Invoking a https webservice

I am new to web service Can anyone give me a sample code for invoking https protocol enabled web service

Welcome to JavaRanch.

This introduction to SAAJ talks about clients and services that use HTTPS, particularly using Tomcat as the container (towards the end of the document).

Can I use a simple http call in to invoke a https web service.

For accessing an HTTPS URL an HTTP call will not suffice. How are you developing the client - are you actually using the java.net.HttpUrlConnection class? Then it might be as simple as replacing that with the javax.net.ssl.HttpsUrlConnection class.

Yes I am using the java.net.HttpURLConnection class. In addition the service which i am calling has some digital certificates enabled.In that case will i have to make any configurations or modifications in my client.

What do you mean by "certificates enabled"? The server/service will need to have at least one certificate installed -as does the client-, or else the SSL connection will not work. Do you want to retrieve the server certificates on the client and do something with them?

Actually the scenario is like the client(say A) have to access a https url(say B) by passing some string.They have provided me the keystore file and with that i have to access the https url.B will actually validate the request which iam sending with the help of keystore and then if it ok B will call a web service (say C).

I just need a sample of the client to access the https url which is protected by a digital certificate(key pair value which has a public and private key. The public key is the one that is provided by B which is the keystore file)

sorry I may be poor in explaining things.

Thanks a lot...

I'm having similar issues at the moment, so hopefully by explaining my issue you get some traction too.

I'm new at web services stuff, but have built a simple client that will connect and get info from non-password protected http webservice.

What i need to do is connect to a password protected https webservice.

I've created all the stubs using WDSL2Java by downloading the WSDL then running :

String[] arg3 = {"file:///G:/SOAP/SalesServer_Service.wsdl"}; WSDL2Java.main(arg3);

Which all works perfectly.

My test http client is this :

public static void zipChecker() { String msg = "90210"; try { // The WSDL that describes the service we want to contact String wsdlLoc = "http://www.webservicemart.com/uszip.asmx?WSDL"; // The qualified name of the service within the WSDL doc (targetNamespace) QName serviceName = new QName("http://webservicemart.com/ws/","USZip"); ServiceFactory sFactory = ServiceFactory.newInstance( ); Service service = sFactory.createService(new URL(wsdlLoc), serviceName); USZipSoap echo = (USZipSoap)service.getPort(USZipSoap.class); // Invoke the operation and collect the result String resp = echo.validateZip(msg); //System.out.println("Sent: \"" + msg + // "\", got response \"" + resp + "\""); System.out.println(resp); } catch (ServiceException se) { System.err.println("Service generated error: " + se.getMessage( )); } catch (RemoteException re) { System.err.println("Error invoking service: " + re.getMessage( )); } catch (MalformedURLException mue) { System.err.println("Bad service endpoint"); } }

Which works fine. I'm trying to adapt this code to work with a https service ..

public static void testAGL() { String msg = "nada"; try { // The WSDL that describes the service we want to contact String wsdlLoc = "https://SOMEURL/SalesServer/Service.asmx?WSDL"; // The qualified name of the service within the WSDL doc (targetNamespace) QName serviceName = new QName("http://SOMURL/webservices", "Service"); ServiceFactory sFactory = ServiceFactory.newInstance( ); /**BOMBS OUT ON THIS LINE **/ javax.xml.rpc.Service service = sFactory.createService(new URL(wsdlLoc), serviceName); Service echo = (Service)service.getPort(Service.class); // Invoke the operation and collect the result String resp = echo.getServiceSoapAddress(); System.out.println("Sent: \"" + msg + "\", got response \"" + resp + "\""); } catch (ServiceException se) { System.err.println("Service generated error: " + se.getMessage( )); } /* catch (RemoteException re) { System.err.println("Error invoking service: " + re.getMessage( )); } */ catch (MalformedURLException mue) { System.err.println("Bad service endpoint"); }

I'ts bombed out in the /** **/ section. Nb 'Service' is a generated class stub and not part of any of the API's.

I've added the certificate to the store using:

keytool -keystore cacerts -import -file G:\dir\cert.cer -alias dev01

And that works fine. So i believe i now have access to the webservice over https.

I'm now getting a http error 401 error as the web service also requires that i authenticate with a username/password.. which i can't work out how to do.

Any thoughts ?



-Mikey

[ March 28, 2007: Message edited by: Michael Dekmetzian ]
[ March 28, 2007: Message edited by: Michael Dekmetzian ]

Using HTTP authentication in WS is demonstrated here.

