You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Steve Pannier <St...@jacada.com> on 2003/12/19 23:37:52 UTC

Axis1.1 and HTTPS/SSL

I'm trying to get HTTPS/SSL working with a web service
running in Axis1.1.  I want to encrypt all messages sent
to/from a particular web service.  I don't want
encryption used with other deployed web services.

I've searched through the mailing list to see if what
I'm trying to do will work, and ran across the following
statement from Chapter 11 (Web Services Security) in
Pankaj Kumar's book (J2EE Security for Servlets, EJBs,
and Web Services)
(http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html):


"This makes it hard to protect only certain services within
a Web container with HTTPS and let others be accessed with
plain HTTP. You must have all services deployed within a
particular Web container accepting HTTPS connection or none."


Is this still true?  Or can I configure axis so that
encryption is applied to only one service in the webapp?

Also, can I encrypt messages only one-way?  That is, can
I encrypt messages *to* my service, but not *from* the
service?

Regards.

Steve Pannier