• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

web service over HTTPS for multiple clients

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

We are developing an application which is acting as service and client. As a service multiple clients are interacting with our system and as a client we need to call many web services. It is an intranet application and it is between multiple parties and using transport level security ie., HTTP over SSL. My web service receives the request and forward to the other party. In this scenario if i need to pass the request to many clients (web services) do i need to have all the clients certificates with in my server. As i am new to SSL / HTTPS please guide me as do i need to store any particular information regarding client info apart from the details of wsdl. I am using WAS 6.0 app server.
 
author and cow tipper
Posts: 5009
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you have an http server fronting that WAS 6.0 server, and if so, which one?

-Cameron McKenzie
 
jahnavi karnam
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi we are using IBM HTTP server.
 
Ranch Hand
Posts: 445
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you use HTTPS for webservices, to establish a secure connection usually we concern about three things..
1) server authentication 2) client authentication 3) encryption of the ssl connection.

For server authentication, any way you will have certificate generated for its authentication and can be shared with clients.

For client authentication, most of the times certificates are not required. Its optional thing. Usually client authentication may not be required for the webservices unless in some critical cases where server wants to exchange some financial documents with client and you need to validate.
In your case if you think client also needs authentication, you will have to generate certificates for clients and store in the server.

HTH
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As mentioned bfore, client certificates are rarely used for WS. Usually, HTTP basic authentication or WS-Security authentication (both of which support username and password) are used. I wrote a JavaRanch Journal article that describes how to use both kinds of authentication with WS using various code examples.
reply
    Bookmark Topic Watch Topic
  • New Topic