SecureSocketFactory - Potential improvement?

[ba...@post.ch]

> Hi 
> 
> I have a client side application where different plugins can create
> SSL connections independently of each other.
> 
> The problem is that our new security infrastructure identifies clients
> upon the SSL session ID.
> Thus, multiple plugins with own connections on the client side 
> will have to login multiple times. However, we want to have
> Single-Sign-On, so all SSL connections
> from one client will have to share the SSL Session.
> 
> Therefore I used a own MySSLSocketFactory which creates SSL Sockets on
> a given SSLContext instance.
> I test my app by using HttpsUrlConnection clients and axis web service
> clients. To pass my own MySSLSocketFactory
> to axis, I had to implement a own MyAxisSocketFactory extending
> org.apache.axis.componentsJSSESocketFactory.
> Now I faced the problem that the create method in the Axis Factory
> created a SSL Socket bound to the hostname of my
> authentication server, and the Https with MySSLSocketFactory bound to
> the IP Address - the session coulnd't be shared...
> It seems in my Axis Factory I got the host passed as hostname rather
> that as IP Address.
> 
> Wouldn't it be better if Axis used the SSLFactory from the Java
> distribution (javax.net.ssl?) than having to provide a own one?
> That would  be more straightforward to use and simpler to adapt.
> 
> Or is there anything I can do which I missed? Did I do something
> wrong?
> 
> Every hint appreciated, thank you very much.
> 
> 
> Best Regards
> 
> Fabio Barone
> IT Architect
> 
> Die Schweizerische Post
> PostFinance
> PF56-21
> Engehaldenstrasse 39
> 3030 Bern
> 
> Phone:  031 338 11 85
> Email:   baronef@post.ch
> Internet: www.postfinance.ch
> 
> 
> 
>