You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Christian Gosch <ch...@inovex.de> on 2009/12/03 13:06:06 UTC
Configure SSL config for Axis2 1.4.1 client to connect to SOAP/ssl WS
Hi,
I have an Axis2 1.4.1 SOAP client (code generated with wsdl2java using
XMLBeans) and can use this client successfully to execute operations on
a remote server which only accepts SOAP/ssl (https) requests. I do not
configure something special: I simply take the "https:..." URL as it is,
and use it, and Axis2 together with the accompanying libraries does the
remaining.
But the client code is part of a J2EE application deployed on IBM
WebSphere 6.0.2, and this application also has to make calls to the IBM
WebSphere AdminClient interface to deal with some specific things on the
local server. The IBM WebSphere AdminClient also makes use of SOAP/ssl
to contact the desired server which is simply the local host in this
case.
Now I encounter a silly phenomenon:
When the first SOAP/ssl connection during VM life time is initiated by
the AdminClient (which is not configurable regarding the SSL connection
setup) and Axis2 comes behind, everything works fine.
But when the first SOAP/ssl connection during VM life time is initiated
by Axis2 (which simply uses its default scheme of operation to establish
a https connection to a remote host), then AdminClient fails to connect
permanently, but Axis2 keeps being fine all the time.
I raised a PMR at IBM on this issue, but it languishes, and currently
they suspect that the application's client code is to be blamed. I have
no problem with that generally, but I cannot see any way to influence
the actual ssl configuration or setup for Axis2 1.4.1 SOAP client
operation so as to consort better with the AdminClient.
Does anyone know how to configure Axis2 1.4.1 to explicitly select the
cipher, algorithm, keystore or the like for ssl? What about that magic
axis2.xml config file? I did not figure out yet what to put in there at
all, where to put the file and how to locate it then to make it work for
a *client*... its all nebulous to me...
Thanks in advance,
--
Dipl.-Inform. Christian Gosch, PMI PMP
Systems Architecture, Project Management
inovex GmbH
Büro Pforzheim
Karlsruher Strasse 71
D-75179 Pforzheim
Tel: +49 (0)7231 3191-85
Fax: +49 (0)7231 3191-91
c.gosch@inovex.de
www.inovex.de
Sitz der Gesellschaft: Pforzheim
AG Mannheim, HRB 502126
Geschäftsführer: Stephan Müller
RE: Configure SSL config for Axis2 1.4.1 client to connect to SOAP/ssl WS
Posted by Christian Gosch <ch...@inovex.de>.
The source of solution was:
http://osdir.com/ml/axis-user-ws.apache.org/2009-06/msg00307.html
The solution is to set up the following properties for the JVM:
javax.net.ssl.keyStore=<fully qualified path to keystore file>
javax.net.ssl.keyStoreType=<type of keystore, i.e, JKS>
javax.net.ssl.keyStorePassword=<keystore password>
javax.net.ssl.trustStore=<fully qualified path to truststore file>
javax.net.ssl.trustStoreType=<type of truststore, i.e, JKS>
javax.net.ssl.trustStorePassword=<truststore password>
javax.net.ssl.contextProvider=<provider, i.e. JSSE>
This is basically the same as depicted by Thilina Mahesh Buddhika: It
can be achieved either ny using the -Dpropname=propvalue pattern on the
command line, by setting appropriate JVM startup properties using the
administration interface of your choice or by explicitly setting that in
the Java code.
Using system properties for the JVM may be more useful since this way it
is guaranteed that the values are present from the time the JVM starts.
This is difficult to achieve with explicit Java in a J2EE environment.
Regards,
Christian
> -----Original Message-----
> From: Christian Gosch
> Sent: Thursday, December 03, 2009 1:06 PM
> To: axis-user
> Subject: Configure SSL config for Axis2 1.4.1 client to connect to
> SOAP/ssl WS
>
> Hi,
>
> I have an Axis2 1.4.1 SOAP client (code generated with wsdl2java using
> XMLBeans) and can use this client successfully to execute operations
on
> a remote server which only accepts SOAP/ssl (https) requests. I do not
> configure something special: I simply take the "https:..." URL as it
is,
> and use it, and Axis2 together with the accompanying libraries does
the
> remaining.
>
> But the client code is part of a J2EE application deployed on IBM
> WebSphere 6.0.2, and this application also has to make calls to the
IBM
> WebSphere AdminClient interface to deal with some specific things on
the
> local server. The IBM WebSphere AdminClient also makes use of SOAP/ssl
> to contact the desired server which is simply the local host in this
> case.
>
>
> Now I encounter a silly phenomenon:
>
> When the first SOAP/ssl connection during VM life time is initiated by
> the AdminClient (which is not configurable regarding the SSL
connection
> setup) and Axis2 comes behind, everything works fine.
>
> But when the first SOAP/ssl connection during VM life time is
initiated
> by Axis2 (which simply uses its default scheme of operation to
establish
> a https connection to a remote host), then AdminClient fails to
connect
> permanently, but Axis2 keeps being fine all the time.
>
>
> I raised a PMR at IBM on this issue, but it languishes, and currently
> they suspect that the application's client code is to be blamed. I
have
> no problem with that generally, but I cannot see any way to influence
> the actual ssl configuration or setup for Axis2 1.4.1 SOAP client
> operation so as to consort better with the AdminClient.
>
>
> Does anyone know how to configure Axis2 1.4.1 to explicitly select the
> cipher, algorithm, keystore or the like for ssl? What about that magic
> axis2.xml config file? I did not figure out yet what to put in there
at
> all, where to put the file and how to locate it then to make it work
for
> a *client*... its all nebulous to me...
>
>
> Thanks in advance,
> --
> Dipl.-Inform. Christian Gosch, PMI PMP
> Systems Architecture, Project Management
>
> inovex GmbH
> Büro Pforzheim
> Karlsruher Strasse 71
> D-75179 Pforzheim
> Tel: +49 (0)7231 3191-85
> Fax: +49 (0)7231 3191-91
> c.gosch@inovex.de
> www.inovex.de
>
> Sitz der Gesellschaft: Pforzheim
> AG Mannheim, HRB 502126
> Geschäftsführer: Stephan Müller
>
>
>
>
> !DSPAM:4b17a9e8326661182215571!
>
>