axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Till Woerner" <t...@twoerner.de>
Subject AW: using both HTTP and HTTPS
Date Wed, 17 Apr 2002 16:05:03 GMT
Hi!
 
this is my point of view also. Your server is responsible for
establishing security. You can use one Axis deployed and have different
web services with different security constraints.
Look for the security-constraint element in the servlet specs. With this
element you can force your container to use secure transport (if it
supports this element and tomcat does in version 4.0.3 which was the one
I tested...). You define all settings in web.xml in the AXIS webapp
directory.
 
Here is my example. It forces all requests to the AXIS webapp to use SSL
(remember to enable the SSL connector in server.xml). You can customize
the url-pattern to suite your needs):
 
[...]
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Entire Application</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>    
        <transport-guarantee>INTEGRAL</transport-guarantee>
    </user-data-constraint>    
</security-constraint>    
[...]
 
 
Greetings,
Till

--
Caught in our narrowminded believe...
-------------------------------------
Till Woerner
Berlin, Germany
EMail:till@twoerner.de
ICQ#: 7162410 

-----Urspr√ľngliche Nachricht-----
Von: OBRADOVIC,PETAR (HP-Vancouver,ex1) [mailto:petar_obradovic@hp.com] 
Gesendet: Mittwoch, 17. April 2002 17:54
An: 'axis-user@xml.apache.org'
Betreff: RE: using both HTTP and HTTPS


My understanding is that on the server side HTTPS is responsibility of
your servlet container and not Axis.  So, there is no reason to deploy
more than one instance of Axis engine.  Both HTTP and HTTPS requests
will be passed to the same Axis engine by your server container.  Please
correct me if I am wrong!
 
Petar

-----Original Message-----
From: jean-claude.mamou@ascentialsoftware.com
[mailto:jean-claude.mamou@ascentialsoftware.com]
Sent: Tuesday, April 16, 2002 6:50 PM
To: axis-user@xml.apache.org
Subject: RE: using both HTTP and HTTPS



Thanks for the clarification Pankaj, 

One additional question. Do we need to have two Axis deployed (one for
http and one for https) or could we have web services using both http
and https under a single axis deployment?

Thanks 
Jean-Claude 

-----Original Message----- 
From: KUMAR,PANKAJ (HP-Cupertino,ex1) [mailto:pankaj_kumar@hp.com] 
Sent: Tuesday, April 16, 2002 9:25 PM 
To: 'axis-user@xml.apache.org' 
Subject: RE: using both HTTP and HTTPS 


Hi Jean, 
  
These environment variables are for the client side. 
  
On the server side you can setup Tomcat or whatever servlet container
you 
have chosen for accepting connection on both http and https and it would

work fine. 
  
If you want to run multiple clients, some with HTTP and some with HTTPS,

then you can run those under different shells. 
  
Experiment with it a little. It is fairly straightforward. 
  
Thanks, 
Pankaj Kumar. 

-----Original Message----- 
From: jean-claude.mamou@ascentialsoftware.com 
[mailto:jean-claude.mamou@ascentialsoftware.com] 
Sent: Tuesday, April 16, 2002 6:11 PM 
To: axis-user@xml.apache.org 
Subject: using both HTTP and HTTPS 


Hi, 

We would like to have web service accessible through HTTPS. 

According to some literatture found on the web about that 
(<http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html> ), it seems
that 
some specific environment variables need to be set to make it work
properly: 

set AXIS_HOME=d:\apache\xml-axis-alpha3 

set AXIS_SERVLET_DIR=%AXIS_HOME%\webapps\axis 

set AXIS_CONTEXT_URL=https://localhost:8443/axis 

Because of those environment variables, how can we have both HTTP and
HTTPS 
in the same environment? I was thinking of deploying Axis 2 times into 
tomcat for example, one under https, the other one under http.
Environment 
variable would prevent that from working. 

Any ideas? 

Thanks, 

Jean-Claude 


Mime
View raw message