Creating server logs with Log4j

By using Log4J, it can make log files on server side easily.

Log4j is a easy way to manage logs on server side. Mostly logs are written to a log file on the server to keep track of changes. We can write a log to a fie using two different methodologies. One is by using a XML file and the other is by using a property file.

• Using an XML file : xmllog4jconfig

Several attributes like file name, lay out and many others contains in xml file.

And then we have to use this xml file inside our codes as follows.

import org.apache.log4j.*;
import org.apache.log4j.xml.DOMConfigurator;
Logger logger;
try{
logger = Logger.getLogger("Update.class");


DOMConfigurator.configure(getServletContext().getRealPath("/") + "WEB-INF" + File.separator +"classes"+ File.separator + "xmllog4jconfig.xml");

logger.info("Log has been appended to your output.txt");
logger.info("device information changed from "+ imei_db +" to "+ imei);
System.out.println("succesfully written to output.txt");

}catch(Exception e){
System.out.println("Exception in log4j- "+e.getMessage());
}

• Using a property file : log4j

log4j.rootLogger=DEBUG, R

log4j.appender.R = org.apache.log4j.DailyRollingFileAppender
log4j.appender.R.File = $CATALINA_HOME/logs/oooutput.log
log4j.appender.R.Append = true
log4j.appender.R.DatePattern = '.'yyy-MM-dd
log4j.appender.R.layout = org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n

Configuring Message-Level Security in Web Services using Web Logic Server

Step 1 - Creating the key store and digital certificates

Since it is used Public Key Infrastructure here, it is needed to create public private key pairs for both service provider and client. Message authentication is accomplished through signing and message integrity is accomplished by encrypting the message. To sign the message it uses the private key of each party and public key is used in purpose of encrypting. It is required to have digital certificates to verify whether the requested party is trusted. Weblogic “certgen” command is used to generate digital certificates/ key pairs. Public key information is also used to generate digital certificates.

Followings are the steps;

1. “ClientCert” is the certificate file name which is of type “pem”. “ClientKey” is the private key file of type of “pem”. “ClientKey” is the password for key file and certificate. Same procedure is used for the server side.

• java utils.CertGen -certfile ClientCert -keyfile ClientKey -keyfilepass ClientKey

• java utils.CertGen -certfile ServerCert -keyfile ServerKey -keyfilepass ServerKey

2. Then it needs to create a key store comprises of keys and certificates. It imports the above created key files and certificates to “ClientIdentity.jks”. “ClientKey” is the key store password. The above password for the key file should be used as “keypass”.

• java utils.ImportPrivateKey -certfile ClientCert.der -keyfile ClientKey.der -keyfilepass ClientKey -keystore ClientIdentity.jks -storepass ClientKey -alias identity1 -keypass ClientKey
  

• java utils.ImportPrivateKey -certfile ServerCert.der -keyfile ServerKey.der -keyfilepass ServerKey -keystore ServerIdentity.jks -storepass ServerKey -alias identity2 -keypass ServerKey
  

3. Finally import the digital certificates to the server trust key store. First server certificate is imported to its own trust store and then client certificate. This step is required since we do not use a certificate authority.

• keytool -import -v -trustcacerts -alias identity1 -file ServerCert.der -keystore ServerTrust.jks -storepass ServerTrustStorePass
  

• keytool -import -v -trustcacerts -alias identity2 -file ClientCert.der -keystore ServerTrust.jks -storepass ServerTrustStorePass
  

Step 2 - Creating the Web service

- Create a java class for web service and create methods for functionalities of the web service.
- Right click on the class file and click on the “create web service…” option.
- Go through the wizard (select soap 1.2 binding).
- Select required policy files by selecting “WLS policies” at configure policies step. Our required
policies are as this
@Policies({
@Policy(uri = "Wssp1.2-2007-Wss1.0-X509-Basic256.xml"),
@Policy(uri = "Wssp1.2-2007-EncryptBody.xml")
})

Step 3- Next we have to configure the new keystores in WLS's identity and trust keystore for the use of web service.

STEPS:
- Start the weblogic server new instant
- Open server console and then go to
server->default server->general

- Enable Listen port

Then go to
- server->default server->Keystores

Set the key store type to “custom Identity and custom Trust” ,and set key store paths and their passwords

- Then go to SSL tab and set its setting

Step 4 - Creating the Client Proxy

Now we have to create a client for the above created web service. In doing so client proxy has to be created as;

New -> Web Service (locates under Business Tier) -> Web Service Proxy
For the “WSDL Document URL” you have to give the path of the wsdl file created from the web service.

Eg:-http://192.168.24.239:7101/BasicPolicy-Basic_ws-context-root/HelloSoap12HttpPort and “?WSDL” should be append at the end.

After creating the proxy, the generated client class contains the main method which calls the functions of web service and set of methods that guarantees the security of web service. Here client class is created as “HelloSoap12HttpPortClient” where Hello is the name given by you. We have to modify the “setPortCredentialProviderList()” method to suits with our configurations. Information regards to client and server key stores have to be given as the following example.

String username = "";
String password = "";
String clientKeyStore = "C:/Documents and Settings/Administrator/Desktop/fin/ClientIdentity.jks";
String clientKeyStorePassword = "ClientKey";
String clientKeyAlias = "identityc";
String clientKeyPassword = "ClientKey";
String serverKeyStore = "C:/Documents and Settings/Administrator/Desktop/fin/ServerIdentity.jks";
String serverKeyStorePassword = "ServerKey";
String serverKeyAlias = "identitys";

How to run
- Run the web service first
-Then run the client proxy.
-You can verify the security of data transferred, by using a network packet analyzer such as “Wireshark”.