aspose file tools*
The moose likes Web Services and the fly likes axis2 client with ssl calls ok a web service, next calls ssl security is not enforced Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "axis2 client with ssl calls ok a web service, next calls ssl security is not enforced" Watch "axis2 client with ssl calls ok a web service, next calls ssl security is not enforced" New topic
Author

axis2 client with ssl calls ok a web service, next calls ssl security is not enforced

Fernando Fontana
Greenhorn

Joined: Dec 22, 2010
Posts: 4
Hi,
I'm using axis 1.5.2 + jre 1.6 in aix 5.3, generating client stub with wsdl2java. wrote a java program that, given a keystore file and a password, and using the stub generated, calls an external web service with https. that works OK the first time it calls the web service.
the second call, and the third and so on, the web service is executed correctly even if the keystore password is incorrect! i.e., security is not enforced.

to change the keystore and password I use:
System.setProperty("javax.net.ssl.keyStore", filename) ;
System.setProperty("javax.net.ssl.keyStorePassword", password) ;

any clue?
thanks in advance

ps: excuse my poor english
Naren Chivukula
Ranch Hand

Joined: Feb 03, 2004
Posts: 577

Hi Fernando,
he web service is executed correctly even if the keystore password is incorrect!

What kind of client is your Java code? How are you invoking your client? If your code is inside a container, then its more likely your server not overriding your new credentials. I suggest you to print user name and password just before invoking your web service and see if you consistently get original ones or are they overridden.


Cheers,
Naren
(OCEEJBD6, SCWCD5, SCDJWS, SCJP1.4 and Oracle SQL 1Z0-051)
Fernando Fontana
Greenhorn

Joined: Dec 22, 2010
Posts: 4
Thanks for your answer, Naren!
The client code is a plain java program, it's not inside a container or framework. I run it directly from the shell.
The filename and password are correct, they are printed in a log file.

regards,
Fernando
Naren Chivukula
Ranch Hand

Joined: Feb 03, 2004
Posts: 577

Hi Fernando,
It doesn't ring a bell to me why your program behaves like that. As you are running plain Java program, I'd have thought every time the JVM started is a new one and there is no point in memorizing the user credentials. But, one thing I suspect is that it could be on the server side and again when your web service call is ended (which means HTTP connection is closed, I presume you use HTTP transport), server wouldn't possibly relate previous user credentials to your next request.

Okay, now can I ask you when you could replicate success scenario again? To elaborate my question, say you ran your program for the first time and it passed with registered user name and password!

Second time, even you changed password it's still passing!
And so on.

Now, when again and after doing what could you replicate the first scenario? If you can post your code unless it is sensitive, I'd be glad to have a look.

Fernando Fontana
Greenhorn

Joined: Dec 22, 2010
Posts: 4
Hi Naren,
the program calls several times the web service, i.e. it does not end the jvm after the first call.
It reads the parameters (name of the web service, keystore filename and password) from an oracle stored procedure, calls the web service and repeat the loop.
I'll post the code, after making some remarks to make it more clearer.

many thanks!
Fernando
Naren Chivukula
Ranch Hand

Joined: Feb 03, 2004
Posts: 577

Hi Fernando,
Okay, then in that case as soon as web service call was ended, the next request would be fresh for the server. So, obviously as I see there is something on your client code causing the problem. But, still I'm not completely sure.
Fernando Fontana
Greenhorn

Joined: Dec 22, 2010
Posts: 4
Hi,
below I have included the java program (I can't attach files in this forum!).
function servidor() sets properties for the trusted store, cretes an axis2 stub (LBTRWSstub class generated with wsdl2java), conects to an oracle database and then makes an infinite loop, in each cycle:
* obtains data from an oracle stored procedure
* depending on the data, then it calls status(), procesar103() or procesar195() (they're different web services, in the same url)
* in all cases, that functions call setusupass() wich in term sets the keystore properties. the keystore and the password came from the oracle stored procedure, they're not fixed.
* the functions then call the axis2 stub, get an answer and call anothe oracle stored procedure.

let me know if I can give you more details.

