Hi, Yes, sorry for the confusion.
They intend to publish the web services on a 'https' URL. Our end of things is this: We have a dynamic web site that runs off a remote database. They have given us access to their database with a collection of web services. We've got it all running well both ends but have just found out that before we go live all web service communications must be over SSL, so they are going to move there web services to a https URL. And I guess I need to know, what do we have to do to get our web service (axis) clients to work when making requests over 'https'? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 22 November 2004 15:09 To: [EMAIL PROTECTED] Subject: RE: Newbie Question on Security It is somewhat unclear what you mean by 'webservices encrypted'. Do you mean that the web service host is running SSL? That is: does the web service have a 'https' instead of 'http' URL? In this case you might have to handle digital certificates, those sent by the server, and, if the web server wants to authenticate you, you'll also have to send your own certificate. But this is just normal SSL stuff, nothing to do with web services and your web service client will have to do this. Or do you mean that the web service sends back encrypted/signed XML? In this case your client can use the xml-specific security stuff to extract and validate certificates, etc. For this there is sample code in axis (in the 'security' directory). Good luck, Zoltan -----Original Message----- From: ext Robin Mannering [mailto:[EMAIL PROTECTED] Sent: 22 November, 2004 16:46 To: [EMAIL PROTECTED] Subject: RE: Newbie Question on Security Hi Greg, Thanks for your response. Is your answer related to if we are hosting the web services? I think it is, but we aren't hosting them, we are calling them and I've got this picture in my head of axis receiving an encrytped response from a web service that it can't decrypt. Any thoughts ? -----Original Message----- From: Greg Michalopoulos [mailto:[EMAIL PROTECTED] Sent: 22 November 2004 14:39 To: [EMAIL PROTECTED] Subject: RE: Newbie Question on Security If you are using a web server to handle all the requests and then forward to j2ee container (as typically is done) then the web server will handle all the ssl stuff for you. WSS4J is a ws-security implementation by apache if you want to actually encrypt and/or sign the xml messages sent by axis. -----Original Message----- From: Robin Mannering [mailto:[EMAIL PROTECTED] Sent: Monday, November 22, 2004 9:30 AM To: [EMAIL PROTECTED] Subject: Newbie Question on Security Hi all, It's just become apparent that the Web services we call are going to be encrypted using either 40bit or 128bit SSL encryption. My question is, will Axis be able to cope with the necessary encryption/decryption required on the responses we get from the remote Web Services? I've had a look round the Axis docs and haven't found anything relevant. Many thanks Robin Mannering Java Web Developer - Legal & Finance Email: [EMAIL PROTECTED] Landmark Information Group - www.landmarkinfo.co.uk ==================================================================== This e-mail and any attachments may be confidential and/or legally privileged. If you have received this e-mail and you are not a named addressee, please inform Landmark Information Group on 01491 413030 and then delete the e-mail from your system. If you are not a named addressee you must not use, disclose, distribute, copy, print or rely on this e-mail. This email and any attachments have been scanned for viruses and to the best of our knowledge are clean. To ensure regulatory compliance and for the protection of our clients and business, we may monitor and read e-mails sent to and from our servers. ==================================================================== This e-mail and any attachments may be confidential and/or legally privileged. If you have received this e-mail and you are not a named addressee, please inform Landmark Information Group on 01491 413030 and then delete the e-mail from your system. If you are not a named addressee you must not use, disclose, distribute, copy, print or rely on this e-mail. This email and any attachments have been scanned for viruses and to the best of our knowledge are clean. To ensure regulatory compliance and for the protection of our clients and business, we may monitor and read e-mails sent to and from our servers. ==================================================================== This e-mail and any attachments may be confidential and/or legally privileged. If you have received this e-mail and you are not a named addressee, please inform Landmark Information Group on 01491 413030 and then delete the e-mail from your system. If you are not a named addressee you must not use, disclose, distribute, copy, print or rely on this e-mail. This email and any attachments have been scanned for viruses and to the best of our knowledge are clean. To ensure regulatory compliance and for the protection of our clients and business, we may monitor and read e-mails sent to and from our servers.