File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes web service over HTTPS for multiple clients Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "web service over HTTPS for multiple clients" Watch "web service over HTTPS for multiple clients" New topic

web service over HTTPS for multiple clients

jahnavi karnam

Joined: Nov 01, 2006
Posts: 2

We are developing an application which is acting as service and client. As a service multiple clients are interacting with our system and as a client we need to call many web services. It is an intranet application and it is between multiple parties and using transport level security ie., HTTP over SSL. My web service receives the request and forward to the other party. In this scenario if i need to pass the request to many clients (web services) do i need to have all the clients certificates with in my server. As i am new to SSL / HTTPS please guide me as do i need to store any particular information regarding client info apart from the details of wsdl. I am using WAS 6.0 app server.
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper

Joined: Aug 26, 2006
Posts: 4968

Do you have an http server fronting that WAS 6.0 server, and if so, which one?

-Cameron McKenzie
jahnavi karnam

Joined: Nov 01, 2006
Posts: 2
Hi we are using IBM HTTP server.
Rizwan Mohammad
Ranch Hand

Joined: Sep 02, 2005
Posts: 445
When you use HTTPS for webservices, to establish a secure connection usually we concern about three things..
1) server authentication 2) client authentication 3) encryption of the ssl connection.

For server authentication, any way you will have certificate generated for its authentication and can be shared with clients.

For client authentication, most of the times certificates are not required. Its optional thing. Usually client authentication may not be required for the webservices unless in some critical cases where server wants to exchange some financial documents with client and you need to validate.
In your case if you think client also needs authentication, you will have to generate certificates for clients and store in the server.


Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
As mentioned bfore, client certificates are rarely used for WS. Usually, HTTP basic authentication or WS-Security authentication (both of which support username and password) are used. I wrote a JavaRanch Journal article that describes how to use both kinds of authentication with WS using various code examples.
I agree. Here's the link:
subject: web service over HTTPS for multiple clients
It's not a secret anymore!