Hi Dragos, We have the users generate their clients from the WSDL and when they hit the service they require a client certficate.
During run time, the clients don't actually need the WSDL and the service doesn't need it either. All of the HTTPS mutual authentication is handled by the application server. I did write an input handler to my service which retrieves the certificate out of the HTTP Header and double checks it. I also match the common name in the certificate with different access levels in the app. Let me know if you are interested in any of this. Thanks, Yogesh --- Dragos Pavel <[EMAIL PROTECTED]> wrote: > Hi Yogesh, > > Thank you very much for your answer. > I like your solution but unfortunately is not > applicable in my case. > In my environment the client has a certificate, the > handshake is done on > the server etc; in your case probably you need human > interaction from > your clients in order to accept the certificate when > they are prompted > for that. > > Does somebody successfully created his own bindings > in the wsdl ( by > using > <createDefaultBindings>false</createDefaultBindings> > ...) ? > > Thanks. > > > > On Wed, 2007-23-05 at 20:16 -0700, Yogesh Chawla - > PD wrote: > > Hi Dragos, > > The specific situation I had was this. My service > was > > secured using HTTPS and Client Certificates. I > didn't > > want my service consumers to need a certificate > just > > to see the WSDL. > > > > We took the WSDL generated by xfire and did a view > > source on it. I copied what was there and > modified > > the WSDL and exposed in an unsecured part of the > web > > site (a page that did not require a client > > certificate). > > > > In our example, the application server tomcat was > > handling the HTTPS connection so the endpoint in > the > > WSDL could be modified without affecting any of > the > > actual data types in the schema. > > > > As a general observation, the WSDLs generated > doing > > code first development are not the nicest looking. > We > > do code first development using XMLBeans but write > the > > WSDLs by hand for ease of human readability. Once > > such WSDL can be found here: > > > > > http://wijis.wisconsin.gov/wsdl/PointerCountService.wsdl > > > > We can easily change this part of the WSDL if the > port > > or server name changes with minimal impact: > > > > <wsdl:service name="PointerCountService"> > > <wsdl:port binding="tns:PointerCountServiceSOAP" > > name="PointerCountServiceSOAP"> > > <soap:address > > > location="https://wijis.wisconsin.gov:17444/xfire/PointerCount"; > > /> > > </wsdl:port> > > </wsdl:service> > > > > Dragos, I am not sure how much help this because > we > > might have slightly different situations but > hopefully > > this example will help you find your solution. > > > > Cheers, > > Yogesh > > > > > --------------------------------------------------------------------- > > To unsubscribe from this list please visit: > > > > http://xircles.codehaus.org/manage_email > > > > > --------------------------------------------------------------------- > To unsubscribe from this list please visit: > > http://xircles.codehaus.org/manage_email > > --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
