<- PowerForms - Declarative Form Input Validation Contents Sending Emails ->

SSL Encryption and HTTP Authentication

To ensure authentication and confidentiality of the communication between the server and the clients, JWIG supports HTTP Authentication and SSL (Secure Sockets Layer).

The JWIG distribution contains a simple example service Authentication.jwig, which uses both SSL and HTTP Authentication.

HTTP Authentication

The methods listed below define security requirements, either locally for the current thread or globally for the entire service.

The makeUserFile method can be used to create a file containing usernames and passwords:

class dk.brics.jwig.runwig.Service.Session 
public void makeUserFile(boolean local,
                         java.lang.String userfile,
                         java.util.List usernames,
                         java.util.List passwords,
                         boolean encrypt)
                  throws java.io.IOException
Writes a ".htpasswd" file.
Parameters:
local - if true, write to local thread directory - if false, write to shared service directory (ignore if userfile is non-null)
userfile - file name for authorized names/passwords - must be absolute (non-relative) path (if null, use .htpasswd)
usernames - list of user names
passwords - list of passwords
encrypt - if true, passwords are encrypted
Throws:
java.io.IOException - if I/O error occurs

The setAccessControl method can be used to write the ".htaccess" file for enabling client authentication and also for requiring SSL encryption (the name ".htaccess" depends on the AccessFileName directive in httpd.conf):

class dk.brics.jwig.runwig.Service.Session 
public void setAccessControl(boolean local,
                             java.lang.String userfile,
                             java.lang.String realm,
                             boolean require_ssl)
                      throws java.io.IOException
Writes a ".htaccess" file. This file defines authentication requirements for client access.
Parameters:
local - if true, write to local thread directory - if false, write to shared service directory
userfile - file name for authorized names/passwords - must be created before, and must be absolute (non-relative) path (if null, use .htpasswd)
realm - realm name (if null, no authentication check)
require_ssl - if true, set SSLRequireSSL
Throws:
java.io.IOException - if I/O error occurs

The removeAccessControl method removes the ".htaccess" file to disable authentication and SSL requirements:

class dk.brics.jwig.runwig.Service.Session 
public boolean removeAccessControl(boolean local)
Removes ".htaccess" file.
Parameters:
local - if true, remove from local thread directory - if false, remove from shared service directory
Returns:
true if file successfully deleted.

SSL Encryption

To use SSL, mod_ssl must be installed in your Apache Web server, together with a server certificate. The configuration of mod_ssl is managed through Apache - independently of the JWIG system.

The HTTPS environment variable (available in the env map) is set if the last interaction was made through SSL.

The enableAccessControl method described above should always be used to set the SSLRequireSSL flag such that SSL cannot be bypassed.

The enableSSL method can be used to change the HTTP protocol to https in subsequently generated URLs:

class dk.brics.jwig.runwig.Service.ServerThread 
public void enableSSL()
Enables SSL. The protocol part of serverurl is set to https. This assumes that the standard ports are used (80 for http and 443 for https).

The disableSSL method can be used to change the HTTP protocol to http in subsequently generated URLs:

class dk.brics.jwig.runwig.Service.ServerThread 
public void disableSSL()
Disables SSL. The protocol part of serverurl is set to http. This assumes that the standard ports are used (80 for http and 443 for https).

If more advanced control over SSL or HTTP Authentication is required, the Apache Web server configuration files, in particular .htaccess, should be written manually.

<- PowerForms - Declarative Form Input Validation Contents Sending Emails ->