeout |
long | Timeout used when returning a request to the client. The value is specified in milliseconds. The value specified in the default configuration files is 30000. If not specified, the listener blocks indefinitely. |
ssl-quiet-shutdown |
bool | During normal shutdown of an SSL connection, both sides will attempt to perform a final handshake indicating that each has agreed to close the connection. If one side closes the connection before the other can send its part of the handshake, this operation can fail with an exception or signal. This property disables this final handshake. The default value is false. |
ssl-certificate |
string | This property indicates the file that contains the X.509 Certificate for the client. This property is mandatory if performing server authentication. This property cannot be changed until the transport disconnects.1 |
ssl-private-key |
string | This property indicates the file that contains the Private Key for the client. This property is mandatory if performing server authentication. This property cannot be changed until the transport disconnects.1 |
security-init-seed |
string | This is used as the seed for the random number generator. This value cannot be changed until the transport disconnects. |
security-init-seed-type |
string | If this property is set to string, it indicates that the security-init-seed property contains a seed string. If set to filename, it indicates that the security-init-seed property contains the name of a file holding the seed. |
- Provided certificate and key should be used for testing purposes only.
3.5.1.1 Invoking a Service using HTTPS
To send a message using HTTPS from within HydraExpress, just change the location in the WSDL to use an HTTPS address and port. For example, change the following address:
<soap:address location="http://localhost:8090/DemoProject/DemoProjectService"/>
to use an HTTPS transport:
<soap:address location="https://localhost:8443/DemoProject/DemoProjectService"/>
© Copyright Rogue Wave Software, Inc. All Rights Reserved. All Rights Reserved. Rogue Wave is a registered trademark of Rogue Wave Software, Inc. in the United States and other countries. HydraExpress is a trademark of Rogue Wave Software, Inc. All other trademarks are the property of their respective owners.
Contact Rogue Wave about documentation or support issues.