Secure Web Service
47 views
Skip to first unread message
Julian Ford
Aug 28, 2019, 7:51:42 AM8/28/19
to VA Smalltalk
Hello, all.
I hope those at ESUG are enjoying it (he said, jealously)!
I have a web service question (actually 2), for any who might be experienced with this...
Following the example in the documentation, I successfully created a small web service,
and it works perfectly!
Very simply, I create an SstWebServerSpecification, with the appropriate serverURL,
and webAppSpecs, then send it #instantiateAndRun.
I can then send requests to the web service, using the details I specified in the
webAppSpecs. It was SO easy to set up and use.
Question 1: This allows me to create an HTTP web service.
Is there a way to create an HTTPS web service, so I can use it to exchange sensitive data?
If so, do I need to create a certificate and register it with the webServerSpecification?
Question 2: Is it possible (and worry-free) to create a SECOND instance of SstWebServerSpecification,
running on a different port, to provide a separate web service running in the same image?
Thank you in advance for any and all assistance!!
Regards,
Julian Ford
(currently NOT at ESUG)
Wayne Johnston
Aug 28, 2019, 9:47:52 AM8/28/19
to VA Smalltalk
1. If you are talking about "web services", see Web Services Guide - Cookbook - Creating a Secure Web Service
I've done things with web services which of course involves WSDL. But I have no experience with SstWebServerSpecification, so perhaps you are making a more general web server. But maybe that help page will give you a hint.
We can have a web services client in VA Smalltalk using HTTPS without having to use certificates. But it seems that a web services server in VA Smalltalk can use HTTPS only if certificates are involved.
2. Try it. I would guess it's easy with HTTP. With HTTPS, I suspect it would be easy as long as the same set of certificates is used. But if the certificates are different for the different ports, you might have problems. I know our application, which is a web services client of multiple web services, had great difficulties getting that to work.
Julian Ford
Aug 31, 2019, 4:00:13 PM8/31/19
to VA Smalltalk
Hi, Wayne.
Thank you very much for the reply, and the information!
Yes, I can certainly try multiple instances.....but I was looking to find out if there are any inherent
traps I need to worry about. Sometimes, something looks like it is working, but there is a race-condition
or resource collision that is just waiting to happen, but is hard to test for.
Anyway, going to give the HTTPS Container option a try.
Thanks again!
Julian
Reply all
Reply to author
Forward
0 new messages