axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andre Piwoni" <apiw...@megawest.com>
Subject SSL and Axis
Date Mon, 06 May 2002 19:23:39 GMT
for setting up Apache SOAP Client for SSL communication at
http://xml.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html are
fine, however, the following line in the SOAP client,
 
System.setProperty("javax.net.ssl.trustStore","C:\\jdk1.3\\bin\\client.k
eystore")
 
make it unusable when deployed with Java Web Start or as an applet as
far as I know.
 
One solution, I thought, would be to send client.keystore in .jar file
along with application and to point javax.net.ssl.trustStore to location
in .jar file which I couldn't accomplish successfully. Whathever reads
this property apparently does not know how to read .jar files.
 
Second solution that came to my mind was to load client.keystore into
instance of KeyStore class and initialize SSLContext with it as shown
below:
 
      TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509", "SunJSSE");
      tmf.init(keyStore);
 
      SSLContext context = SSLContext.getInstance("TLS");
 
      context.init(null, tmf.getTrustManagers(), null);
 
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()
);
 
However, designers of SSLUtilities class that builds SSLSocket in
ApacheSOAP use SSLSocketFactory factory =
(SSLSocketFactory)SSLSocketFactory.getDefault(). This method creates new
SSLContext  which uses default keystore so my second idea didn't work
out.
 
Why do we are required to have client authentication in Apache SOAP at
all? Why not allow more control over SSLContext?
 
Is there any way to get around these limitations?
 
Thanks!
 
 

Mime
View raw message