thanks,
Fernando

____________________________________________________________________________________
// wsservidor : servidor de web services del bcu. recibe pedidos a través del paquete wspago.wsservidor, invoca al web service
// del bcu y envía resultado por el mismo paquete. el cliente se comunica a través del paquete wspago.wspago. internamente se
// comunican con pipes de oracle.

package uy.gub.bcu.lbtr.ws.cliente;

import uy.gub.bcu.lbtr.ws.LBTRWSStub;
import uy.gub.bcu.lbtr.ws.LBTRWSStub.*;
import org.apache.axis2.transport.http.*;
import javax.activation.*;
import org.apache.commons.io.*;
import java.io.*;
import java.text.*;
import java.util.*;
import javax.mail.util.*;
import java.sql.*;
import oracle.jdbc.pool.OracleDataSource;

public class wsservidor {
// almacen de claves en las que confio (parte publica del certificado del web server del BCU)
static String strTrustStore = "tgn.jks" ;
static String strTrustStorePassword = "billetera1" ;
//direccion del web service - consultar con 1967 int. 2084
static String strWsURL; // url acceso web services
static long timeout = 60000; // timeout espera ws
static LBTRWSStub stub; // stub para invocacion a ws
static FileWriter flog; // archivo log
static Connection conexion; // conexion a base oracle
static Properties props; // archivo configuracion

static void abrelog(String archivo) throws Exception {
flog = new FileWriter(archivo, true); // abre concatenando
}

static void salidalog(String texto) throws Exception {
DateFormat df = new SimpleDateFormat ("yyyy/MM/dd hh:mm:ss ");
java.util.Date ahora = new java.util.Date();
String fechahora = df.format(ahora);
flog.write(fechahora + texto + "\n");
flog.flush();
System.out.println("debug: salidalog: " + fechahora + texto);
}

static void conexiondb() {
try {
OracleDataSource ods = new OracleDataSource();
ods.setDriverType("thin");
ods.setServerName(props.getProperty("host"));
ods.setDatabaseName(props.getProperty("base"));
ods.setPortNumber(Integer.parseInt(props.getProperty("puerto")));
ods.setUser(props.getProperty("usuario"));
ods.setPassword(props.getProperty("password"));
conexion=ods.getConnection();
} catch(SQLException ex) {
System.out.println("Error conectandose a la base: "+ex.toString());
}
}

static void setusupass(String usuario, String password) {
System.setProperty("javax.net.ssl.keyStore", usuario + ".p12") ;
System.setProperty("javax.net.ssl.keyStorePassword", password) ;
}

static String status(String usuario, String password) throws Exception {
try {
setusupass(usuario, password) ;
// estado servidor
long comtiempo = System.currentTimeMillis();
StatusResponse respuestastatus = stub.status() ;
salidalog(" procesado status en " +
Float.toString((System.currentTimeMillis()-comtiempo)/1000F) + " segundos");
String resultado = respuestastatus.get_return();
if (resultado.length() < 80 && resultado.contains("Activo")) {
return "ok";
} else {
return "error";
}
} catch (Exception ex) {
salidalog("error: " + ex.toString());
return "error";
}
}

// parsea el resultado para ver si es un error java. si es error, tratar de tomar un substring util, sino
// devolver resultado original
static String parseresultado(String resultado) {
if (resultado.startsWith("Excepcion")) { // error java, intentar devolver string con explicacion
String strlbtre = "LBTRException - ";
int i = resultado.indexOf(strlbtre);
int finlinea = resultado.indexOf("\n");
if (finlinea == -1) {
finlinea = resultado.length();
}
return "error" + ((i == -1) ? "" : resultado.substring(i + strlbtre.length(), finlinea));
} else {
return resultado;
}
}

static String procesar103(String usuario, String password, String codigo) throws Exception {
try {
setusupass(usuario, password) ;
// estado pago swift 195
long comtiempo = System.currentTimeMillis();
ByteArrayDataSource arraycodigo = new ByteArrayDataSource(codigo, "text/plain");
DataHandler dh = new DataHandler(arraycodigo);
ProcessSwiftMessage103 procSwiftMsg = new ProcessSwiftMessage103() ;
procSwiftMsg.setDhMsg(dh);
ProcessSwiftMessage103Response respuesta103 = stub.processSwiftMessage103(procSwiftMsg);
DataHandler dhRespuesta = respuesta103.get_return();
ByteArrayOutputStream arrayrespuesta = new ByteArrayOutputStream(2000);
dhRespuesta.writeTo(arrayrespuesta);
// mostrar tiempo total
salidalog(codigo + " procesado con processswiftmessage103 en " +
Float.toString((System.currentTimeMillis()-comtiempo)/1000F) + " segundos");
return parseresultado(arrayrespuesta.toString());
} catch (Exception ex) {
salidalog("error: " + ex.toString());
return "error";
}
}

