You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Deep Chand <dg...@gmail.com> on 2007/08/24 17:26:50 UTC
Changes in axis client for Mutual Authentication
all gurus,
I have a web service client developed using axis i.e. Ran WSDL2Java on WSDL
to generate the client stubs and then filled in the logic to access the web
service exposed by soap server. Everything works fine.
I want to add mutual authentication (2 way TLS authentication) to this
existing web service communication. I've the access to client and server
certificates. What changes do I need to make in the client?
What I understand from googling is:
1) I read that I need to set some system properties like
javax.net.ssl.keyStoreType,
javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword,
javax.net.ssl.trustStoreType,
javax.net.ssl.trustStore
javax.net.ssl.trustStorePasswo
rd
2) Use https instead of http while invoking the web service.
Is that all I need to do or some thing else? Do I need to set these system
properties while running the wsdl2java utility or in the client code at the
time of invoking the web service. please reply
any help is appreciated.
thanks,
deep
RE: Changes in axis client for Mutual Authentication
Posted by "Ford, Jennifer M." <JE...@SOUTHERNCO.COM>.
I wasn't able to do this just by setting the global parameters you
mention. The truststore paramters you set will help you to make the
server is who you think it is, but you'll have to do some work to get
the client to pass a certificate.
There's a library in not-yet-commons that will help:
AuthSSLProtocolSocketFactory. In my case, I used the generated code
just to create the envelope and then used my own HTTPClient with that
library to produce the desired results.
I think someone else has mentioned on here there's a way to configure
the service client in the stub to use the protocol that you generate
with the factory class rather than producing your own HTTPClient.
________________________________
From: Deep Chand [mailto:dgiscool@gmail.com]
Sent: Friday, August 24, 2007 10:27 AM
To: axis-user@ws.apache.org
Subject: Changes in axis client for Mutual Authentication
all gurus,
I have a web service client developed using axis i.e. Ran WSDL2Java on
WSDL
to generate the client stubs and then filled in the logic to access the
web
service exposed by soap server. Everything works fine.
I want to add mutual authentication (2 way TLS authentication) to this
existing web service communication. I've the access to client and server
certificates. What changes do I need to make in the client?
What I understand from googling is:
1) I read that I need to set some system properties like
javax.net.ssl.keyStoreType,
javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword,
javax.net.ssl.trustStoreType ,
javax.net.ssl.trustStore
javax.net.ssl.trustStorePasswo
rd
2) Use https instead of http while invoking the web service.
Is that all I need to do or some thing else? Do I need to set these
system
properties while running the wsdl2java utility or in the client code at
the
time of invoking the web service. please reply
any help is appreciated.
thanks,
deep
Re: Changes in axis client for Mutual Authentication
Posted by Alberto Patino <pa...@gmail.com>.
Believe it, this is true, I did this procedure with axis1, I'
wondering if axis2 use the same mechanism? I hope so.
However, the only problem I had was converting the PEM certificates I
received from my customer into the keystore! Be careful if you receive
a Chain of Certificates in PEM format!
Alberto Patino
On 8/24/07, Ali, Haneef <ha...@hp.com> wrote:
> Before accessing the webservice.
>
> // Set System properties
> // Instantiate the stub
> // Call the method
>
>
> Haneef
>
>
> ________________________________
>
> From: Deep Chand [mailto:dgiscool@gmail.com]
> Sent: Friday, August 24, 2007 10:48 AM
> To: Ali, Haneef
> Cc: axis-user@ws.apache.org
> Subject: Re: Changes in axis client for Mutual Authentication
>
>
> So do I need to set the system properties in the client code i.e.
> constructor of stubs generated by wsdl2java or some where in the code
> before accessing the web service. OR do i need to set it at the time of
> using wsdl2java utility. please reply.
>
>
> On 8/24/07, Ali, Haneef <ha...@hp.com> wrote:
>
> Hi,
>
> You don't need to make any changes. You have done all the
> required
> settings. If you still think it is not working do the following.
>
> 1) Set the property System.setProperty("javax.net.debug",
> "ssl,handshake");
> 2) Look at the debug messages.
> a) First you will see set of messages relating to JSSE
> reading
> the contents of truststore and keystore
> b) Then you will set of messages relating to SSL handshake
>
> starting with "ServerHello", "ClientHello" etc
> c) If your server is configured to do client-cert auth(
> 2 way
> ssl) then you will see a request with a header
> "CertificateRequest" followed by set of CA
> names. ( i.e)
> the server is capable of accepting any certificates issued by
> those CAs'
> d) Then you can see set of messages relating to your
> client
> finding appropriate certificate from the keystore and sending it
> to
> server
> e) You can ignore rest of the messages.
