TIBCO BW6 provides a graphical & developer-friendly eclipse based IDE known as Business Studio to design & implement business processes by utilizing readily available palettes and activities. For implementation of REST web services in BW6, TIBCO BW provides a great feature-rich support in Business Studio without installing and setting up any additional plugins contrary to TIBCO BW5 where a separate REST & JSON Plugin was needed in order to implement Restful web services.
When we need to secure our TIBCO BW6 REST web services, we need to use the power of TIBCO BW6 to configure one-way or Mutual SSL which provides transport level security to our web services. To configure our HTTP connection with one-way or two-way SSL, TIBCO BW6 provides some shared resources which we need to duly configure to turn our HTTP service into HTTPS service quite efficiently and conveniently.
In this TIBCO BW6 SSL Tutorial, we will see how to configure one-way SSL for TIBCO BW6 REST Service and then we will see how to configure Two Way SSL (Mutual SSL) in TIBCO BusinessWorks 6.x Rest web service. In another tutorial, I explained step by step how to invoke or consume a REST Web Service Using TIBCO BW6.
Step by Step Tutorial for One-Way and Two Way SSL configuration in TIBCO BW6
All the steps that you need to perform for implementation of a secure web service with one way and two way SSL have been covered in below video tutorial on YouTube channel of TutorialsPedia with a simple use-case. For this tutorial, Keystores and Certificates have been generated locally without and no CA signing has been done. You can refer to my tutorials on how to generate self signed certificate using OpenSSL if you want to use OpenSSL for creating keystore. Alternatively you can use Java Keytool to generate self-signed certificates and keystores and if you prefer a graphical tool instead of command line, you can refer to my tutorial explaining how to use Portecle to generate self-signed certificates and keystores.
If we briefly sum-up all the steps from this TIBCO BW6 SSL REST Service video tutorial, here are the steps:
- Create a TIBCO BW Project in Business Studio and add a REST Web Service.
- Implement business logic in the process with some valid response in Reply activity.
- Configure HTTP connection by providing host & port. Under Security, check Confidentiality checkbox.
- Make sure that you have Server Keystore, Client Public Certificate (for two way SSL scenario) ready. For this, refer to above links to generate self-signed certificates using OpenSSL or Keytool or Portecle.
- Configure SSL Server Resource. In SSL Server Resource provide reference to a KeyStore Resource (choose Create a New Shared Resource Option for that). For SSL Server Resource, you will also need to provide alias and password.
- When configuring Server Keystore, for URL, provide reference to your server keystore JKS file and provide its password. In case if you created PK12 instead of JKS, you will have to choose the type as PKCS#12 in type drop down list.
- In case of Two way SSL, you will need to check Enable Mutual Authentication checkbox in SSL Server Resource Configuration and then provide reference to a truststore.
- TrustStore should have reference to a store where you should have already imported client trusted certificate. You can use cacerts truststore for this purpose which is already available in TIBCO JRE under security folder.
- Once you have everything configured as above, you should be able to access the service from a client.
- In case of one-way SSL, you should be able to access your service from client without configuring client identity but in case of two way SSL, client side should be configured with its own keystore as its identity.
You may refer to another post on this blog explaining How One Way and Two-Way SSL works and what are the differences between one way and two way SSL from conceptual perspective.
Feel free to comment below if you have any questions or need any further clarity on this topic.