This week's book giveaway is in the Agile and other Processes forum. We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line! See this thread for details.
Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication. I want to write a web client to show that a client page can call the web service over https with client authentication. I have my certificate set up which trusts the server certificate where the web service is hosted (that's how I can see the happyaxis.jsp page), so I know my certificate's good. However, I want to be able to programmically call the web service from the client page, and I haven't been able to get that working yet. I should point out I've tested this whole setup over http, and everything works properly. So if anyone out there has any ideas, or could point me in the right direction, I would appreciate it. Thanks.
Balaji Loganathan
author and deputy
Bartender
Joined: Jul 13, 2001
Posts: 3150
posted
0
Originally posted by Chris McRae: Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication.
I've actually looked at that already. Thanks, though.
Nazneen Shaikh
Greenhorn
Joined: May 01, 2003
Posts: 21
posted
0
can you put in the piece of code you are using right now, which is not helping you?
I'll try and see whats missing in it or if anything is going wrong.
Chris McRae
Greenhorn
Joined: Dec 02, 2005
Posts: 6
posted
0
Thanks for your help. Here is the code that I am trying to use. It's from a .jsp page hosted on a web server over https with a server certificate that is trusted by the server which hosts the web service which is the endpoint.
-- Seting the SSL information -- java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol"); System.setProperty("javax.net.ssl.trustStore","D:/webapps/ws_app/WEB-INF/truststore"); System.setProperty("javax.net.ssl.trustStorePassword","12345678");
-- Using the java code for the client generated from the wsdl -- -- where 'clientDN' is the input parameter to the web service -- locator = new GetSearchesServiceLocator(); port = locator.getgetSearchesPort(); searchinfoin = new GetSearchesByOwnerInfoIn(); searchinfoin.setDn(clientDN);
-- attempt to call the web service -- allSearchesByOwner = (Searches)port.getSearchesByOwner(searchinfoin);
At this point, the call fails with a 403-Forbidden message. All this code works fine over http, by the way, where I don't have to worry about certificates. I've tried various ways of using the client certificate (the clientCert variable) to start the SSL handshake, but no luck so far. I'm obviously missing something, but haven't figured it out yet. Any help would be greatly appreciated. Thank you for your help.
Vikas Phonsa
Greenhorn
Joined: Jan 21, 2003
Posts: 3
posted
0
Hi Everybody,
I've built a java web service client using Apache Axis that talks to a webservice deployed in Websphere 5.1 over HTTPS.
The communication over SSL has been successful so far, I'm posting excerpts from the code below. But it takes the client a long time to get a response back and often I get the request timeout errors.
On the server side, the logs show that when the request is acutally handed over to the java application it is processed very fast.
So it looks like the SSL handshake is taking place on every request because it takes too long to get a response back.
There is no client side certificate.
So does anybody know how HTTP sessions are maintained when using SSL. Are session cookies still used or is there another mechanism for mainting the HTTP sessions.
I have tried "Service.setMaintainSession(true)". It seems to have made a difference but I'm not exactly sure. This method call is suppossed to work for plain HTTP but I'm not sure what would happen when SSL/HTTPS is involved.
Any input would be appreciated.
Thanks Vikas
--- Excerpt from my client java code---------
// This is all I do (besides setting the username and password in the Call object) before sending the request.
0