>
> Thanks,
> Haneef
>
>
>
>
>
>
> ________________________________
>
> From: Deep Chand [mailto:dgiscool@gmail.com
> <ma...@gmail.com> ]
> Sent: Friday, August 24, 2007 8:27 AM
> To: axis-user@ws.apache.org
> Subject: Changes in axis client for Mutual Authentication
>
>
> all gurus,
>
> I have a web service client developed using axis i.e. Ran
> WSDL2Java on
> WSDL
> to generate the client stubs and then filled in the logic to
> access the
> web
> service exposed by soap server. Everything works fine.
>
> I want to add mutual authentication (2 way TLS authentication)
> to this
> existing web service communication. I've the access to client
> and server
> certificates. What changes do I need to make in the client?
>
> What I understand from googling is:
>
> 1) I read that I need to set some system properties like
>
> javax.net.ssl.keyStoreType,
> javax.net.ssl.keyStore,
> javax.net.ssl.keyStorePassword,
> javax.net.ssl.trustStoreType ,
> javax.net.ssl.trustStore
> javax.net.ssl.trustStorePasswo
> rd
>
> 2) Use https instead of http while invoking the web service.
>
> Is that all I need to do or some thing else? Do I need to set
> these
> system
> properties while running the wsdl2java utility or in the client
> code at
> the
> time of invoking the web service. please reply
>
> any help is appreciated.
>
> thanks,
> deep
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Don't be evil!!!
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: Changes in axis client for Mutual Authentication
Posted by "Ali, Haneef" <ha...@hp.com>.
Before accessing the webservice.
// Set System properties
// Instantiate the stub
// Call the method
Haneef
________________________________
From: Deep Chand [mailto:dgiscool@gmail.com]
Sent: Friday, August 24, 2007 10:48 AM
To: Ali, Haneef
Cc: axis-user@ws.apache.org
Subject: Re: Changes in axis client for Mutual Authentication
So do I need to set the system properties in the client code i.e.
constructor of stubs generated by wsdl2java or some where in the code
before accessing the web service. OR do i need to set it at the time of
using wsdl2java utility. please reply.
On 8/24/07, Ali, Haneef <ha...@hp.com> wrote:
Hi,
You don't need to make any changes. You have done all the
required
settings. If you still think it is not working do the following.
1) Set the property System.setProperty("javax.net.debug",
"ssl,handshake");
2) Look at the debug messages.
a) First you will see set of messages relating to JSSE
reading
the contents of truststore and keystore
b) Then you will set of messages relating to SSL handshake
starting with "ServerHello", "ClientHello" etc
c) If your server is configured to do client-cert auth(
2 way
ssl) then you will see a request with a header
"CertificateRequest" followed by set of CA
names. ( i.e)
the server is capable of accepting any certificates issued by
those CAs'
d) Then you can see set of messages relating to your
client
finding appropriate certificate from the keystore and sending it
to
server
e) You can ignore rest of the messages.
Thanks,
Haneef
________________________________
From: Deep Chand [mailto:dgiscool@gmail.com
<ma...@gmail.com> ]
Sent: Friday, August 24, 2007 8:27 AM
To: axis-user@ws.apache.org
Subject: Changes in axis client for Mutual Authentication
all gurus,
I have a web service client developed using axis i.e. Ran
WSDL2Java on
WSDL
to generate the client stubs and then filled in the logic to
access the
web
service exposed by soap server. Everything works fine.
I want to add mutual authentication (2 way TLS authentication)
to this
existing web service communication. I've the access to client
and server
certificates. What changes do I need to make in the client?
What I understand from googling is:
1) I read that I need to set some system properties like
javax.net.ssl.keyStoreType,
javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword,
javax.net.ssl.trustStoreType ,
javax.net.ssl.trustStore
javax.net.ssl.trustStorePasswo
rd
2) Use https instead of http while invoking the web service.
Is that all I need to do or some thing else? Do I need to set
these
system
properties while running the wsdl2java utility or in the client
code at
the
time of invoking the web service. please reply
any help is appreciated.
thanks,
deep
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Changes in axis client for Mutual Authentication
Posted by Deep Chand <dg...@gmail.com>.
