Sunday, May 6, 2012

Configuring Wicket to use HTTPS in JBoss AS7

I am currently developing a Web Application using Wicket-1.5.3. There I wanted to use HTTPS protocol. It is my pleasure to share the gathered information with you; perhaps this might come useful to you.

I am going to describe the procedure from the beginning. The whole procedure is split into three steps. At fist you need to create the Security Certificate and to create this certificate you need to use keytool command which comes with JDK.

Security Certificate Creation:
Open the command prompt and type the following command and follow the steps accordingly: 
 C:\Users\Tanmoy>keytool -genkey -alias tapasb -keypass joyguru -keystore jymCertificate.cer -storepass joyguru 

 What is your first and last name? 

  [Unknown]: Tapas Bose 

 What is the name of your organizational unit? 

  [Unknown]: JYM INC 

 What is the name of your organization? 

  [Unknown]: JYM INC 

 What is the name of your City or Locality? 

  [Unknown]: Kolkata 

 What is the name of your State or Province? 

  [Unknown]: West Bengal 

 What is the two-letter country code for this unit? 

  [Unknown]: IN 

 Is CN=Tapas Bose, OU=JYM INC, O=JYM INC, L=Kolkata, ST=West Bengal, C=IN correct? 

  [no]: yes 

 C:\Users\Tanmoy> 

After that the certificate file will be created in your home directory. Copy that file and go to the JBoss folder, in my case it is C:\Development\JBoss-AS-7.1.0.Final and create a folder with name certificate, in fact you can use any name you want, and paste the copied certificate file there and by doing this the first step completes. Now you are ready to go for second step.

Modify standalone.xml:
Stop your server. Go into the ${jboss.home.dir}/standalone directory, in my case it is C:\Development\JBoss-AS-7.1.0.Final\standalone\configuration, backup the standalone.xml, if something goes wrong, open that standalone.xml in an editor, I use Notepad++.

Find the xml element called <subsystem> with xmlns="urn:jboss:domain:web:1.1", this element configures the protocols. Add the following code:
  
     
  
Now it will be:
  
       
       
           
       
       
           
           
       
   
This ends the step two. Keep in mind you should stop your server before any modification.
Start your server and you should  see you server has been started successfully. Try to browse: https://localhost:8443/, if you don't see the following screen then  you probably mess something up and start again with the backup-ed xml file.


Now you are ready to go to write you wicket application which is going to use HTTPS protocol.

Make Wicket to use HTTPS:
It is very easy to make you application to use HTTPS in Wicket 1.5.x. In the init method of your application class which extends org.apache.wicket.protocol.http.WebApplication in my case it isorg.apache.wicket.authroles.authentication.AuthenticatedWebApplication
since I am using Wicket Authentication policy, add the following code snippet:
setRootRequestMapper(new HttpsMapper(getRootRequestMapper(), new HttpsConfig(8080, 8443)));
After you configured your application to use HTTPS you need to specify the pages which will use this protocol and for that you need to use @RequireHttps annotation with the page class, as shown below:
public class MyPage extends WebPage {  
     private static final long serialVersionUID = -298979616675428637L;  
     // your code goes here  
}
If your page classes have a common super class, you can use this annotation on top of that base class.

Now deploy and run your application, you should see that it is using the Hyper Text Transfer Protocol Secure.

That's all folks.

No comments:

Post a Comment