Skip to content

How to Work Securely

The Process Designer supports HTTP and HTTPS transport protocols and two types of authentication; HTTP Basic Authentication and WS-Security UsernameToken authentication.

VPD listens on port 8383 for secure HTTP traffic

  • HTTP basic authentication

    Basic authentication requires user name and password credentials to access files on the web server. During the import process the Process Designer detects that the service you want to import requires authentication and prompts you to supply the proper credentials. These credentials are stored within the project and used at runtime when the protected service is invoked. VPD listens on port 8383 for secure HTTP traffic.

    To ensure security the service must be used over HTTPS.

  • WS-Security UsernameToken authentication

    WS-Security provides Web service security using SOAP to transfer user credentials by means of the UsernameToken element. All credentials are stored within the project and used at runtime.

Adding Authentication to a Service

You can add, edit, and view the authentication schemes associated with a service on the Properties tab under Authentication. On the Authentication panel you can add new authentication credentials or edit existing credentials for the selected service.

You can add one set of basic authentication or WS-Security credentials for each web service.

See Adding and Editing Authentication Credentials for instructions on how to add and edit credentials.

Using HTTPS

You can import services securely using the HTTPS protocol. After a secure connection is established, the WSDL is imported in the same manner as a WSDL using the HTTP protocol. The Process Designer does not differentiate between files imported over HTTP or HTTPS once they are imported.

If you are importing a Verastream Host Integrator 7.x Web service, all HTTPS communication is handled through port 9681 and non-secure communication is handled through port 9680.

If an untrusted or invalid server certificate is encountered, the Process Designer prompts you to confirm that you want to proceed with the untrusted connection. A certificate is considered invalid if it has expired, its validation date has not yet occurred, or if there are other errors. A certificate is untrusted if it was not issued by a trusted central authority.

untrusted connection

Click Details to see information associated with the invalid or untrusted certificate.

To execute a service securely

After you deploy your service, a message displays with a URL address to the deployed service.

success message

In this example, the URL http://localhost:8282/vse/services/test_ui?wsdl is using an unsecure transport and port. To use HTTPS this URL should look like this: https://localhost:8383/vse/services/test_ui?wsdl. You have changed http to https and the port number from 8282 to the secure port 8383.

Securing Files

Thinking about preventing tampering, information leakage, and other security vulnerabilities is important. The Process Server stores information in files that you should take care to secure within your system environment.

These files are:

Process Server files and directories

The account running the Process Server will need read/write access to these files.

File or directory name Location Description
configure.endpoint C:\\Program Files (x86)\Micro Focus\Verastream\ProcessServer\services\composite\processes This file may contain HTTP Basic Authentication credentials
Java class files C:\\Program Files (x86)\Micro Focus\Verastream\ProcessServer\services\composite\runtime\WEB-INF\classes\com\attachmate\security\auth\callback\axis2 If present, these class files may be decompiled to reveal WS-Security UsernameToken credentials.

Design Studio files and directories

While security vulnerabilities are unlikely, you may have some concerns regarding files that are accessible in the Design Studio. The developer using the Design Studio will need read/write access to these files:

File or directory name Location Description
.csbpel Within each project folder This file may contain encrypted credentials if an imported service requires HTTP Basic Authentication or WS-Security UsernameToken authentication.
.keyring <user_directory>\attachmate\verastream\ processdesigner\configuration\org.eclipse.core.runtime This is the Eclipse platform keyring. This file contains the credentials that are saved when you choose to have the Process Designer remember credentials on the Web server.

More information