Hi All
I am working in a webservice project where the communication between the client and
the webservice needs to be encrypted.
So I have setup my tomcat to use https by following
tomcat documentation for ssl-howto.html
and for allowing access only via https , addded the security constraint in web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
So I have setup my tomcat to use https by following
tomcat documentation for ssl-howto.html
and for allowing access only via https , addded the security constraint in web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This setup seems to work Using a java client to access the webservice . (i.e) it
works only when the java.net.ssl.truststore property is set. and it points to the
keystore containing imported server certificate.
However if I use a SOAPpy(python) client it doesn't seem to need the truststore
location. It is able to find the webservice both via http and https.
I would like to know if have missed out anything in my tomcat configuration
I would like to know if have missed out anything in my tomcat configuration
Also how would I check if the communication between client and server is encrypted
Any help would be appreciated
Thanks
Swetha
Yahoo! India Matrimony: Find your life partner online.
