You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Faz <ar...@gmail.com> on 2013/12/03 18:47:07 UTC
Load-balancing +SSL WSDL
Hi All,
I know that this is not the open forum to ask generic questions pertaining
web services as such. But I definitely know someone should have already
encountered such an issue and would be able to help me out here..
SO HERE IT IS,
My requirement is something to have WS deployed to an environment with load
balancing and SSL requests.
Below is my security policy and wsdl defn. (attached only imp. stuffs)
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false">
<wsp:Policy/>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
..........
As per above, i will be using the httpstoken mode for the transport along
with the usernametoken policy.
And the WSDL defn would be something like,
<wsdl:service name="XXX">
<wsdl:port name="XXX12" binding="tns:XXX12">
<soap12:address
location="<b>https://localhost:8443/ABC/services/XXX*"/>
</wsdl:port>
</wsdl:service>
SO my question here is, when I deploy my code top higher environment, i need
the soap address to use an intranet domain ie., https://test.myservice.net
where in the requests will be routed to the load-balancers which will then
be cascaded to the web-server and finally to the app servers.
I really dont want to have a specific server address mentioned in the
soap:address but a group with Load-balancing capabalityto cater multiple
requests at any given point of time to avoid over-crowding the server..
Please suggest...
Thanks.
--
View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-tp5737320.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Load-balancing +SSL WSDL
Posted by Christoph Emmersberger <ce...@gmail.com>.
I’d also consider running some stress tests since I’ve been tricked in the past by the load balancer that passed 80% of the load to node 1 and just 20% to node two.
Session stickiness configuration might support funky behaviour for ServletContext, Host header, etc.
- Christoph
On 03 Dec 2013, at 21:06, Daniel Kulp <dk...@apache.org> wrote:
>
> It should, yes. The client just sees the “published” url which would be the initial URL that you have there. From it’s standpoint, it grabs the wsdl from that, the address in the wsdl is that, etc…
>
> What happens internally by the various apache servers and tomcats should be fine. HOWEVER, if you do something funky in an interceptor or in your code that grabs the HttpRequest or ServletContext or something and looks for a specific HOST header or something, that may not work as quite as expected as all would get the same (public) value. But that’s normal with HTTP in any clustered environment like that.
>
> Dan
>
>
>
> On Dec 3, 2013, at 2:50 PM, Faz <ar...@gmail.com> wrote:
>
>> Thanks a lot for getting onto this Dan,
>>
>> This options looks fine,though I have a question. If we have this set to the
>> published wsdl , will the load-balancing work as normal.
>>
>> For instance, will it work fine with the below criteria?
>>
>> If the WS is deployed to 2 different tomcat/weblogic servers which are in
>> the clustered mode and are resided on top of apache server, which inturn is
>> load-balanced .
>>
>> i.e, the initial URL will be like, https://mytest.services.com/ (main DNS)
>>
>> https://mytest.services.com/services/getservice (user request via client)
>> * |*
>> * |
>> |*
>> https://apache1/services/getservice https://apache2/services/getservice
>> [Apache server routing]
>>
>> * | |*
>> https://tomcat[1/2]/services/getservice
>> https://tomcat[3/4]/services/getservice
>>
>> *So as above the WS will be deployed to 4 tomcat servers, in this case what
>> would be the service deployed url / address and what would be the
>> publishedEndpointUrl? *Please provide your insights on this....
>>
>>
>>
>>
>> --
>> View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-Java-tp5737320p5737331.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
>
Re: Load-balancing +SSL WSDL
Posted by "harilal.a.s" <ha...@gmail.com>.
is this resolved? am facing same issue
if it resolved could you please help me by sharing the logic/stuff that you
done for the same?
--
View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-Java-tp5737320p5738624.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Load-balancing +SSL WSDL
Posted by Faz <ar...@gmail.com>.
Thanks Once again!!
Got you now.
I will have LB address mentioned in the WSDL file.
That said, if the LB address is soemthing like,
*https://myservice.com/services/test*
Then the soap:address will be,
and my cxf-servlet.xml will be as follows,
and the client will access the wsdl as below,
But the issue with me is, the LB will switch the https requests to http once
it hits and all the forward requests will be http.
ie, the client will access as (detached from LB just for instance)
so ideally the soap:address has be like
and the servelt.xml will be like,
This CONFIG doesn't work. I'm unable to access the wsdl with 8080, its
throwing
an error message stating that its doesn't find the observer. etc,
Any help on this pls.
--
View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-Java-tp5737320p5737405.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Load-balancing +SSL WSDL
Posted by Daniel Kulp <dk...@apache.org>.
On Dec 4, 2013, at 5:17 AM, Faz <ar...@gmail.com> wrote:
> Hello Dan,
> Any idea on the above? Need to know what exactly to be configured in the
> above config/wsdl files.
>
> And when you said *The client just sees the “published” url *, what did you
> mean by that.. Like, how exactly does the client sees the URL.
The url in the WSDL’s soap:address (and the URL in the WSDL’s that the client use) shouldn’t be the tomcat servers at all. It should just be the URL of the single load balancer httpd service/proxy thing. All the clients would talk to that and it would forward the requests to the appropriately load balanced tomcat service.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: Load-balancing +SSL WSDL
Posted by Faz <ar...@gmail.com>.
Hello Dan,
Any idea on the above? Need to know what exactly to be configured in the
above config/wsdl files.
