Good Point
if...you start the webapp with init-params ...later on you try change the
value(s) of those properties (but you notice the change to init-params has no
effect)
since the init-param properties are already populated you're stuck with those
for the lifetime of the webapp
For dynamically changing information such as new values from UI or updated
attributes from events I would not use properties and opt for reading (and
writing) to database
We could respond which cache-disable directives would work (if you tell us
which container you are using)
Finally..never put any webapp which accepts self-signed certs into production!
Obrigado,
Martin
______________________________________________
Por favor...não alterar ou interromper esta comunicação.
From: oscas...@hotmail.com
To: java-user@axis.apache.org
Subject: RE: Axis SSL authentication help!
Date: Thu, 15 Nov 2012 08:17:51 +0100
Sure properties are global, this kind of info is cached
Regards
Date: Wed, 14 Nov 2012 22:14:23 -0800
From: akme...@yahoo.com
Subject: Re: Axis SSL authentication help!
To: java-user@axis.apache.org
So AxisProperties is global? From the docs it is unclear if they are bound to
threads or classloader
From: Andreas Veithen <andreas.veit...@gmail.com>
To: java-user <java-user@axis.apache.org>
Sent: Wednesday, November 14, 2012 10:51 PM
Subject: Re: Axis SSL authentication help!
I think that the socket factory is cached. Therefore changing the
properties after the first request will have no effect.
What I would do is to write my own socket factory that implements the
necessary logic to distinguish between the two cases.
Andreas
On Wed, Nov 14, 2012 at 9:42 PM, am am <akme...@yahoo.com> wrote:
> No. I have a web service client that uses axis1 to consume web services from
> server A and server B. For server A I need to do authentication while for
> server B there is no such need. So the problem is on my client side where I
> need to configure axis to do authentication on some of the requests (based
> on my truststore) and NOT do authentication in other requests using
> SunJSSESocketFactory. The way I understand it (docs are not clear)
> AxisProperties will override each other per
request. Right? Is my problem
> clearer now?
>
> From: Martin Gainty <mgai...@hotmail.com>
> To: java-user@axis.apache.org
> Sent: Wednesday, November 14, 2012 3:43 PM
>
> Subject: RE: Axis SSL authentication help!
>
>
>
> You need 2 different webapps
> one which implements SunFakeTrustSocketFactory for implementing unsigned
> server certs ..which would NEVER be used in Production Environment
> this would allow someone's client to hack in with their own self-signed
> certs
>
> one which implements
> http://ws.apache.org/axis/java/apiDocs/org/apache/axis/components/net/SunJSSESocketFactory.html
> provided requesting client has a valid (public) key of type RSA AND
your
> client or B2B requesting entity supports JSSE key exchange
> this would prevent someone's client to hack in with their own self-signed
> certs
>
> so the question is are you implementing with self-signed certs OR are you
> using CA level certs (such as certs obtained from Verisign or Thawte)
>
> Martin
> ______________________________________________
> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
> dient lediglich dem Austausch von Informationen und entfaltet keine
> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
> E-Mails koennen wir keine Haftung fuer den Inhalt
uebernehmen.
>
> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
> destinataire prévu, nous te demandons avec bonté que pour satisfaire
> informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie
> de ceci est interdite. Ce message sert à l'information seulement et n'aura
> pas n'importe quel effet légalement obligatoire. Étant donné que les email
> peuvent facilement être sujets à la manipulation, nous ne pouvons accepter
> aucune responsabilité pour le contenu fourni.
>
>
>
>
> Date: Tue, 13 Nov 2012 22:27:37 -0800
> From: akme...@yahoo.com
> Subject: Re: Axis SSL authentication help!
> To: java-user@axis.apache.org
>
> Also
why are you mentioning about the refactoring to different web apps? I
> am asking about client side code
>
> From: Martin Gainty <mgai...@hotmail.com>
> To: java-user@axis.apache.org
> Sent: Wednesday, November 14, 2012 4:03 AM
> Subject: RE: Axis SSL authentication help!
>
> need to skip any server authentication in some requests (e.g. use
> SunFakeTrustSocketFactory).
>
> MG>you need to retask this to use 2 separate webapps
> MG>one which will authenticate your credentials with MySSLSocketFactory
> MG>one which not authenticate which will use SunFakeTrustSocketFactory
>
> MG>this is very clumsy and your options for specifying the security
> algorithm of your choosing as well
as custom keysize are quite limited
> MG>why not use Axis2 and engage the Rampart Security Module?
> MG>Martin
>
> Date: Tue, 13 Nov 2012 13:37:28 -0800
> From: akme...@yahoo.com
> Subject: Axis SSL authentication help!
> To: java-user@axis.apache.org
>
> Hi,
> I am using Axis 1 and need to do SSL authentication of a web service.
> I found that I need to use:
> AxisProperties.setProperty("axis.socketSecureFactory",
> "com.example.MySSLSocketFactory"); to set my custom factory and trust
> managers.
> Problem: I also need to skip any server authentication in some requests
> (e.g. use SunFakeTrustSocketFactory).
> I assume that this AxisProperties.setProperty is some central property
that
> affects all threads, right? So how could I implement my use case?
> Keep reseting AxisProperties.setProperty before each web service call? Is
> this the proper way? But I found this bug ticket that seems to complaint
> that once the socket factory is set in AxisProperties it is cached and any
> new setting has not
> effect:https://issues.apache.org/jira/browse/AXIS-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs
> Is there a workarround for this?
> If you could help me here it would be great guys!
> Thank you
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org
For additional commands, e-mail: java-user-h...@axis.apache.org
