Hi Richard,
thanks for your reply.
I did not mention that we do not keep all our keys and certificates in
the same key/truststore. Since we use a lot of SSL connections to
different hosts we cannot set the stores globally via system properties.
In general we use HttpClient and create the sockets accordingly.
Unfortunately it seems that this is not possible in Axis with
WSDL2Java-generated classes.
Regards,
Markus
Richard Gregory wrote:
Hi Markus,
Apologies if I'm not quite getting the crux of your problem - I'm new to
all this and I've only recently tried using ssl, and at the moment I'm
really just playing with it. I have no problems connecting over both
http and https, even in the same client program.
In my client program I have defined the keyStore and trustStore by
setting properties:
System.setProperty("javax.net.ssl.trustStore",
"/home/richard/clientKeystore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStore",
"/home/richard/clientKeystore");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
I have one service locator (generated by wsdl2java) which has a http
address (port 8080) for a service running on my local machine, and
another which has a https (port 8443) addresss for the service. Within
the same client program I can invoke the service by instantiating both
of these, and everything works as fine - I guess the properties above
are just ignored when connecting over http.
BiorsMetaDataDocStyleServiceLocator service = new
BiorsMetaDataDocStyleServiceLocator();
BiorsMetaDataDocStyleServiceLocator1 service1 = new
BiorsMetaDataDocStyleServiceLocator1();
BiorsMetaDataPortType port = service.getBiorsMetaDataDocStyle();
BiorsMetaDataPortType port1 = service1.getBiorsMetaDataDocStyle();
Databanks banks = port.getDatabanks("ibi", "mips");
Databanks banks1 = port1.getDatabanks("ibi", "mips");
I haven't tried to also connect to another service requiring different
keys, but if these were in the same client key/trustStore would this not
also work?
I hope this helps - apologies if it doesn't.
Richard.
Markus Reil wrote:
Hi,
thanks for your answer, Tim.
I also thought reimplementing the Sender class would be a solution,
but I hoped being able to avoid it.
As I already pointed out I am connecting to other WS from the same VM
that do not require SSL authentication (everything is plain http). Can
anyone please tell me how I can programmatically specify different
client config wsdd files for different services?
Thank you.
Markus
Tim R J Langford wrote:
Hi Markus,
Did you manage to find a solution to your problem? I had to do
something similar once with a test system to get it to accept non
certified sites across ssl. I could not work out how to do do it
correctly in Axis; so I ended up creating a custom HTTPSender and
setting it up as my pivot in the handler chain of Axis. I extended
the base HttpSender class from Axis, but a lot of variables and
methods I wanted to overide were private, so unfortunately I ended up
having to cut and paste most of the extending class into the new
class and am not sure of the implications of this evne though
everything seemed to work fine.
If you use this method then you can pretty much alter the HTTP
mechanism as you see fit: for example allowing you to support gzip
compression (I think originally axis did not support this from what I
remember?). You can also use this class to overide the SocketFactory
and get it to produce a non-certified sockets if you so desire.
Infact this method maybe overidable... I cant remember. If not maybe
it should be.
Anyway, I am sure there is a more maintainable way of doing this, but
I was in a rush and it was a while ago. If you are in the same
situation maybe a simialr approach will get you by for now?
Hope this helps until you find something more suitable,
Tim
Markus Reil wrote:
Hi,
I am currently trying to connect to a SOAP Web Service with Axis. I
need to use a client certificate to authenticate myself.
I do not want to set the keystore/truststore files globally via
system properties because I have other http traffic in the same
virtual machine that uses different or no keys.
I know there are a lot threads out about Axis/SSL out there. But I
already spent a couple of hours looking for a solution and did not
find anything of great use. Can anyone help me with this?
E.g. is it possible to create a SocketFactory and pass it to the
Axis Service or Remote instance?
Thanks.
Regards,
Markus
--
Markus Reil
Applikationsentwickler
MindMatics AG
Marcel-Breuer-Str. 18
D-80807 München
E-Mail: [EMAIL PROTECTED]
Tel.: +49 89 322986-0
Fax: +49 89 322986-570
Web: www.mindmatics.de
------------------------------------------------------------------------
Die Information in dieser E-Mail ist vertraulich und exklusiv für den
Adressatenkreis bestimmt. Unbefugte Empfänger haben kein Recht, vom
Inhalt Kenntnis zu nehmen, fehlgeleitete E-Mails sind sofort zu löschen.
Bitte informieren Sie hierüber unverzüglich die MindMatics AG.
Weiterleiten oder Kopieren, darf auch auszugsweise nur mit
ausdrücklicher, schriftlicher Einwilligung der MindMatics AG erfolgen.
In jedem Fall ist sicherzustellen, dass keinerlei inhaltliche
Veränderungen erfolgen. Die MindMatics AG ist von der Richtigkeit des
Inhalts und der Übertragung dieser E-Mail überzeugt. Eine Haftung dafür
ist jedoch ausgeschlossen.
------------------------------------------------------------------------
This is a confidential communication intended only for the named
addresses. If you receive this communication in error, please notify us
and return and delete it without reading it. This e-mail may not be
disclosed, copied or distributed in any form without the obtained
permission in writing of MindMatics AG. In any case it may not be
altered or otherwise changed. Whilst MindMatics AG believes that the
information is correct at the date of the e-mail, no warranty and
representation is given to this effect and MindMatics AG can accept no
responsibility.
