I'm running mutual authentication example for servlet based webservice from Ivan's study guide section 8.3 on GlassFish V3.0.1 app server. On running standalone client invocation I'm receiving below error. Access Control and one way SSL example works fine for me.
keyStore is : client_keystore.jks
keyStore type is : jks
keyStore provider is :
init keymanager of type SunX509
found key for : client
chain  = [
Subject: CN=My Client, OU=Client Org Unit, O=Client Org, L=Client City, ST=Client State, C=US
Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3
It turns out that the default configuration in both GlassFish v2.1 and v3 is not prepared for mutual authentication.
A quick-and-dirty way to enable mutual authentication on the default HTTPS HTTP Listener is:
- In the Tree to the left, navigate to the Configuration node and expand it.
- In the Configuration node, navigate to Network Config and open the node.
- In the Network Config node, navigate to Network Listeners and open the node.
- In the Network Listeners node, navigate to the http-listener-2 node.
- In the pane to the right, make sure that SSL3 is not checked, TLS and Client Authentication are checked.
- Click the Save button.
Also see the enclosed snapshot for visual confirmation on the settings.
After the above configuration, the mutual authentication example should now run on GlassFish v3.0.1.
Thank you very much for investigating the problem. I updated Glassfish V3.0.1 configuration as you said and restart the server. However on running standalone client I'm seeing below error.It is diffrent than what I was facing earlier.
Exception in thread "main" javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://localhost:8181/GreetingServletMutual/HelloWorldWSService?wsdl. It failed with:
Server returned HTTP response code: 403 for URL: https://localhost:8181/GreetingServletMutual/HelloWorldWSService?wsdl.
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:8181/GreetingServletMutual/HelloWorldWSService?wsdl at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1313)
My guess is that the web service is not correctly deployed, thus the 403.
If you have deployed the web service correctly, you should be able to retrieve the WSDL using plain HTTP from a browser. If you try to retrieve the WSDL over HTTPS, the browser will ask for a security exception but, after having confirmed the exception, still not retrieve the WSDL. This is due to the client not presenting the proper certificate to the server, since the client is the browser.
I tried the example again and it actually still works here so I still feel confident in having solved the issue.
Well, I've already shared my code with you - it is all in the study notes.
Are you working with Eclipse?
In that case, and if you are able to and feel like it, you could zip the two projects and upload them somewhere where I can download them. I can then take a look at your projects.
If you need somewhere to upload to, consider rapidshare or similar.
The archive did not contain any Eclipse or NetBeans projects, so I haven't tried deploy the web service.
Do try to modify the following line in the sun-web.xml deployment descriptor so that it is one single line:
You are the man. Your solution was perfect. Now I can access both Servlet based and EJB based webservice in two way SSL mode. Thanks a lot for bearing my curiosity.
5 cents from me. One study guide typo I want bring in your attention. You mentioned to create sun-web.xml and sun-ejb.xml for EJB based webservice in section 8.3. I guess correct file name is sun-ejb-jar.xml
Very good to hear that you managed to make the example work!
I also want to thank you again for asking the question and notifying me about the typos - it helped me improve my book.
The study guide has been updated and a new version is available as of now!