Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SOAP over SSL using Apache Axis

 
sriraman seshadri
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We are using Apache axis to connect to external party.
We use call.invoke(soapEnvelope) to send soap messages to them.

Now we need to communicate to the thrid party using SSL.
The server will authenticate the client (whether the request is coming from the trusted client)
We (The client) need not authenticate the server. The client will accept the responses from all the servers

We have the server certificate which we have imported into JKS file

We have set the following properties before calling call.invoke()
AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory", "TestSOAPService");
AxisProperties.setProperty("keystore", "/tmp/java/keystore.jks");
AxisProperties.setProperty("keystorePassword", "h4CXm?R*n/9zg");
AxisProperties.setProperty("keystoreType", "JKS");

The belwo method is present in the TestSOAPService to get SSl context
protected SSLContext getContext() throws IOException {
try {
if (attributes == null || (attributes.get("keystore") == null && attributes.get("truststore") == null)) {
SSLContext context = SSLContext.getInstance(DEFAULT_PROTOCOL);
context.init(null, null, null);
return context;
}

String protocol = getProtocol();

KeyManager[] keyManagers = getKeyManagers();

SSLContext sslContext = SSLContext.getInstance(protocol);
//trust manager is set to null because we trust the server
sslContext.init(keyManagers, null, null);

return sslContext;
} catch (NoSuchAlgorithmException e) {
throw new IOException("Exception trying to load sslContext "
+ e.getMessage());
} catch (KeyManagementException e) {
throw new IOException("Exception trying to load sslContext "
+ e.getMessage());
}
}

When we tried to invoke the service we are getting SSL HandShake exception: Unknown certificate.
Is there any additional properties need to be set ?
Is there any other way to send soap message?


 
Hany Shafik
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We (The client) need not authenticate the server. The client will accept the responses from all the servers


The SSL protocol allows only two kinds of authentication. The first mode is when the server authenticates himself to the client. the second one is mutual authentication in which both the server and the client authenticate themselves. That is why you always must trust the server certificate by importing it in the key store regardless of the authentication mode you are using.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic