You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by stevens_wu <te...@vip.163.com> on 2010/01/26 11:16:55 UTC
How could I access webservice by certificate?
I have configured geronimo-jetty6 2.1 for using axis2 webservice through
these steps:
1.Download axis2.war.
2.Write deployment plan.
3.Deploy axis2 in console.
4.Now I can upload webservice in url http://localhost:8080/axis2.
5.Webservice test ok.
This is my deployment plan.
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
<dep:environment
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1">
<dep:moduleId>
<dep:groupId>axis2group</dep:groupId>
<dep:artifactId>axis2</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>war</dep:type>
</dep:moduleId>
<dep:hidden-classes>
<dep:filter>org.apache.commons</dep:filter>
<dep:filter>org.jdom</dep:filter>
<dep:filter>org.apache.axis2</dep:filter>
<dep:filter>org.apache.axiom</dep:filter>
</dep:hidden-classes>
</dep:environment>
<context-root>/MyProxyService</context-root>
</web-app>
Now I must connect to an existing webservice that requires client
certificate authentication for meeting my client's requirements.How could I
do?I have configured keystore exactly. Thanks!
--
View this message in context: http://old.nabble.com/How-could-I-access-webservice-by-certificate--tp27320444s134p27320444.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: How could I access webservice by certificate?
Posted by chi runhua <ch...@gmail.com>.
Thanks Ivan for the reply. I've incorporated the solution to G2.2 doc as
followed.
http://cwiki.apache.org/GMOxDOC22/web-services-issues.html#WebServicesissues-AccessingWebServicebycertificateusingWebServiceclient
To Stevens, could you please let us know if the solution works and we are
happy to have your feedback.
Jeff C
On Wed, Jan 27, 2010 at 11:13 AM, Ivan <xh...@gmail.com> wrote:
> For the webservice client, while using client-cert, you might need to ask
> the server to add your cert to his trusted key store. In the meanwhile, you
> need to get the server's cert, add it to your local key store ( Geronim
> admin should be able help to do it ).
> IIRC, you might need to set some options below before starting the server.
> set GERONIMO_OPTS=-Djavax.net.ssl.trustStore=YOUR_CLIENT_TRUSTED_KEY_STORE
> -Djavax.net.ssl.trustStorePassword=YOUR_CLIENT_TRUSTED_KEY_STORE_PASSWORD
> -Djavax.net.ssl.keyStore=YOUR_CLIENT_KEY_STORE
> -Djavax.net.ssl.keyStorePassword=YOUR_CLIENT_KEY_STORE_PASSWORD
> Then, you should be able to access the remote webservice as usual.
> Wish it helps !
>
> 2010/1/26 chi runhua <ch...@gmail.com>
>
> There is a page about this topic for G2.2. Not sure if it helps.
>>
>> http://cwiki.apache.org/GMOxDOC22/securing-web-service.html
>>
>> Jeff C
>>
>> On Tue, Jan 26, 2010 at 6:16 PM, stevens_wu <te...@vip.163.com> wrote:
>>
>>>
>>> I have configured geronimo-jetty6 2.1 for using axis2 webservice through
>>> these steps:
>>> 1.Download axis2.war.
>>> 2.Write deployment plan.
>>> 3.Deploy axis2 in console.
>>> 4.Now I can upload webservice in url http://localhost:8080/axis2.
>>> 5.Webservice test ok.
>>> This is my deployment plan.
>>> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
>>> <dep:environment
>>> xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1">
>>> <dep:moduleId>
>>> <dep:groupId>axis2group</dep:groupId>
>>> <dep:artifactId>axis2</dep:artifactId>
>>> <dep:version>1.0</dep:version>
>>> <dep:type>war</dep:type>
>>> </dep:moduleId>
>>> <dep:hidden-classes>
>>> <dep:filter>org.apache.commons</dep:filter>
>>> <dep:filter>org.jdom</dep:filter>
>>> <dep:filter>org.apache.axis2</dep:filter>
>>> <dep:filter>org.apache.axiom</dep:filter>
>>> </dep:hidden-classes>
>>> </dep:environment>
>>> <context-root>/MyProxyService</context-root>
>>> </web-app>
>>> Now I must connect to an existing webservice that requires client
>>> certificate authentication for meeting my client's requirements.How could
>>> I
>>> do?I have configured keystore exactly. Thanks!
