Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

web service security issue

 
Goran Markovic
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.
I am learning from the book "Java web services: Up and Running".
It is quite good one, but I have a problem in undertanding use of keytool in purpose of kreating kyestore.
Here is problem.
Generated .keystore using :, is stored, just as a book says inside "account's home directory", in will be in my case : "E:\Documents and Settings\Boban", and the file .keystore, is there. But I have a problem to compile my client class. In book it stays :

I just replace "/home/mkalin/.keystore" with "E:/Documents and Settings/Boban/.keystore", bit I get an error (cannot find a class).
I tried to create such a Properties in my client code, and to store the value above, but it won't work neither.
So how can I accomplish this?
Thanks
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please post the exact and complete error message. Make sure the ClientTC.class file is in the directory from where you execute this command.
 
Goran Markovic
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well it is ordinary exception which tells that class not found :


It is when I run from command prompt, and simply place client class on C partition.
However I have placed my own keystore into TOMECAT_HOME dir (named sler.keystore). When browser lunch secured service https://localhost:8443/slersec/sler, the keystore on I have placed have been activated and the browser is prompt to accept this key (because it perform validation on its own key/trust store repository. right?).
So my keystore on server side has been successfully deployed.
But when I lunch a java application (from Eclipse) I have been not validated against sler.keystore (I placed in the work dir of Eclipse). The following error has been got :


So,it's not validated.
Can I however programmatic specified keystore and truststore in my client class, and then certificates received from server, to be validated against it??? That would be solution , and the good one. So, how can I perform such a task?
Thanks
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It can't find a class called "and"? Are you sure there isn't a typo or something when you enter the command? Or maybe in some config file?
 
Goran Markovic
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No. I typed what I said. But I am quite sure, that that is wrong. I don't think I should type :

It really doesn't sound correct.
But why I can perform programmatic something like this :
[code]

import java.util.logging.Logger;
import javax.xml.ws.BindingProvider;
import java.util.*;
import securityC.*;
import javax.xml.ws.handler.MessageContext;

public class SecurityClient {
private static Logger logger =Logger.getLogger("SecurityClient");
private static final String endpoint = "https://localhost:8443/slersec/sler";

public static void main(String[] args) {
try{
SlerSecurityService service = new SlerSecurityService();
SlerSecurity port = service.getSlerSecurityPort();
/*
Properties props = new Properties();
props.put("javax.net.ssl.trustStore", System.getProperty ("user.home"));
props.put("javax.net.ssl.trustStorePassword", "changeot");
props.put("javax.net.ssl.keyStore", System.getProperty ("user.home"));
props.put("javax.net.ssl.keyStorePassword", "changeit");
Map<String, Object> req_ctx = ((BindingProvider) port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);


// Place the username/password in the HTTP request headers,
// which a non-Java client can do as well.
Map<String, List><String>> hdr = new HashMap<String, List><String>>();
hdr.put("username", Collections.singletonList("afrodom"));
hdr.put("password", Collections.singletonList("slobodan"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, hdr);

logger.info("Invoking secret key . . . ");
logger.info("The answer is : \n "+ port.secretInfo("love"));
logger.info("check user validation . . . : ");
}catch (Exception e){
e.printStackTrace();
}
}
}

Should I also pay attention on self-created .keystore file in user home dir. on client side, or sler.keystore on server side? How would you solve this problem?
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No. I typed what I said. But I am quite sure, that that is wrong. I don't think I should type :

That's where the "and" is coming from. If the path has spaces, then you need to enclose it in double quotes.
 
Goran Markovic
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, you have a right. But now, the second exception has been raised :

What would go wrong now???
 
Goran Markovic
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I made a plenty of googling, but I couldn't find an answer.
This is my Client class. When I use an ordinary protocol, it works fine but when I change to secured, it says throws prevoous exception. Can I somehow, set system property which will pointing at 'localhost' as my ip?


I just cannot figure out...
 
Goran Markovic
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Help, Help, Help
Does anyone know what is the wrong? I just cannot resolve the problem. I configure the clinet but the same exception had raised again, and again. I have just simply follow the example from "java Web Service:Up and Running", but I cannot find out what is problem.
The exception :


raise, continuously. I have read Mikalai Zaikin's Study Guide, and add some properties more, as suggested :

but then, the second (contradictory) exception has been thrown :



Now, it says the host name SHOULD be localhost (and IT is) ?!
So what should I do??? Thanks... A LoT
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Include this code snippet on the client side. See the comment in the code below for explanation!

Best wishes!
 
Goran Markovic
Ranch Hand
Posts: 399
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ivan.Thanks for your efforts, but the issue isn't resolved .
When i add the static code you have suggested, I get the following exception on client side :


AND it is probably caused by exception thrown from Tomcat :

I am little confused, because I do not directly use HttpsURLConnection object, but Service (proxy) in my client code, and as much as I see, it points to bad certificate, but there is no problem when I try to access the resource using browser. What could be problem?
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
It looks like your truststore and/or keystore is not set up properly.
Check my SCDJWS study notes for a step-by-step guide on how to set up keystores and truststores for SSL and SSL with mututal authentication.
Best wishes!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic