This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Services and the fly likes web service over HTTPS for multiple clients Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "web service over HTTPS for multiple clients" Watch "web service over HTTPS for multiple clients" New topic
Author

web service over HTTPS for multiple clients

jahnavi karnam
Greenhorn

Joined: Nov 01, 2006
Posts: 2
Hi,

We are developing an application which is acting as service and client. As a service multiple clients are interacting with our system and as a client we need to call many web services. It is an intranet application and it is between multiple parties and using transport level security ie., HTTP over SSL. My web service receives the request and forward to the other party. In this scenario if i need to pass the request to many clients (web services) do i need to have all the clients certificates with in my server. As i am new to SSL / HTTPS please guide me as do i need to store any particular information regarding client info apart from the details of wsdl. I am using WAS 6.0 app server.
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper

Joined: Aug 26, 2006
Posts: 4968
    
    1

Do you have an http server fronting that WAS 6.0 server, and if so, which one?

-Cameron McKenzie
jahnavi karnam
Greenhorn

Joined: Nov 01, 2006
Posts: 2
Hi we are using IBM HTTP server.
Rizwan Mohammad
Ranch Hand

Joined: Sep 02, 2005
Posts: 445
When you use HTTPS for webservices, to establish a secure connection usually we concern about three things..
1) server authentication 2) client authentication 3) encryption of the ssl connection.

For server authentication, any way you will have certificate generated for its authentication and can be shared with clients.

For client authentication, most of the times certificates are not required. Its optional thing. Usually client authentication may not be required for the webservices unless in some critical cases where server wants to exchange some financial documents with client and you need to validate.
In your case if you think client also needs authentication, you will have to generate certificates for clients and store in the server.

HTH


Rizwan
SCJA, SCJP, SCWCD, SCBCD, SCDJWS.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41180
    
  45
As mentioned bfore, client certificates are rarely used for WS. Usually, HTTP basic authentication or WS-Security authentication (both of which support username and password) are used. I wrote a JavaRanch Journal article that describes how to use both kinds of authentication with WS using various code examples.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: web service over HTTPS for multiple clients
 
Similar Threads
2 technical questions for the techies
Any sample web service on https exposed on internet?
SOAP over HTTPS / SSL
Design problem
Web Service SSL Client