• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

web service over HTTPS for multiple clients

 
jahnavi karnam
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We are developing an application which is acting as service and client. As a service multiple clients are interacting with our system and as a client we need to call many web services. It is an intranet application and it is between multiple parties and using transport level security ie., HTTP over SSL. My web service receives the request and forward to the other party. In this scenario if i need to pass the request to many clients (web services) do i need to have all the clients certificates with in my server. As i am new to SSL / HTTPS please guide me as do i need to store any particular information regarding client info apart from the details of wsdl. I am using WAS 6.0 app server.
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have an http server fronting that WAS 6.0 server, and if so, which one?

-Cameron McKenzie
 
jahnavi karnam
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi we are using IBM HTTP server.
 
Rizwan Mohammad
Ranch Hand
Posts: 445
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you use HTTPS for webservices, to establish a secure connection usually we concern about three things..
1) server authentication 2) client authentication 3) encryption of the ssl connection.

For server authentication, any way you will have certificate generated for its authentication and can be shared with clients.

For client authentication, most of the times certificates are not required. Its optional thing. Usually client authentication may not be required for the webservices unless in some critical cases where server wants to exchange some financial documents with client and you need to validate.
In your case if you think client also needs authentication, you will have to generate certificates for clients and store in the server.

HTH
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As mentioned bfore, client certificates are rarely used for WS. Usually, HTTP basic authentication or WS-Security authentication (both of which support username and password) are used. I wrote a JavaRanch Journal article that describes how to use both kinds of authentication with WS using various code examples.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic