This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Services and the fly likes Basic doubts regarding ssl with tomcat 5.5 ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Basic doubts regarding ssl with tomcat 5.5 ?" Watch "Basic doubts regarding ssl with tomcat 5.5 ?" New topic
Author

Basic doubts regarding ssl with tomcat 5.5 ?

Navneet Singh
Greenhorn

Joined: Aug 19, 2007
Posts: 29

I've just started my preparation of web services. I'm using JAX-WS to create my web services and client. I'm using Tomcat 5.5(not apache axis) to deploy my web services over https and i'm able to do that. I've configured my keystore and keystorepassword in tomcat's server.xml. After i've configured my web.xml to choose security type(choosen CLIENT-CERT). I'm able to run my web services over https. I'm using IDE as netbeans 5.5.
But to access this web service from core java client, i'm unable to do it. I've configure my jvmargs in the project-properties-run tab of netbeans and have given keystore,keystorepassword,keytrust,keytrustpassword. After all this i've also export it to the trustcacerts of tomcat. I want to run this using jax-ws. I've searched for many tutorials of this jax-ws , but all were in vain. Eventhough i've checked in java.dev.net site for tutorial but didn't find for my need. Everywhere they metioned on glassfish,wsit or some other technologies.
Right now i'm totally confused. I've read some little bit things of all these things and finally land it in the middle of the sea. Could anyone provide me the basic concepts or any url for this.
After all this i'm getting exception as : https hostname should be <localhost>. I'm totally confused what to do.
One more thing i just wanted to know that i'm diving into the jax-ws technology, is that right to buil an application on this or should i use JAX-RPC. Which one is better for accessing the url and should be secured from security propects. Also tell me is that possible to build web services on https with using tomcat5.5,jax-ws and netbeans 5.5 or should i need some technology for start up.


SCJP 1.4
SCWCD
Navneet Singh
Greenhorn

Joined: Aug 19, 2007
Posts: 29

could anyone tell me which one is better? JAX-RPC OR JAX-WS, for the start up. and also working with ssl (CLIENT-CERT) with tomcat 5.5
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41155
    
  45
Using Tomcat 5 with JAX-WS is fine, whether you use an IDE or not. (Actually, I would advise not to use an IDE at first - those WS wizards in the IDEs tend to hide a lot of the detail that you're better off learning.)

Deciding between JAX-RPC and JAX-WS isn't a question of security. Both can make use of the same security measures, especially WS-Security (which WSIT implements). Much more important is that JAX-RPC is obsolete; it may even be removed from Java EE 6. So if you're just getting into Java WS, then JAX-WS is definitely the way to go.

I would also advise not to use the standard HTTP security measures like web app authentication and HTTPS. While those will work, the proper way to secure WS is to use the WS-Security standard. It provides for authentication and encryption, amongst other things, and is more flexible and feature-rich.


Ping & DNS - my free Android networking tools app
Navneet Singh
Greenhorn

Joined: Aug 19, 2007
Posts: 29

thanks for the reply, i've one more doubt regarding https. I've created my web services on https using jax-ws. But from the client side i'm unable to do that, do i need to add something to access the https enabled web services. This is the basic one, then i go for ws-security and all. Could you please help me out. I'm using jax-ws,tomcat 5.5,netbeans. Can it be possible, i mean to say can i ensure to access https web services through jax-ws client or what else do i need to do for this security to access.

i've also written the following code before calling my web services through jax-ws.
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.keyStore","d:\\keystore\\auth.keystore");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");

org.me.client.GetResultService service = new org.me.client.GetResultService();
org.me.client.GetResult port = service.getGetResultPort();
java.lang.String result = port.name();
System.out.println("Result = "+result);
===============================
that was my sample code to access web services on https. It's a simple web service but running on https (with tomcat 5.5). But i'm getting an exception as: "https hostname should be :<localhost>"
Could you please tell me where i did a mistake, or do i need to add something more to access it?

in advance thanks a lot.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Basic doubts regarding ssl with tomcat 5.5 ?
 
Similar Threads
Call https .net webservice using Java client
how to create java client to access web services running on https/ssl
Passed SCDJWS - 81 %
How to work with self-signed certificate with jax-ws
Your views on Web Services Security