And when you said *The client just sees the “published” url *, what did you
mean by that.. Like, how exactly does the client sees the URL.
Thanks!!
--
View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-Java-tp5737320p5737342.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Load-balancing +SSL WSDL
Posted by Faz <ar...@gmail.com>.
Thanks very much, didn't find such info anywhere else but from you...
Please let me know if my understanding is right,
I have the initial url /published url as
https://mytest.services.com/services/XXX.
Now in the endpoint I will have the publishedEndpointUrl pointed to the
initial URL as above.
Then what should my address read, because like mentioned I have the services
deployed to the clustered servers...
And what should get into the soap12:address location field since I have the
clustered env.
The reason is the same war file will be deployed across the 4 tomcat servers
and hence am quite confused as to what url
should that read?
--
View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-Java-tp5737320p5737333.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Load-balancing +SSL WSDL
Posted by Daniel Kulp <dk...@apache.org>.
It should, yes. The client just sees the “published” url which would be the initial URL that you have there. From it’s standpoint, it grabs the wsdl from that, the address in the wsdl is that, etc…
What happens internally by the various apache servers and tomcats should be fine. HOWEVER, if you do something funky in an interceptor or in your code that grabs the HttpRequest or ServletContext or something and looks for a specific HOST header or something, that may not work as quite as expected as all would get the same (public) value. But that’s normal with HTTP in any clustered environment like that.
Dan
On Dec 3, 2013, at 2:50 PM, Faz <ar...@gmail.com> wrote:
> Thanks a lot for getting onto this Dan,
>
> This options looks fine,though I have a question. If we have this set to the
> published wsdl , will the load-balancing work as normal.
>
> For instance, will it work fine with the below criteria?
>
> If the WS is deployed to 2 different tomcat/weblogic servers which are in
> the clustered mode and are resided on top of apache server, which inturn is
> load-balanced .
>
> i.e, the initial URL will be like, https://mytest.services.com/ (main DNS)
>
> https://mytest.services.com/services/getservice (user request via client)
> * |*
> * |
> |*
> https://apache1/services/getservice https://apache2/services/getservice
> [Apache server routing]
>
> * | |*
> https://tomcat[1/2]/services/getservice
> https://tomcat[3/4]/services/getservice
>
> *So as above the WS will be deployed to 4 tomcat servers, in this case what
> would be the service deployed url / address and what would be the
> publishedEndpointUrl? *Please provide your insights on this....
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-Java-tp5737320p5737331.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: Load-balancing +SSL WSDL
Posted by Faz <ar...@gmail.com>.
Thanks a lot for getting onto this Dan,
This options looks fine,though I have a question. If we have this set to the
published wsdl , will the load-balancing work as normal.
For instance, will it work fine with the below criteria?
If the WS is deployed to 2 different tomcat/weblogic servers which are in
the clustered mode and are resided on top of apache server, which inturn is
load-balanced .
i.e, the initial URL will be like, https://mytest.services.com/ (main DNS)
https://mytest.services.com/services/getservice (user request via client)
* |*
* |
|*
https://apache1/services/getservice https://apache2/services/getservice
[Apache server routing]
* | |*
https://tomcat[1/2]/services/getservice
https://tomcat[3/4]/services/getservice
*So as above the WS will be deployed to 4 tomcat servers, in this case what
would be the service deployed url / address and what would be the
publishedEndpointUrl? *Please provide your insights on this....
--
View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-Java-tp5737320p5737331.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Load-balancing +SSL WSDL
Posted by Daniel Kulp <dk...@apache.org>.
CXF has a specific property that can be set on the endpoint to set what the “published” URL is for the endpoint. Basically, the endpoint used in the published wsdl.
See:
http://cxf.apache.org/docs/jax-ws-configuration.html
and the publishedEndpointUrl property.
Dan
On Dec 3, 2013, at 12:47 PM, Faz <ar...@gmail.com> wrote:
>
> Hi All,
>
> I know that this is not the open forum to ask generic questions pertaining
> web services as such. But I definitely know someone should have already
> encountered such an issue and would be able to help me out here..
> SO HERE IT IS,
> My requirement is something to have WS deployed to an environment with load
> balancing and SSL requests.
> Below is my security policy and wsdl defn. (attached only imp. stuffs)
>
> <sp:TransportBinding>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken RequireClientCertificate="false">
> <wsp:Policy/>
> </sp:HttpsToken>
> </wsp:Policy>
> </sp:TransportToken>
> ..........
>
> As per above, i will be using the httpstoken mode for the transport along
> with the usernametoken policy.
>
> And the WSDL defn would be something like,
> <wsdl:service name="XXX">
> <wsdl:port name="XXX12" binding="tns:XXX12">
> <soap12:address
> location="<b>https://localhost:8443/ABC/services/XXX*"/>
> </wsdl:port>
> </wsdl:service>
>
> SO my question here is, when I deploy my code top higher environment, i need
> the soap address to use an intranet domain ie., https://test.myservice.net
> where in the requests will be routed to the load-balancers which will then
> be cascaded to the web-server and finally to the app servers.
>
> I really dont want to have a specific server address mentioned in the
> soap:address but a group with Load-balancing capabalityto cater multiple
> requests at any given point of time to avoid over-crowding the server..
>
> Please suggest...
> Thanks.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Load-balancing-SSL-WSDL-tp5737320.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com