This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Hi all, I'm new to the forum and I'm pretty much a novice in JAVA; right now I'm developing a WCF service to be consumed in JAVA applications! I can have WCF and JAVA communicate without security but with security involved it goes to hell in a hand basket!
I keep receiving a WebServiceExceptionthrown from a CertificateException with the problem: "No subject alternative names present". I found a workaround that I want to try just for the sake of learning JAVA which involves overriding that verifies the host name. As such: http://www.coderanch.com/t/134384/Security/Getting-error-No-subject-alternative! I know you're not supposed to use this in production but I would like to play with that. The code is there but how do I apply that with my web service reference classes? I'm using NetBeans 7.0. Client application and WCF service are on the same box.
I've been researching and researching: it seems to me that interoperability between .NET and JAVA is impossible when WCF security settings are configured. Can it be done?
Here are my binding settings if you're familiar with WCF. I can post the WSDL too. I'm using transport security but with message credentials authenticated via username.
For testing/dev environment only: Have you found a temp solution?
Joined: Dec 14, 2011
H Paul wrote:For testing/dev environment only: Have you found a temp solution?
Hi Paul, thanks for the reply, no such luck. Moving on to different things. For the sake of everyone's knowledge, has anyone attempted and successfully implemented a JAVA client that consumes a WCF service with WS HTTP security?
Joined: Jul 26, 2011
This is what I did:
create a self-signed certificate with CN=saturn (yes, saturn is my host/machine name) (this way, there is no need to add any Java code to take care of Host name verification)
1. On WCF side,
a. create a self-signed certificate with CN=saturn (yes, saturn is my host/machine name)
(this way, there is no need to add any Java code to take care of Host name verification)
b. create a self-hosted WCF service + TransportWithMessageCredential + UserName
expose it as https://saturn:portnumber/nameoftheservice
EDITED: add portnumber
2. On Java side, using NETBeans,
a. export the public-key certificate from 1.a (self-signed certificate with CN=saturn)
b. import into trust keystore: glassfish-3.1.1\glassfish\domains\domain1\config\cacerts.jks
This will take care of SSL Handsake between WCF service/server side and GlassFish client side.
c. use Netbeans IDE to wsimport WCF wsdl to have JAX-WS generated class.
d. select the Webservice Reference and right click to add User name/Password using static mode for testing.
(this will take care of username token profile)