This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Web Services and the fly likes Web Service SSL Client Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Web Services
Bookmark "Web Service SSL Client" Watch "Web Service SSL Client" New topic
Author

Web Service SSL Client

Chris McRae
Greenhorn

Joined: Dec 02, 2005
Posts: 6
Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication. I want to write a web client to show that a client page can call the web service over https with client authentication. I have my certificate set up which trusts the server certificate where the web service is hosted (that's how I can see the happyaxis.jsp page), so I know my certificate's good. However, I want to be able to programmically call the web service from the client page, and I haven't been able to get that working yet. I should point out I've tested this whole setup over http, and everything works properly. So if anyone out there has any ideas, or could point me in the right direction, I would appreciate it. Thanks.
Balaji Loganathan
author and deputy
Bartender

Joined: Jul 13, 2001
Posts: 3150
Originally posted by Chris McRae:
Okay, here's my problem. I've got a axis web service deployed and ready for use against an https web application which requires client authentication.


Will this sample from axis be any useful??


Spritle Software Blogs
Chris McRae
Greenhorn

Joined: Dec 02, 2005
Posts: 6
I've actually looked at that already. Thanks, though.
Nazneen Shaikh
Greenhorn

Joined: May 01, 2003
Posts: 21
can you put in the piece of code you are using right now, which is not helping you?

I'll try and see whats missing in it or if anything is going wrong.
Chris McRae
Greenhorn

Joined: Dec 02, 2005
Posts: 6
Thanks for your help. Here is the code that I am trying to use. It's from a .jsp page hosted on a web server over https with a server certificate that is trusted by the server which hosts the web service which is the endpoint.

-- First, retrieving the client certificate --
X509Certificate clientCert = null;
X509Certificate[] certs = (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
clientCert = certs[0];
clientDN = clientCert.getSubjectDN().toString();

-- Seting the SSL information --
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.trustStore","D:/webapps/ws_app/WEB-INF/truststore");
System.setProperty("javax.net.ssl.trustStorePassword","12345678");

-- Using the java code for the client generated from the wsdl --
-- where 'clientDN' is the input parameter to the web service --
locator = new GetSearchesServiceLocator();
port = locator.getgetSearchesPort();
searchinfoin = new GetSearchesByOwnerInfoIn();
searchinfoin.setDn(clientDN);

-- attempt to call the web service --
allSearchesByOwner = (Searches)port.getSearchesByOwner(searchinfoin);

At this point, the call fails with a 403-Forbidden message. All this code works fine over http, by the way, where I don't have to worry about certificates. I've tried various ways of using the client certificate (the clientCert variable) to start the SSL handshake, but no luck so far. I'm obviously missing something, but haven't figured it out yet. Any help would be greatly appreciated. Thank you for your help.
Vikas Phonsa
Greenhorn

Joined: Jan 21, 2003
Posts: 3
Hi Everybody,

I've built a java web service client using Apache Axis that talks to a webservice deployed in Websphere 5.1 over HTTPS.

The communication over SSL has been successful so far, I'm posting excerpts from the code below. But it takes the client a long time to get a response back and often I get the request timeout errors.

On the server side, the logs show that when the request is acutally handed over to the java application it is processed very fast.

So it looks like the SSL handshake is taking place on every request because it takes too long to get a response back.

There is no client side certificate.

So does anybody know how HTTP sessions are maintained when using SSL. Are session cookies still used or is there another mechanism for mainting the HTTP sessions.

I have tried "Service.setMaintainSession(true)". It seems to have made a difference but I'm not exactly sure. This method call is suppossed to work for plain HTTP but I'm not sure what would happen when SSL/HTTPS is involved.

Any input would be appreciated.

Thanks
Vikas

--- Excerpt from my client java code---------



// This is all I do (besides setting the username and password in the Call object) before sending the request.

System.setProperty( "javax.net.ssl.keyStore","certstore\\cacert");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty( "javax.net.ssl.trustStore", "certstore\\cacert");
Vikas Phonsa
Greenhorn

Joined: Jan 21, 2003
Posts: 3
Hey Chris McRae,

Regarding your problem.

Don't you need a username and password to access the webservice over SSL.

Are u setting the username and password on the Call object in your stub class ?

_call.setUsername("Username");
_call.setPassword("password");

Try that if you are not already doing it.

Vikas
 
jQuery in Action, 2nd edition
 
subject: Web Service SSL Client