So do I need to set the system properties in the client code i.e.
constructor of stubs generated by wsdl2java or some where in the code before
accessing the web service. OR do i need to set it at the time of using
wsdl2java utility. please reply.
On 8/24/07, Ali, Haneef <ha...@hp.com> wrote:
>
> Hi,
>
> You don't need to make any changes. You have done all the required
> settings. If you still think it is not working do the following.
>
> 1) Set the property System.setProperty("javax.net.debug",
> "ssl,handshake");
> 2) Look at the debug messages.
> a) First you will see set of messages relating to JSSE reading
> the contents of truststore and keystore
> b) Then you will set of messages relating to SSL handshake
> starting with "ServerHello", "ClientHello" etc
> c) If your server is configured to do client-cert auth( 2 way
> ssl) then you will see a request with a header
> "CertificateRequest" followed by set of CA names. (i.e)
> the server is capable of accepting any certificates issued by those CAs'
> d) Then you can see set of messages relating to your client
> finding appropriate certificate from the keystore and sending it to
> server
> e) You can ignore rest of the messages.
>
> Thanks,
> Haneef
>
>
>
>
>
>
> ________________________________
>
> From: Deep Chand [mailto:dgiscool@gmail.com]
> Sent: Friday, August 24, 2007 8:27 AM
> To: axis-user@ws.apache.org
> Subject: Changes in axis client for Mutual Authentication
>
>
> all gurus,
>
> I have a web service client developed using axis i.e. Ran WSDL2Java on
> WSDL
> to generate the client stubs and then filled in the logic to access the
> web
> service exposed by soap server. Everything works fine.
>
> I want to add mutual authentication (2 way TLS authentication) to this
> existing web service communication. I've the access to client and server
> certificates. What changes do I need to make in the client?
>
> What I understand from googling is:
>
> 1) I read that I need to set some system properties like
>
> javax.net.ssl.keyStoreType,
> javax.net.ssl.keyStore,
> javax.net.ssl.keyStorePassword,
> javax.net.ssl.trustStoreType ,
> javax.net.ssl.trustStore
> javax.net.ssl.trustStorePasswo
> rd
>
> 2) Use https instead of http while invoking the web service.
>
> Is that all I need to do or some thing else? Do I need to set these
> system
> properties while running the wsdl2java utility or in the client code at
> the
> time of invoking the web service. please reply
>
> any help is appreciated.
>
> thanks,
> deep
>
>
>
RE: Changes in axis client for Mutual Authentication
Posted by "Ali, Haneef" <ha...@hp.com>.
Hi,
You don't need to make any changes. You have done all the required
settings. If you still think it is not working do the following.
1) Set the property System.setProperty("javax.net.debug",
"ssl,handshake");
2) Look at the debug messages.
a) First you will see set of messages relating to JSSE reading
the contents of truststore and keystore
b) Then you will set of messages relating to SSL handshake
starting with "ServerHello", "ClientHello" etc
c) If your server is configured to do client-cert auth( 2 way
ssl) then you will see a request with a header
"CertificateRequest" followed by set of CA names. (i.e)
the server is capable of accepting any certificates issued by those CAs'
d) Then you can see set of messages relating to your client
finding appropriate certificate from the keystore and sending it to
server
e) You can ignore rest of the messages.
Thanks,
Haneef
________________________________
From: Deep Chand [mailto:dgiscool@gmail.com]
Sent: Friday, August 24, 2007 8:27 AM
To: axis-user@ws.apache.org
Subject: Changes in axis client for Mutual Authentication
all gurus,
I have a web service client developed using axis i.e. Ran WSDL2Java on
WSDL
to generate the client stubs and then filled in the logic to access the
web
service exposed by soap server. Everything works fine.
I want to add mutual authentication (2 way TLS authentication) to this
existing web service communication. I've the access to client and server
certificates. What changes do I need to make in the client?
What I understand from googling is:
1) I read that I need to set some system properties like
javax.net.ssl.keyStoreType,
javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword,
javax.net.ssl.trustStoreType ,
javax.net.ssl.trustStore
javax.net.ssl.trustStorePasswo
rd
2) Use https instead of http while invoking the web service.
Is that all I need to do or some thing else? Do I need to set these
system
properties while running the wsdl2java utility or in the client code at
the
time of invoking the web service. please reply
any help is appreciated.
thanks,
deep
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org