You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by ba...@post.ch on 2004/07/13 12:01:46 UTC
SecureSocketFactory - Potential improvement?
> Hi
>
> I have a client side application where different plugins can create
> SSL connections independently of each other.
>
> The problem is that our new security infrastructure identifies clients
> upon the SSL session ID.
> Thus, multiple plugins with own connections on the client side
> will have to login multiple times. However, we want to have
> Single-Sign-On, so all SSL connections
> from one client will have to share the SSL Session.
>
> Therefore I used a own MySSLSocketFactory which creates SSL Sockets on
> a given SSLContext instance.
> I test my app by using HttpsUrlConnection clients and axis web service
> clients. To pass my own MySSLSocketFactory
> to axis, I had to implement a own MyAxisSocketFactory extending
> org.apache.axis.componentsJSSESocketFactory.
> Now I faced the problem that the create method in the Axis Factory
> created a SSL Socket bound to the hostname of my
> authentication server, and the Https with MySSLSocketFactory bound to
> the IP Address - the session coulnd't be shared...
> It seems in my Axis Factory I got the host passed as hostname rather
> that as IP Address.
>
> Wouldn't it be better if Axis used the SSLFactory from the Java
> distribution (javax.net.ssl?) than having to provide a own one?
> That would be more straightforward to use and simpler to adapt.
>
> Or is there anything I can do which I missed? Did I do something
> wrong?
>
> Every hint appreciated, thank you very much.
>
>
> Best Regards
>
> Fabio Barone
> IT Architect
>
> Die Schweizerische Post
> PostFinance
> PF56-21
> Engehaldenstrasse 39
> 3030 Bern
>
> Phone: 031 338 11 85
> Email: baronef@post.ch
> Internet: www.postfinance.ch
>
>
>
>