• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Web Service SSL Client

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication. I want to write a web client to show that a client page can call the web service over https with client authentication. I have my certificate set up which trusts the server certificate where the web service is hosted (that's how I can see the happyaxis.jsp page), so I know my certificate's good. However, I want to be able to programmically call the web service from the client page, and I haven't been able to get that working yet. I should point out I've tested this whole setup over http, and everything works properly. So if anyone out there has any ideas, or could point me in the right direction, I would appreciate it. Thanks.
 
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Chris McRae:
Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication.



Will this sample from axis be any useful??
 
Chris McRae
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've actually looked at that already. Thanks, though.
 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
can you put in the piece of code you are using right now, which is not helping you?

I'll try and see whats missing in it or if anything is going wrong.
 
Chris McRae
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your help. Here is the code that I am trying to use. It's from a .jsp page hosted on a web server over https with a server certificate that is trusted by the server which hosts the web service which is the endpoint.

-- First, retrieving the client certificate --
X509Certificate clientCert = null;
X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
clientCert = certs[0];
clientDN = clientCert.getSubjectDN().toString();

-- Seting the SSL information --
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.trustStore","D:/webapps/ws_app/WEB-INF/truststore");
System.setProperty("javax.net.ssl.trustStorePassword","12345678");

-- Using the java code for the client generated from the wsdl --
-- where 'clientDN' is the input parameter to the web service --
locator = new GetSearchesServiceLocator();
port = locator.getgetSearchesPort();
searchinfoin = new GetSearchesByOwnerInfoIn();
searchinfoin.setDn(clientDN);

-- attempt to call the web service --
allSearchesByOwner = (Searches)port.getSearchesByOwner(searchinfoin);

At this point, the call fails with a 403-Forbidden message. All this code works fine over http, by the way, where I don't have to worry about certificates. I've tried various ways of using the client certificate (the clientCert variable) to start the SSL handshake, but no luck so far. I'm obviously missing something, but haven't figured it out yet. Any help would be greatly appreciated. Thank you for your help.
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Everybody,

I've built a java web service client using Apache Axis that talks to a webservice deployed in Websphere 5.1 over HTTPS.

The communication over SSL has been successful so far, I'm posting excerpts from the code below. But it takes the client a long time to get a response back and often I get the request timeout errors.

On the server side, the logs show that when the request is acutally handed over to the java application it is processed very fast.

So it looks like the SSL handshake is taking place on every request because it takes too long to get a response back.

There is no client side certificate.

So does anybody know how HTTP sessions are maintained when using SSL. Are session cookies still used or is there another mechanism for mainting the HTTP sessions.

I have tried "Service.setMaintainSession(true)". It seems to have made a difference but I'm not exactly sure. This method call is suppossed to work for plain HTTP but I'm not sure what would happen when SSL/HTTPS is involved.

Any input would be appreciated.

Thanks
Vikas

--- Excerpt from my client java code---------



// This is all I do (besides setting the username and password in the Call object) before sending the request.

System.setProperty( "javax.net.ssl.keyStore","certstore\\cacert");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty( "javax.net.ssl.trustStore", "certstore\\cacert");
 
Vikas Phonsa
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Chris McRae,

Regarding your problem.

Don't you need a username and password to access the webservice over SSL.

Are u setting the username and password on the Call object in your stub class ?

_call.setUsername("Username");
_call.setPassword("password");

Try that if you are not already doing it.

Vikas
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic