Friday, March 20, 2020

Enable SSL in JBoss EAP 7.1

In this post I will demonstrate how to enable SSL in JBoss EAP 7.1 and I will use "" post for the demonstration purposes.

Prerequisites 
  1. You should have install java 1.8 or above.
  2. You should have Eclipse installed in your PC.
  3. Your PC should setup Maven installed and configured.
  4. MS SQL server need to be installed. 
  5.  You need to have JBoss EAP instance in your PC.


Lets deploy the application 

First check out the project from GitHub repository related my my previous post "spring-boot-rest-api-with-sqlserver-2019"
First lets enable Database user name and password on application properties by removing "#" marks in-front of spring.datasource.username and spring.datasource.password.  

#==== connect to mysql ======#
spring.jpa.hibernate.ddl-auto=update
spring.datasource.url=jdbc:sqlserver://localhost;databaseName=TestDB
spring.datasource.username=nirmal
spring.datasource.password=Test123_

spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
spring.jpa.database-platform=org.hibernate.dialect.SQLServer2012Dialect
server.port = 8080

spring.jpa.properties.hibernate.show_sql=true
spring.jpa.properties.hibernate.use_sql_comments=false
spring.jpa.properties.hibernate.format_sql=true
#==== Logging configurations ======#
logging.level.root=WARN,INFO,ERROR
logging.level.com.baeldung=TRACE


First perform maven install and generate the war as show in figure below.


Then lets start the JBoss EAP by double click on standalon.exe in windows or running standalone.sh file in linux.  When EAP starts you can see following warning message has been display in the console. 

WARN  [org.jboss.as.domain.management.security] (MSC service thread 1-7) WFLYDM0111: Keystore G:\Programs\Servers\jboss-eap-7.1.0_1\jboss-eap-7.1\standalone\configuration\application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost

Warning related Keystore missing certificate

How ever first lets deploy the war file in to EAP and see whether its functioning. After starting the EAP go to JBoss Admin console  and navigate to Deployments tab. Then deploy your generated war file.

Now you should be able to access following URL
http://localhost:8080/RestApiSpringBoot-0.0.1-SNAPSHOT/findBook/1

And in browser you should be able to see similar output.

REST get API output


Lets generate the Key 

To generate the SSL key we are using Java "keytool". In order to generate the key open command prompt as Administrator and navigate Java installation directory. Then you can execute following command.

keytool.exe -genkey -alias server -keyalg RSA -keystore application.keystore -validity 2000


Once you enter above mentions command then first it will ask for the password I will use default password as "password". Then it will ask some basic details about your server you can provide your own details and will not have impact on these for now.

What is your first and last name?
Nirmal Balasooriya
What is the name of your organizational unit?
NimralBalasooriyaBlog
What is the name of your organization?
NirmalBalasooriyaBlog
What is the name of your City or Locality?
Singapore
What is the name of your State or Province?
Singapore
What is the two-letter country code for this unit?
SG
Is CN=Nirmal Balasooriya, OU=NimralBalasooriyaBlog, O=NirmalBalasooriyaBlog, L=Singapore, ST=Singapore, C=SG correct?
Yes

After these details it will ask you to enter password for another time for verification.

Generation of ssl key

Actually these details already configured in the standalone.xml in "<EAP_BASE_DIR>\standalone\configuration" directory. If you open the xml file and search for following "<security-realm name="ApplicationRealm">" in xml you can find these configurations as show below.


            <security-realm name="ApplicationRealm">
                <server-identities>
                    <ssl>
                        <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>


So we are generated our ssl key based on this default configuration. Now you should be able to see new file "application.keystore" has been generated in Java bin folder. Then copy and past that file in to "<EAP_BASE_DIR>\standalone\configuration"



Lets test the application with SSL

After above modifications lets restart the JBoss EAP. Now you should be able to see similar out put as show in below.

Now you will not able to see previous warning that generated When EAP starts. Also you should able to see EAP is listening for HTTPS port as well.

INFO  [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0006: Undertow HTTPS listener https listening on 127.0.0.1:8443


SSL is enable in EAP 7.1


Now if you try to access our web service with HTTPS following URL.

https://localhost:8443/RestApiSpringBoot-0.0.1-SNAPSHOT/findBook/1

Browser will give you warning that we are going to access "Your connection is not private" as show below.

Then click me Help me to understand and then Proceed to localhost (unsafe)



Then You should be able to see similar output as below.






Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)