But it bombs out when creating the service, so i'm not sure where this code goes

If "message" is a SOAPMessage object, it can be done like this: MimeHeaders hd = message.getMimeHeaders(); hd.addHeader("SOAPAction", "http://www.webserviceX.net/ConversionRate"); Other HTTP headers can be set in the same way, e.g. for Basic Authentication: String authorization = Base64Coder.encode(username + ":" + password); hd.addHeader("Authorization", "Basic " + authorization);

I don't have a method to call at that point (as all i have is the ServiceFactory) ... i'm not sure where this info would go?

Thanks for the info regardless though

Or are you saying i should utilise the SAAJClient in "What is the simplest possible Java client for a web service?" ?

What does "bomb out" mean - is there an exception? If so, what is it?

Also just found this :

import org.apache.axis.client.Call; import org.apache.axis.client.Service; import javax.xml.namespace.QName; public class TestClient { public static void main(String [] args) { try { String endpoint = "https://localhost:8443/axis/EchoService.jws"; System.setProperty("javax.net.ssl.trustStore", "C:\\Documents and Settings\\Administrator\\.keystore"); Service service = new Service(); Call call = (Call) service.createCall(); call.setTargetEndpointAddress( new java.net.URL(endpoint) ); call.setOperationName(new QName("echoString")); call.setUsername("wsuser"); call.setPassword("wspwd"); String ret = (String) call.invoke( new Object[] { "Hello!" } ); System.out.println("Sent 'Hello!', got '" + ret + "'"); } catch (Exception e) { System.err.println(e.toString()); } } }

Here: http://www-128.ibm.com/developerworks/webservices/library/ws-sec1.html

The main thing i don't get about that one is how this connects with your 'stub' classes which define how you interact with the webservice... or do you not use them with these methods because you're using call.invoke?

Hi Ulf,

Bomb out - as per my first post, i'm getting a 401 error because i haven't authenticated. Previously when i didn't have the certificate installed, it wasn't letting me connect.

Cheers

-Michael

The main thing i don't get about that one is how this connects with your 'stub' classes which define how you interact with the webservice... or do you not use them with these methods because you're using call.invoke?

Yes, you wouldn't use the stub classes - that code contains everything that's needed. It uses a different kind of API, which is dependent on Axis.

i'm getting a 401 error because i haven't authenticated.

String wsdlLoc = "https://SOMEURL/SalesServer/Service.asmx?WSDL";

QName serviceName = new QName("http://SOMURL/webservices", "Service");

ServiceFactory sFactory = ServiceFactory.newInstance( );

/**BOMBS OUT ON THIS LINE **/
javax.xml.rpc.Service service = sFactory.createService(new URL(wsdlLoc), serviceName);

In that case, save the WSDL to a local file, and then use a file:/// URL in the call to createService.

If i'm creating the service from a file (which does work), how does it know where the server actually exists?

The target namespace isn't the url of the dev server i'm connecting to.

Worked it out, you use the local file to load the wdsl, but define an endpoint in the stubs

try { // The WSDL that describes the service we want to contact String wsdlLoc = "file:///G:/SOAP/SalesServer_Service.wsdl"; String endpoint = "https://thesite/SalesServer/Service.asmx"; // The qualified name of the service within the WSDL doc (targetNamespace) QName serviceName = new QName("http://somesite/webservices", "Service"); ServiceFactory sFactory = ServiceFactory.newInstance( ); javax.xml.rpc.Service service = sFactory.createService(new URL(wsdlLoc), serviceName); ServiceSoap echo = (ServiceSoap)service.getPort(ServiceSoap.class); Stub stub = (Stub )echo; stub._setProperty(Stub.USERNAME_PROPERTY, "xx"); stub._setProperty(Stub.PASSWORD_PROPERTY, "xx"); stub._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY,endpoint); // Invoke the operation and collect the result String resp = echo.lookupLists(); System.out.println("Got response \"" + resp + "\""); } catch (ServiceException se) { System.err.println("Service generated error: " + StringUtil.writeStackTraceToString(se)); } catch (RemoteException re) { System.err.println("Error invoking service: " + StringUtil.writeStackTraceToString(re)); } catch (MalformedURLException mue) { System.err.println("Bad service endpoint"); } catch (Exception e) { System.err.println("Main Thread Error: " + StringUtil.writeStackTraceToString(e)); }

Hi Guys,

Can you please answer some very basic questions of mine.

1) The WSDL location specified in the generated stubs, must be accessible from the client's machine. (What ever the case may be). Am i right?
2) The end point must be hittable from the client's machine.

Please let me know if the above 2 points I am saying are correct?

Actually, we have a WSDL posted on a HTTPS url. And the client says, they have protected it. And we are not able to open it in our browser.
So, can that be a reason I am not able to invoke the web service methods?

Regards
Yogesh