You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Steve Webbo <st...@msn.com> on 2004/09/02 11:08:35 UTC
Client SSL Authentication .... ARGH !!
Hi All,
This is driving me insane....I have a java web-service based on Axis running
under Websphere v4 and IBM HTTP Server (aka Apache).
I have configured SSL on the web server and this works fine. I now want to
go one step further and configure the web-server for client certification
based authentication. I have confuigured the web-server to require a client
certificate and proven this to be working by querying my web-service via my
browser, passing the appropriate certificate.
Now I want to code my java client application to do the same thing. I
started out the same way, got the Axis client working under plain old SSL -
No problem. But I cannot get the client to pass the certificate to the
web-server. This means I keep getting 403 forbidden errors. To further
prove this I can see "Client did not supply a certificate" in the web server
error log.
I have read lots of posts around setting System properties to define
keystores and passwords etc but still cannot get it to work. Based on the 2
examples below I have come to the conclussion that it is the process of
telling Axis where to look for the keystore is the problem as I did a basic
URL reader application that just uses java.net.URL to read the results of
the web-service and that works fine.
Please help...I really don't have any clues left.
I'm using the IBM JSSE implementation as to try and overide that with the
Sun JSSE within websphere is also near on impossible.
Thanks in advance,
WEBBO
Code snippets:
==== THIS WORKS =====
System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
System.setProperty("javax.net.ssl.keyStorePassword","mypassword");
System.setProperty("java.protocol.handler.pkgs",
"com.ibm.net.ssl.internal.www.protocol");
Security.addProvider(new com.ibm.jsse.JSSEProvider());
URL url = new URL("https://myserver.com/servlet/myService?method=test");
BufferedReader in = new BufferedReader(
new InputStreamReader(
url.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
==== THIS DOESN'T ====
String endpoint = "https://myserver.com/service/myService?method=test";
System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
System.setProperty("javax.net.ssl.keyStorePassword","mypassword");
System.setProperty("java.protocol.handler.pkgs",
"com.ibm.net.ssl.internal.www.protocol");
Security.addProvider(new com.ibm.jsse.JSSEProvider());
System.out.println("Creating my temp URL Object");
URL tURL = new URL (endpoint);
System.out.println ("Done");
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(tURL);
QName qn = new QName( "http://me.com", "myType" );
call.registerTypeMapping(WebspherePlatform.class, qn,
new org.apache.axis.encoding.ser.BeanSerializerFactory
(WebspherePlatform.class, qn),
new org.apache.axis.encoding.ser.BeanDeserializerFactory
(WebspherePlatform.class, qn));
call.setOperationName("getMyDetails");
myType ty = (myType) call.invoke(new Object[] {});
_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now!
http://toolbar.msn.co.uk/
Re: Client SSL Authentication .... ARGH !!
Posted by Hugo Giguere <gi...@gmail.com>.
Use the Commons HttpClients and It will works.
On Thu, 02 Sep 2004 10:08:35 +0100, Steve Webbo <st...@msn.com> wrote:
> Hi All,
>
> This is driving me insane....I have a java web-service based on Axis running
> under Websphere v4 and IBM HTTP Server (aka Apache).
>
> I have configured SSL on the web server and this works fine. I now want to
> go one step further and configure the web-server for client certification
> based authentication. I have confuigured the web-server to require a client
> certificate and proven this to be working by querying my web-service via my
> browser, passing the appropriate certificate.
>
> Now I want to code my java client application to do the same thing. I
> started out the same way, got the Axis client working under plain old SSL -
> No problem. But I cannot get the client to pass the certificate to the
> web-server. This means I keep getting 403 forbidden errors. To further
> prove this I can see "Client did not supply a certificate" in the web server
> error log.
>
> I have read lots of posts around setting System properties to define
> keystores and passwords etc but still cannot get it to work. Based on the 2
> examples below I have come to the conclussion that it is the process of
> telling Axis where to look for the keystore is the problem as I did a basic
> URL reader application that just uses java.net.URL to read the results of
> the web-service and that works fine.
>
> Please help...I really don't have any clues left.
>
> I'm using the IBM JSSE implementation as to try and overide that with the
> Sun JSSE within websphere is also near on impossible.
>
> Thanks in advance,
>
> WEBBO
>
> Code snippets:
>
> ==== THIS WORKS =====
>
> System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
> System.setProperty("javax.net.ssl.keyStorePassword","mypassword");
>
> System.setProperty("java.protocol.handler.pkgs",
> "com.ibm.net.ssl.internal.www.protocol");
> Security.addProvider(new com.ibm.jsse.JSSEProvider());
>
> URL url = new URL("https://myserver.com/servlet/myService?method=test");
> BufferedReader in = new BufferedReader(
> new InputStreamReader(
> url.openStream()));
>
> String inputLine;
>
> while ((inputLine = in.readLine()) != null)
> System.out.println(inputLine);
>
> in.close();
>
> ==== THIS DOESN'T ====
>
> String endpoint = "https://myserver.com/service/myService?method=test";
>
> System.setProperty("javax.net.ssl.keyStore","c:\\client-keys.jks");
> System.setProperty("javax.net.ssl.keyStorePassword","mypassword");
> System.setProperty("java.protocol.handler.pkgs",
> "com.ibm.net.ssl.internal.www.protocol");
> Security.addProvider(new com.ibm.jsse.JSSEProvider());
>
> System.out.println("Creating my temp URL Object");
> URL tURL = new URL (endpoint);
> System.out.println ("Done");
>
> Service service = new Service();
> Call call = (Call) service.createCall();
>
> call.setTargetEndpointAddress(tURL);
>
> QName qn = new QName( "http://me.com", "myType" );
> call.registerTypeMapping(WebspherePlatform.class, qn,
> new org.apache.axis.encoding.ser.BeanSerializerFactory
> (WebspherePlatform.class, qn),
> new org.apache.axis.encoding.ser.BeanDeserializerFactory
> (WebspherePlatform.class, qn));
> call.setOperationName("getMyDetails");
>
> myType ty = (myType) call.invoke(new Object[] {});
>
> _________________________________________________________________
> Want to block unwanted pop-ups? Download the free MSN Toolbar now!
> http://toolbar.msn.co.uk/
>
>