You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Cooperstock, Dan" <da...@hepcoe.com> on 2002/09/30 23:06:42 UTC
Tomcat, JSSE, JAXM SOAP Problem
It seems like a lot of people have asked questions similar to the following
on this list, but never gotten a helpful answer. I'll be brave and post my
version of it!
> I am using web services via the JAXM part of the Java XML pack. I have
> been using it successfully, both from a small scaffolding pure Java app
> with a main() method, and from within a JSP app running in Tomcat.
>
> So far, I have been accessing the web services via http. Now I want to
> access them via https (i.e. with secure encryption). So, as specified in a
> couple of Java Web Services / SOAP books I bought, I installed JSSE, and
> added the following code to my app (before I call any web services):
>
> System.setProperty("java.protocol.handler.pkgs",
> "com.sun.net.ssl.internal.www.protocol");
> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
>
> I also then changed the URL I was calling the services on to an https URL.
> (The provider of the services allows calling of them either way, with http
> or https.) From the pure Java app with the main() method, this worked
> perfectly.
>
> Next, I copied exactly the same code changes (and yes, I've triple checked
> them!) into my JSP web app. I put the JSSE jar files in the proper Tomcat
> common/lib directory. I get an exception whose text is "Bad URL: unknown
> protocol: https".
>
> Then I tried moving the JSSE jars from the Tomcat common\lib directory to
> c:\jdk1.3.1\jre\lib\ext, the extension directory. Now, I get the following
> exception:
>
> javax.xml.soap.SOAPException: java.security.PrivilegedActionException
> <<javax.xml.soap.SOAPException: Message send failed>>
>
> Any ideas? Is Tomcat somehow changing the technology that the JAXM stuff
> uses to call the service on the specified URL? How can I get around the
> PrivilegedActionException?
>
> By the way, since I'm not trying to run a secure copy of Tomcat, but
> rather just trying to access secure (https) web services as a client from
> within JSP pages running within Tomcat, I don't think anything about
> keystores or certificates will be relevant. This thought is confirmed by
> the fact that the plain Java main() program worked. Also, I created a
> keystore, and got my Tomcat working securely, but it didn't make any
> difference to this main problem.
>
Another interesting "by the way" is that I have tried exactly the same thing
with the Sun ONE Web Server serving as the JSP/Servlet container, rather
than Tomcat, and I get exactly the same behaviour!
Dan Cooperstock, Senior Technical Consultant, HEPCOE Credit Union
dan.cooperstock@hepcoe.com 416-597-5055
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>