Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Get the server side certificate using Metro with JAX-WS

 
Marcelo Tataje
Ranch Hand
Posts: 64
Java Oracle Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everybody, I'm facing a tricky requirement implementing a Web Service and it's client using Metro and JAX-WS. The goal of the application is to send an XML document through a WebService, the application is implemented using WSRM, WS-Addressing and SAML 2.0 Sender Vouches assertion, it has been developed using a contract first WSDL document and configured through wsit.xml setting the keystores and truststores. Everything it's ok, the application runs perfectly. But the tricky requirement is that the application requires to compare the certificate of the client side with the certificate which is located at server side. I tried to give solution to problem using SOAHandlers because I noticed that the only moment in which I can get the server side certificate is when the Create-Response is executed, that's why I catch the soap and get the certificate then i use an if-else to manage actions when the certificate is not valid. What's the problem? That when I catch the SOAP in Response and throws the exception, the xml file has been already delivered. Then I set another solution, I developed a "ping" method which communicates with the server and retrieve the certificate, compare with client side and throws exception. But if the certificate is correct I execute the sending of the document. What is the problem in this solution? That sequences are created two times: first time when it makes a ping and the second time to send the xml file which is a very heavy-weight validation in terms of performance and I think is not a good practice. In Metro, the sequence is like this:

1. CreateSequence
2.CreateSequenceResponse
3.Create (Here I send the message)
4.CreateResponse

What I want is to catch the Certificate when the application is using CreateSequence or CreateSequenceResponse to cut the flow in that point and avoid all the resource-hard-work.
With the current solution, I have to make the flow two times as I menctioned.
If I just execute the flow and validate using the SOAPHandler, the time when the validations throws the exception is too late because the message has been already sent in the Create step. And the validate seems to be executed in the CreateResponse.

I'm new to Metro and this kind of validations with certificates, maybe is there something I could do with SAML Handlers or wsit. Please if somebody could help me I will really be grateful. Thanks in advance.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic