axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bobak, Greg P." <>
Subject RE: Authenticating the caller
Date Tue, 06 May 2003 15:23:21 GMT
This is how I did it:

Set up HTTP Server to use SSL following instructions for that server.

Put SSL certificate (extract it using keyman or some other tool) in Java Key
Store for client.

Add this code to your client:

//blah blah
if (endpoint.startsWith("https") {
 //********** Adding HTTPS support ******************//
 // Get certificate -- your browser normally does this.
System.setProperty("", keyStorePassword);
System.setProperty("", keyStore);
System.setProperty("", trustStorePassword);
System.setProperty("", trustStore);

// Add https protocol support

// Add SSL Provider
//********** End of HTTPS support ***********//
 } catch(Exception e){
  log.error("Error setting protocol:  " + e);

Do Axis Service and Call after.


Greg Bobak	
Senior Programmer Analyst
Cole National

-----Original Message-----
From: Bill Lear [] 
Sent: Tuesday, May 06, 2003 10:15 AM
Subject: Authenticating the caller

I would like to run my Axis program with Tomcat, using HTTPS (SSL).

The "Web Service Security" document says in the section "Authenticating
the caller" that:

     To  support https  in the  Axis client,  you need  to  ensure the
     client has  https support in  the runtime. This is  automatic for
     Java1.4+; older versions need to  add JSSE support through Sun or
     an alternate provider.

I am using Java1.4+, and would like to know how to configure this.
I'm hoping that once I get Tomcat configured and security set up on
that side, I'll just have to change a config file and specify
SSL sockets on the client side (plus a few more steps, I'm sure).

BTW, I am using Java2WSDL and WSDL2Java to generate my code.  So far,
I have not had to edit any .wsdd, .wsdl files!:-)

Any help appreciated.  I'd be happy to write up the "front-to-back
security using Tomcat and Axis" document if that would be helpful
for others, once I figure this out.



*************************Internet Email

Privileged/Confidential Information may be contained in this message.  If
you are not the addressee indicated in this message (or responsible for
delivery of the message to such person), you may not copy or deliver this
message to anyone. In such case, you should destroy this message and kindly
notify the sender by reply email. Please advise immediately if you or your
employer do not consent to Internet email for messages of this kind.
Opinions, conclusions and other information in this message that do not
relate to the official business of my firm shall be understood as neither
given nor endorsed by it. 

View raw message