static String procesar195(String usuario, String password, String codigo) throws Exception {
try {
setusupass(usuario, password);
// estado pago swift 195
long comtiempo = System.currentTimeMillis();
ByteArrayDataSource arraycodigo = new ByteArrayDataSource(codigo, "text/plain");
DataHandler dh = new DataHandler(arraycodigo);
ProcessSwiftMessage195Stat procSwiftMsg = new ProcessSwiftMessage195Stat() ;
procSwiftMsg.setDhMsg(dh);
ProcessSwiftMessage195StatResponse respuesta195 = stub.processSwiftMessage195Stat(procSwiftMsg);
DataHandler dhRespuesta = respuesta195.get_return();
ByteArrayOutputStream arrayrespuesta = new ByteArrayOutputStream(2000);
dhRespuesta.writeTo(arrayrespuesta);
// mostrar tiempo total
salidalog(codigo + " procesado con processswiftmessage195stat en " +
Float.toString((System.currentTimeMillis()-comtiempo)/1000F) + " segundos");
return parseresultado(arrayrespuesta.toString());
} catch (Exception ex) {
salidalog("error: " + ex.toString());
return "error";
}
}

static void servidor() throws Exception {
String usuario, password, nombrews, parametros, resultado;
// inicializar
System.setProperty("javax.net.ssl.trustStore", strTrustStore) ;
System.setProperty("javax.net.ssl.trustStorePassword", strTrustStorePassword) ;
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12") ;
stub = new LBTRWSStub(strWsURL); // stub invocacion a ws
stub._getServiceClient().getOptions().setTimeOutInMilliSeconds(timeout); // timeout 1 minuto

// conexion a base
conexiondb();

// preparar sentencias
CallableStatement sent1, sent2;
sent1 = conexion.prepareCall("begin wsservidor.recibeinvocaws(?,?,?,?); end;");
sent1.registerOutParameter(1, Types.CHAR);
sent1.registerOutParameter(2, Types.CHAR);
sent1.registerOutParameter(3, Types.CHAR);
sent1.registerOutParameter(4, Types.CHAR);
sent2 = conexion.prepareCall("begin wsservidor.enviarespuestaws(?); end;");
// ciclo con toma pedido e invocacion a web service correspondiente
while (true) {
// obtener datos pedido
sent1.execute();
usuario = sent1.getString(1);
password = sent1.getString(2);
nombrews = sent1.getString(3);
parametros = sent1.getString(4);
System.out.println("debug: recibi " + usuario + " " + password + " " + nombrews + " " + parametros);

// llamar web service
if (nombrews.compareToIgnoreCase("status") == 0) {
resultado = status(usuario, password);
} else if (nombrews.compareToIgnoreCase("procesar103") == 0) {
resultado = procesar103(usuario, password, parametros);
} else if (nombrews.compareToIgnoreCase("procesar195") == 0) {
resultado = procesar195(usuario, password, parametros);
} else {
salidalog("nombre ws no conocido: " + nombrews);
resultado = "error: ws " + nombrews + " desconocido";
}
System.out.println("debug: respuesta " + resultado);

// enviar respuesta
sent2.setString(1, resultado);
sent2.execute();
} // fin ciclo
} // fin servidor

public static void main(String[] args) throws Exception {
props = new Properties();
props.load(new FileInputStream(args[0] + ".properties"));
abrelog(props.getProperty("archivolog"));
salidalog("iniciando servidor " + args[0]);
strWsURL = props.getProperty("url");
salidalog("acceso a " + strWsURL);
servidor();
salidalog("fin servidor " + args[0]);
}
}
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: axis2 client with ssl calls ok a web service, next calls ssl security is not enforced