This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services and the fly likes Web Service SSL Client Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Web Service SSL Client" Watch "Web Service SSL Client" New topic

Web Service SSL Client

Chris McRae

Joined: Dec 02, 2005
Posts: 6
Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication. I want to write a web client to show that a client page can call the web service over https with client authentication. I have my certificate set up which trusts the server certificate where the web service is hosted (that's how I can see the happyaxis.jsp page), so I know my certificate's good. However, I want to be able to programmically call the web service from the client page, and I haven't been able to get that working yet. I should point out I've tested this whole setup over http, and everything works properly. So if anyone out there has any ideas, or could point me in the right direction, I would appreciate it. Thanks.
Balaji Loganathan
author and deputy

Joined: Jul 13, 2001
Posts: 3150
Originally posted by Chris McRae:
Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication.

Will this sample from axis be any useful??

Spritle Software Blogs
Chris McRae

Joined: Dec 02, 2005
Posts: 6
I've actually looked at that already. Thanks, though.
Nazneen Shaikh

Joined: May 01, 2003
Posts: 21
can you put in the piece of code you are using right now, which is not helping you?

I'll try and see whats missing in it or if anything is going wrong.
Chris McRae

Joined: Dec 02, 2005
Posts: 6
Thanks for your help. Here is the code that I am trying to use. It's from a .jsp page hosted on a web server over https with a server certificate that is trusted by the server which hosts the web service which is the endpoint.

-- First, retrieving the client certificate --
X509Certificate clientCert = null;
X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
clientCert = certs[0];
clientDN = clientCert.getSubjectDN().toString();

-- Seting the SSL information --;

-- Using the java code for the client generated from the wsdl --
-- where 'clientDN' is the input parameter to the web service --
locator = new GetSearchesServiceLocator();
port = locator.getgetSearchesPort();
searchinfoin = new GetSearchesByOwnerInfoIn();

-- attempt to call the web service --
allSearchesByOwner = (Searches)port.getSearchesByOwner(searchinfoin);

At this point, the call fails with a 403-Forbidden message. All this code works fine over http, by the way, where I don't have to worry about certificates. I've tried various ways of using the client certificate (the clientCert variable) to start the SSL handshake, but no luck so far. I'm obviously missing something, but haven't figured it out yet. Any help would be greatly appreciated. Thank you for your help.
Vikas Phonsa

Joined: Jan 21, 2003
Posts: 3
Hi Everybody,

I've built a java web service client using Apache Axis that talks to a webservice deployed in Websphere 5.1 over HTTPS.

The communication over SSL has been successful so far, I'm posting excerpts from the code below. But it takes the client a long time to get a response back and often I get the request timeout errors.

On the server side, the logs show that when the request is acutally handed over to the java application it is processed very fast.

So it looks like the SSL handshake is taking place on every request because it takes too long to get a response back.

There is no client side certificate.

So does anybody know how HTTP sessions are maintained when using SSL. Are session cookies still used or is there another mechanism for mainting the HTTP sessions.

I have tried "Service.setMaintainSession(true)". It seems to have made a difference but I'm not exactly sure. This method call is suppossed to work for plain HTTP but I'm not sure what would happen when SSL/HTTPS is involved.

Any input would be appreciated.


--- Excerpt from my client java code---------

// This is all I do (besides setting the username and password in the Call object) before sending the request.

System.setProperty( "","certstore\\cacert");
System.setProperty("", "changeit");
System.setProperty( "", "certstore\\cacert");
Vikas Phonsa

Joined: Jan 21, 2003
Posts: 3
Hey Chris McRae,

Regarding your problem.

Don't you need a username and password to access the webservice over SSL.

Are u setting the username and password on the Call object in your stub class ?


Try that if you are not already doing it.

I agree. Here's the link:
subject: Web Service SSL Client
Similar Threads
Call https .net webservice using Java client
how to create java client to access web services running on https/ssl
How to work with self-signed certificate with jax-ws
Problem getting client certificate from the Web server
How to configure JBoss to call a web service that is hosted on Tomcat using https