>>> --
>>> View this message in context:
>>> http://old.nabble.com/How-could-I-access-webservice-by-certificate--tp27320444s134p27320444.html
>>> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
>>>
>>>
>>
>
>
> --
> Ivan
>
Re: How could I access webservice by certificate?
Posted by Ivan <xh...@gmail.com>.
For the webservice client, while using client-cert, you might need to ask
the server to add your cert to his trusted key store. In the meanwhile, you
need to get the server's cert, add it to your local key store ( Geronim
admin should be able help to do it ).
IIRC, you might need to set some options below before starting the server.
set GERONIMO_OPTS=-Djavax.net.ssl.trustStore=YOUR_CLIENT_TRUSTED_KEY_STORE
-Djavax.net.ssl.trustStorePassword=YOUR_CLIENT_TRUSTED_KEY_STORE_PASSWORD
-Djavax.net.ssl.keyStore=YOUR_CLIENT_KEY_STORE
-Djavax.net.ssl.keyStorePassword=YOUR_CLIENT_KEY_STORE_PASSWORD
Then, you should be able to access the remote webservice as usual.
Wish it helps !
2010/1/26 chi runhua <ch...@gmail.com>
> There is a page about this topic for G2.2. Not sure if it helps.
>
> http://cwiki.apache.org/GMOxDOC22/securing-web-service.html
>
> Jeff C
>
> On Tue, Jan 26, 2010 at 6:16 PM, stevens_wu <te...@vip.163.com> wrote:
>
>>
>> I have configured geronimo-jetty6 2.1 for using axis2 webservice through
>> these steps:
>> 1.Download axis2.war.
>> 2.Write deployment plan.
>> 3.Deploy axis2 in console.
>> 4.Now I can upload webservice in url http://localhost:8080/axis2.
>> 5.Webservice test ok.
>> This is my deployment plan.
>> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
>> <dep:environment
>> xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1">
>> <dep:moduleId>
>> <dep:groupId>axis2group</dep:groupId>
>> <dep:artifactId>axis2</dep:artifactId>
>> <dep:version>1.0</dep:version>
>> <dep:type>war</dep:type>
>> </dep:moduleId>
>> <dep:hidden-classes>
>> <dep:filter>org.apache.commons</dep:filter>
>> <dep:filter>org.jdom</dep:filter>
>> <dep:filter>org.apache.axis2</dep:filter>
>> <dep:filter>org.apache.axiom</dep:filter>
>> </dep:hidden-classes>
>> </dep:environment>
>> <context-root>/MyProxyService</context-root>
>> </web-app>
>> Now I must connect to an existing webservice that requires client
>> certificate authentication for meeting my client's requirements.How could
>> I
>> do?I have configured keystore exactly. Thanks!
>> --
>> View this message in context:
>> http://old.nabble.com/How-could-I-access-webservice-by-certificate--tp27320444s134p27320444.html
>> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
>>
>>
>
--
Ivan
Re: How could I access webservice by certificate?
Posted by chi runhua <ch...@gmail.com>.
There is a page about this topic for G2.2. Not sure if it helps.
http://cwiki.apache.org/GMOxDOC22/securing-web-service.html
Jeff C
On Tue, Jan 26, 2010 at 6:16 PM, stevens_wu <te...@vip.163.com> wrote:
>
> I have configured geronimo-jetty6 2.1 for using axis2 webservice through
> these steps:
> 1.Download axis2.war.
> 2.Write deployment plan.
> 3.Deploy axis2 in console.
> 4.Now I can upload webservice in url http://localhost:8080/axis2.
> 5.Webservice test ok.
> This is my deployment plan.
> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
> <dep:environment
> xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1">
> <dep:moduleId>
> <dep:groupId>axis2group</dep:groupId>
> <dep:artifactId>axis2</dep:artifactId>
> <dep:version>1.0</dep:version>
> <dep:type>war</dep:type>
> </dep:moduleId>
> <dep:hidden-classes>
> <dep:filter>org.apache.commons</dep:filter>
> <dep:filter>org.jdom</dep:filter>
> <dep:filter>org.apache.axis2</dep:filter>
> <dep:filter>org.apache.axiom</dep:filter>
> </dep:hidden-classes>
> </dep:environment>
> <context-root>/MyProxyService</context-root>
> </web-app>
> Now I must connect to an existing webservice that requires client
> certificate authentication for meeting my client's requirements.How could I
> do?I have configured keystore exactly. Thanks!
> --
> View this message in context:
> http://old.nabble.com/How-could-I-access-webservice-by-certificate--tp27320444s134p27320444.html
> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
>
>