Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by RichardUnger: http://wiki.apache.org/ws/FrontPage/Axis/DynamicSSLConfig ------------------------------------------------------------------------------ In its current implementation, the SSL Transport for Axis has several shortcomings: - * The base !SecureSocketFactory (!JSSESocketFactory) cannot be configured dynamically. It is configured using environment variables, which is not suitable if it is desired to change the client certificate at run-time. + * The base !SecureSocketFactory (JSSE!SocketFactory) cannot be configured dynamically. It is configured using environment variables, which is not suitable if it is desired to change the client certificate at run-time. - * The !SunJSSESocketFactory is more configurable, accepting a keyfile parameter from the Axis configuration at run-time. This is the one to use, however, by itself it does not do all that we need, so we have provided an extension of this class (see below)... + * The SunJSSE!SocketFactory is more configurable, accepting a keyfile parameter from the Axis configuration at run-time. This is the one to use, however, by itself it does not do all that we need, so we have provided an extension of this class (see below)... - * Even the !SunJSSESocketFactory does not accept all the configurations we need (eg: truststore config) + * Even the SunJSSE!SocketFactory does not accept all the configurations we need (eg: truststore config) * Even were the !SocketFactory fully configurable to our desires, dynamic configuration at runtime would not be possible. This is beacause Axis caches the instantiated !SocketFactories, meaning settings are applied only once. * The cacheing of !SocketFactories occurs in a component called !SocketFactoryFactory, the cache remembers one entry per protocol. So, the moment you make the first call over https, a !SocketFactory is created for the protocol https using the currently configured parameters. After this no new !SocketFactories are created for https, even if the parameters (eg keystore name) change. @@ -31, +31 @@ The solution depends on a few modified classes for Apache Axis. In particular the solution consists of: * A modified !SocketFactoryFactory, which implements a cacheing scheme in which the keystore name is considered - * An extension to !SunJSSESocketFactory which allows more configuration from Axis + * An extension to SunJSSE!SocketFactory which allows more configuration from Axis - * An Axis !EngineConfiguration class, '''!SSLClientAxisConfig''', which holds the SSL paramters, and sets everything up + * An Axis !EngineConfiguration class, '''SSL!ClientAxisConfig''', which holds the SSL paramters, and sets everything up Together, use of these components allows the desired dynamic configuration. @@ -45, +45 @@ 1. Place the modified class file in a new JAR, and make sure this JAR loads before axis.jar (eg call it _axis.jar) 1. For webapps, place the modified class file within your WEB-INF/classes folder. It seems tomcat loads these before axis.jar 1. Add the remaining classes to your application - 1. Use the !SSLClientAxisConfig class to initialize your Axis client before making a call (see example below) + 1. Use the SSL!ClientAxisConfig class to initialize your Axis client before making a call (see example below) - 1. When you want to use a different certificate, create a new !SSLClientAxisConfig, with updated paramters, and use it to create a new Axis client. This client will use the new certificate. + 1. When you want to use a different certificate, create a new SSL!ClientAxisConfig, with updated paramters, and use it to create a new Axis client. This client will use the new certificate. - Example usage of the !SSLClientAxisConfig: + Example usage of the SSL!ClientAxisConfig: {{{ // create config boolean logging = false; // no logging @@ -94, +94 @@ * For the same reason, changeing only the truststore or other parameters of the SSL connection will not result in a new !SocketFactory being created. New !SocketFactories are only created in the cache when the keystore name changes. * The classes more or less assume software certificates, stored in files of the usual formats (JKS, PKCS12, etc). Usage of Hardware certificates or other advanced JSSE features may require modifications to the code. + + === Comments, Feedback, Support === + + This code is supplied back to the apache foundation, without any support or warranty. Use at your own risk. The author and his employer assume no responsibility for damages resulting in the use of this code or these instructions. + + Feel free to use the code in any way you want but do not expect support. + + Should you have questions about the code, please feel free to contact me (the Author) at: runger --AT-- aon.at + --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
