File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes web service security issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "web service security issue" Watch "web service security issue" New topic
Author

web service security issue

Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Hi.
I am learning from the book "Java web services: Up and Running".
It is quite good one, but I have a problem in undertanding use of keytool in purpose of kreating kyestore.
Here is problem.
Generated .keystore using :, is stored, just as a book says inside "account's home directory", in will be in my case : "E:\Documents and Settings\Boban", and the file .keystore, is there. But I have a problem to compile my client class. In book it stays :

I just replace "/home/mkalin/.keystore" with "E:/Documents and Settings/Boban/.keystore", bit I get an error (cannot find a class).
I tried to create such a Properties in my client code, and to store the value above, but it won't work neither.
So how can I accomplish this?
Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41838
    
  63
Please post the exact and complete error message. Make sure the ClientTC.class file is in the directory from where you execute this command.


Ping & DNS - my free Android networking tools app
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Well it is ordinary exception which tells that class not found :


It is when I run from command prompt, and simply place client class on C partition.
However I have placed my own keystore into TOMECAT_HOME dir (named sler.keystore). When browser lunch secured service https://localhost:8443/slersec/sler, the keystore on I have placed have been activated and the browser is prompt to accept this key (because it perform validation on its own key/trust store repository. right?).
So my keystore on server side has been successfully deployed.
But when I lunch a java application (from Eclipse) I have been not validated against sler.keystore (I placed in the work dir of Eclipse). The following error has been got :


So,it's not validated.
Can I however programmatic specified keystore and truststore in my client class, and then certificates received from server, to be validated against it??? That would be solution , and the good one. So, how can I perform such a task?
Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41838
    
  63
It can't find a class called "and"? Are you sure there isn't a typo or something when you enter the command? Or maybe in some config file?
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
No. I typed what I said. But I am quite sure, that that is wrong. I don't think I should type :

It really doesn't sound correct.
But why I can perform programmatic something like this :
[code]

import java.util.logging.Logger;
import javax.xml.ws.BindingProvider;
import java.util.*;
import securityC.*;
import javax.xml.ws.handler.MessageContext;

public class SecurityClient {
private static Logger logger =Logger.getLogger("SecurityClient");
private static final String endpoint = "https://localhost:8443/slersec/sler";

public static void main(String[] args) {
try{
SlerSecurityService service = new SlerSecurityService();
SlerSecurity port = service.getSlerSecurityPort();
/*
Properties props = new Properties();
props.put("javax.net.ssl.trustStore", System.getProperty ("user.home"));
props.put("javax.net.ssl.trustStorePassword", "changeot");
props.put("javax.net.ssl.keyStore", System.getProperty ("user.home"));
props.put("javax.net.ssl.keyStorePassword", "changeit");
Map<String, Object> req_ctx = ((BindingProvider) port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);


// Place the username/password in the HTTP request headers,
// which a non-Java client can do as well.
Map<String, List><String>> hdr = new HashMap<String, List><String>>();
hdr.put("username", Collections.singletonList("afrodom"));
hdr.put("password", Collections.singletonList("slobodan"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, hdr);

logger.info("Invoking secret key . . . ");
logger.info("The answer is : \n "+ port.secretInfo("love"));
logger.info("check user validation . . . : ");
}catch (Exception e){
e.printStackTrace();
}
}
}

Should I also pay attention on self-created .keystore file in user home dir. on client side, or sler.keystore on server side? How would you solve this problem?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41838
    
  63
No. I typed what I said. But I am quite sure, that that is wrong. I don't think I should type :

That's where the "and" is coming from. If the path has spaces, then you need to enclose it in double quotes.
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Well, you have a right. But now, the second exception has been raised :

What would go wrong now???
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Hi
I made a plenty of googling, but I couldn't find an answer.
This is my Client class. When I use an ordinary protocol, it works fine but when I change to secured, it says throws prevoous exception. Can I somehow, set system property which will pointing at 'localhost' as my ip?


I just cannot figure out...
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Help, Help, Help
Does anyone know what is the wrong? I just cannot resolve the problem. I configure the clinet but the same exception had raised again, and again. I have just simply follow the example from "java Web Service:Up and Running", but I cannot find out what is problem.
The exception :


raise, continuously. I have read Mikalai Zaikin's Study Guide, and add some properties more, as suggested :

but then, the second (contradictory) exception has been thrown :



Now, it says the host name SHOULD be localhost (and IT is) ?!
So what should I do??? Thanks... A LoT
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
Include this code snippet on the client side. See the comment in the code below for explanation!

Best wishes!
Goran Markovic
Ranch Hand

Joined: Sep 26, 2008
Posts: 399
Hi Ivan.Thanks for your efforts, but the issue isn't resolved .
When i add the static code you have suggested, I get the following exception on client side :


AND it is probably caused by exception thrown from Tomcat :

I am little confused, because I do not directly use HttpsURLConnection object, but Service (proxy) in my client code, and as much as I see, it points to bad certificate, but there is no problem when I try to access the resource using browser. What could be problem?
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
It looks like your truststore and/or keystore is not set up properly.
Check my SCDJWS study notes for a step-by-step guide on how to set up keystores and truststores for SSL and SSL with mututal authentication.
Best wishes!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: web service security issue