I've just started my preparation of web services. I'm using JAX-WS to create my web services and client. I'm using Tomcat 5.5(not apache axis) to deploy my web services over https and i'm able to do that. I've configured my keystore and keystorepassword in tomcat's server.xml. After i've configured my web.xml to choose security type(choosen CLIENT-CERT). I'm able to run my web services over https. I'm using IDE as netbeans 5.5. But to access this web service from core java client, i'm unable to do it. I've configure my jvmargs in the project-properties-run tab of netbeans and have given keystore,keystorepassword,keytrust,keytrustpassword. After all this i've also export it to the trustcacerts of tomcat. I want to run this using jax-ws. I've searched for many tutorials of this jax-ws , but all were in vain. Eventhough i've checked in java.dev.net site for tutorial but didn't find for my need. Everywhere they metioned on glassfish,wsit or some other technologies. Right now i'm totally confused. I've read some little bit things of all these things and finally land it in the middle of the sea. Could anyone provide me the basic concepts or any url for this. After all this i'm getting exception as : https hostname should be <localhost>. I'm totally confused what to do. One more thing i just wanted to know that i'm diving into the jax-ws technology, is that right to buil an application on this or should i use JAX-RPC. Which one is better for accessing the url and should be secured from security propects. Also tell me is that possible to build web services on https with using tomcat5.5,jax-ws and netbeans 5.5 or should i need some technology for start up.
Using Tomcat 5 with JAX-WS is fine, whether you use an IDE or not. (Actually, I would advise not to use an IDE at first - those WS wizards in the IDEs tend to hide a lot of the detail that you're better off learning.)
Deciding between JAX-RPC and JAX-WS isn't a question of security. Both can make use of the same security measures, especially WS-Security (which WSIT implements). Much more important is that JAX-RPC is obsolete; it may even be removed from Java EE 6. So if you're just getting into Java WS, then JAX-WS is definitely the way to go.
I would also advise not to use the standard HTTP security measures like web app authentication and HTTPS. While those will work, the proper way to secure WS is to use the WS-Security standard. It provides for authentication and encryption, amongst other things, and is more flexible and feature-rich.
thanks for the reply, i've one more doubt regarding https. I've created my web services on https using jax-ws. But from the client side i'm unable to do that, do i need to add something to access the https enabled web services. This is the basic one, then i go for ws-security and all. Could you please help me out. I'm using jax-ws,tomcat 5.5,netbeans. Can it be possible, i mean to say can i ensure to access https web services through jax-ws client or what else do i need to do for this security to access.
i've also written the following code before calling my web services through jax-ws. System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol"); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("javax.net.ssl.keyStore","d:\\keystore\\auth.keystore"); System.setProperty("javax.net.ssl.keyStorePassword","changeit");
org.me.client.GetResultService service = new org.me.client.GetResultService(); org.me.client.GetResult port = service.getGetResultPort(); java.lang.String result = port.name(); System.out.println("Result = "+result); =============================== that was my sample code to access web services on https. It's a simple web service but running on https (with tomcat 5.5). But i'm getting an exception as: "https hostname should be :<localhost>" Could you please tell me where i did a mistake, or do i need to add something more to access it?
in advance thanks a lot.
subject: Basic doubts regarding ssl with tomcat 5.5 ?