Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
162 Chapter 7 REST Programming Let’s show these settings in a real-world setting (see Listing 7.10). In our secure application, we need to secure all REST resources. Here are the relevant contents of our zero.config file. In this case, we are completely disabling the non-SSL listener and defining our SSL-specific settings. Listing 7.10 /config/zero.config—SSL-Only Configuration Sample /config/http/port = 0 /config/https/port = 443 /config/https/sslconfig = { "keyStore": "./config/key.jks", "keyStorePassword": "JTotMC8+LCw=", "keyStoreType": "JKS" } Refer to Chapter 9, “Security Model,” for more information on setting up your actual keystore and truststore values, as these are specific to your Java environment. For more information on setting up SSL, refer. | 162 Chapter 7 REST Programming Let s show these settings in a real-world setting see Listing 7.10 . In our secure application we need to secure all REST resources. Here are the relevant contents of our zero.config file. In this case we are completely disabling the non-SSL listener and defining our SSL-specific settings. Listing 7.10 config zero.config-SSL-Only Configuration Sample config http port 0 config https port 443 config https sslconfig keyStore . config key.jks keyStorePassword xor JTotMC8 LCw keyStoreType JKS Refer to Chapter 9 Security Model for more information on setting up your actual keystore and truststore values as these are specific to your Java environment. For more information on setting up SSL refer to the following resources. For IBM Java key management using the ikeyman tool see http download.boulder.ibm.com ibmdl pub software dw jdk security 50 GSK7c_SSL_IKM_Guide.pdf. For Sun s keytool utility refer to http java.sun.com j2se 1.5.0 docs guide security jsse JSSERefGuide.html CreateKeystore. For another good resource for defining a secure environment using keystores see the Using the Java Secure Socket Extension in WebSphere Application Server article from the IBM WebSphere Developer Technical Journal by Messaoud Benantar at http www.ibm.com developerworks websphere techjournal 0502_benantar 0502_benantar.html. Although we are providing references to more information on SSL see the following articles for IBM at http www.ibm.com developerworks java jdk security 50 secguides jsse2Docs JSSE2RefGuide.html and from Sun at http java.sun.com j2se 1.5.0 docs guide security jsse JSSERefGuide.html. If you are not ready to purchase a valid certificate from a recognized certificate authority you can still move forward in your development using a local dummy keystore. Simply include the zero.core.webtools dependency and a dummy keystore is automatically available for use. Please refer to Chapter 9 for more details. Testing and Documentation After you have .