You need 2 different webapps
one which implements SunFakeTrustSocketFactory for implementing unsigned
server certs
..which would NEVER be used in Production Environment
this would allow someone's client to hack in with their own self-signed certs
one which implements
http://ws.apache.org/axis/java/apiDocs/org/apache/axis/components/net/SunJSSESocketFactory.html
provided requesting client has a valid (public) key of type RSA AND your client
or B2B requesting entity supports JSSE key exchange
this would prevent someone's client to hack in with their own self-signed certs
so the question is are you implementing with self-signed certs OR are you using
CA level certs (such as certs obtained from Verisign or Thawte)
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
Date: Tue, 13 Nov 2012 22:27:37 -0800
From: akme...@yahoo.com
Subject: Re: Axis SSL authentication help!
To: java-user@axis.apache.org
Also why are you mentioning about the refactoring to different web apps? I am
asking about client side code
From: Martin Gainty <mgai...@hotmail.com>
To: java-user@axis.apache.org
Sent: Wednesday, November 14, 2012 4:03 AM
Subject: RE: Axis SSL authentication help!
need to skip any server authentication in some requests (e.g. use
SunFakeTrustSocketFactory).
MG>you need to retask this to use 2 separate webapps
MG>one which will authenticate your credentials with MySSLSocketFactory
MG>one which not authenticate which will use SunFakeTrustSocketFactory
MG>this is very clumsy and your options for specifying the security algorithm
of your choosing as well as custom keysize are quite limited
MG>why not use Axis2 and engage the Rampart Security Module?
MG>Martin
Date: Tue, 13 Nov 2012 13:37:28 -0800
From: akme...@yahoo.com
Subject: Axis SSL authentication help!
To: java-user@axis.apache.org
Hi,I am
using Axis 1 and need to do SSL authentication of a web service.I found that I
need to use: AxisProperties.setProperty("axis.socketSecureFactory",
"com.example.MySSLSocketFactory"); to set my custom factory and trust
managers.Problem: I also need to skip any server authentication in some
requests (e.g. use SunFakeTrustSocketFactory).I assume that this
AxisProperties.setProperty is some central property that affects all threads,
right? So how could I implement my use case?Keep reseting
AxisProperties.setProperty before each web service call? Is this the proper
way? But I found this bug ticket
that seems to complaint that once the socket factory is set in AxisProperties
it is cached and any new setting has not
effect:https://issues.apache.org/jira/browse/AXIS-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabsIs
there a workarround for this?If you could help me here it would be great
guys!Thank you
