Hi,

Yes, sorry for the confusion.

They intend to publish the web services on a 'https' URL. 

Our end of things is this:

We have a dynamic web site that runs off a remote database.  They have given us 
access to their database with a collection of web services.  We've got it all 
running well both ends but have just found out that before we go live all web 
service communications must be over SSL, so they are going to move there web 
services to a https URL.  

And I guess I need to know, what do we have to do to get our web service (axis) 
clients to work when making requests over 'https'?

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: 22 November 2004 15:09
To: [EMAIL PROTECTED]
Subject: RE: Newbie Question on Security


It is somewhat unclear what you mean by 'webservices encrypted'. Do you mean 
that the web service host is running SSL? 
That is: does the web service have a 'https' instead of 'http' URL? In this 
case you might have to handle digital certificates, those sent by the server, 
and, if the web server wants to authenticate you, you'll also have to send your 
own certificate. But this is just normal SSL stuff, nothing to do with web 
services and your web service client will have to do this.

Or do you mean that the web service sends back encrypted/signed XML? In this 
case your client can use the xml-specific security stuff to extract and 
validate certificates, etc. For this there is sample code in axis (in the 
'security' directory).

Good luck,

Zoltan




-----Original Message-----
From: ext Robin Mannering [mailto:[EMAIL PROTECTED]
Sent: 22 November, 2004 16:46
To: [EMAIL PROTECTED]
Subject: RE: Newbie Question on Security


Hi Greg,

Thanks for your response. Is your answer related to if we are hosting the web 
services?  I think it is, but we aren't hosting them, we are calling them and 
I've got this picture in my head of axis receiving an encrytped response from a 
web service that it can't decrypt. Any thoughts ?

-----Original Message-----
From: Greg Michalopoulos [mailto:[EMAIL PROTECTED]
Sent: 22 November 2004 14:39
To: [EMAIL PROTECTED]
Subject: RE: Newbie Question on Security


If you are using a web server to handle all the requests and then forward to
j2ee container (as typically is done) then the web server will handle all
the ssl stuff for you.  WSS4J is a ws-security implementation by apache if
you want to actually encrypt and/or sign the xml messages sent by axis.  

-----Original Message-----
From: Robin Mannering [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 22, 2004 9:30 AM
To: [EMAIL PROTECTED]
Subject: Newbie Question on Security

Hi all,

It's just become apparent that the Web services we call are going to be
encrypted using either 40bit or 128bit SSL encryption.

My question is, will Axis be able to cope with the necessary
encryption/decryption required on the responses we get from the remote Web
Services?

I've had a look round the Axis docs and haven't found anything relevant.

Many thanks

Robin Mannering
Java Web Developer - Legal & Finance

Email:  [EMAIL PROTECTED]
Landmark Information Group - www.landmarkinfo.co.uk



====================================================================
This e-mail and any attachments may be confidential and/or legally
privileged. If you have received this e-mail and you are not a named
addressee, please inform Landmark Information Group on 01491 413030 and then
delete the e-mail from your system. If you are not a named addressee you
must not use, disclose, distribute, copy, print or rely on this e-mail. This
email and any attachments have been scanned for viruses and to the best of
our knowledge are clean. To ensure regulatory compliance and for the
protection of our clients and business, we may monitor and read e-mails sent
to and from our servers.




====================================================================
This e-mail and any attachments may be confidential and/or legally
privileged. If you have received this e-mail and you are not a named
addressee, please inform Landmark Information Group on 01491 413030
and then delete the e-mail from your system. If you are not a named
addressee you must not use, disclose, distribute, copy, print or rely 
on this e-mail. This email and any attachments have been scanned for
viruses and to the best of our knowledge are clean. To ensure 
regulatory compliance and for the protection of our clients and 
business, we may monitor and read e-mails sent to and from our 
servers.


====================================================================
This e-mail and any attachments may be confidential and/or legally
privileged. If you have received this e-mail and you are not a named
addressee, please inform Landmark Information Group on 01491 413030
and then delete the e-mail from your system. If you are not a named
addressee you must not use, disclose, distribute, copy, print or rely 
on this e-mail. This email and any attachments have been scanned for
viruses and to the best of our knowledge are clean. To ensure 
regulatory compliance and for the protection of our clients and 
business, we may monitor and read e-mails sent to and from our 
servers.

Reply via email to