axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Wong" <jimw...@bytemobile.com>
Subject RE: SSL Client Auth with Tomcat and Axis
Date Thu, 14 Oct 2004 21:15:58 GMT
Thanks for the suggestion.  I'll give this a try and let you know how it
works. 


--
Jim Wong (jimwong@bytemobile.com) 

-----Original Message-----
From: Wagle, Shriniwas [mailto:Shriniwas_Wagle@sra.com] 
Sent: Thursday, October 14, 2004 10:10 AM
To: axis-user@ws.apache.org
Subject: RE: SSL Client Auth with Tomcat and Axis

What you are attempting is a good idea.

I have not tried this, but what I'd try is:
1. Get the axis message context.  I believe you'll have to setup a
Handler to do that.
2. Once you have the message context, you can get to the http servlet
request from it using one of the properties listed in HTTPConstants.*.
3. Then use the request.getAttribute
("javax.servlet.request.X509Certificate") to get the client cert.
4. From the cert you can get all sorts of client information.

I had been planning to do this, but never actually got around to trying
it out.  So a bit curious and would be keen on knowing the results you
got.

Thanks

-----Original Message-----
From: Jim Wong [mailto:jimwong@bytemobile.com]
Sent: Wednesday, October 13, 2004 7:52 PM
To: axis-user@ws.apache.org
Subject: SSL Client Auth with Tomcat and Axis

On a somewhat related note, I'm just getting started on trying to build
an application using Axis, Tomcat and SSL.  I would like to use client
authentication, but I haven't been able to find documentation that
explains how (assuming it's possible) one could access information from
the client's certificate from within a web service or handler.

Am I missing something blindingly obvious?  As I mentioned, I'm new to
this, so it's distinctly possible...

--
Jim Wong (jimwong@bytemobile.com)
 
-----Original Message-----
From: Hubble, Christopher [mailto:CHRISTOPHER.L.HUBBLE@saic.com]
Sent: Tuesday, October 12, 2004 5:58 AM
To: 'axis-user@ws.apache.org'
Subject: RE: 2 way SSL with Axis and Tomcat as a Service

I pretty much used this guide (and the new chapter it links to) to do
it.

http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html

Pretty much everything you need to know is in the SSL section of the new
chapter.  It starts on page 16 of the pdf.  You gen your keystores and
truststores, making sure to place them on the appropriate machines.
Then change server.xml.  I didn't use JCEKS and all of my stuff works.
The hard part was installing Tomcat as a service with the truststore
attribute set.
For some reason, Tomcat doesn't let you set it in server.xml.  Then you
just modify your client to use https and include the keystore and
truststore.
Other than a typo, the CL version worked perfectly.  I had to just play
around with tomcat.exe to get it installed as a service, tho.

Chris

-----Original Message-----
From: Silvano Maffeis [mailto:silvano@pyx.ch]
Sent: Tuesday, October 12, 2004 2:30 AM
To: axis-user@ws.apache.org
Subject: Re: 2 way SSL with Axis and Tomcat as a Service


Hubble, Christopher wrote:

>Welp, after much trial and tribulation, I finally got axis using 2 way
ssl.
>This required me to custom set up tomcat as a service, and I finally 
>got that working.  Once I get my code all cleaned up, I'll post the 
>relavent details.
>
>Chris
>  
>
That would be much appreciated, thanks :-)

Silvano


This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, do not forward this email to any
other person, delete this e-mail and destroy all copies. Any
dissemination or use of this information by a person other than the
intended recipient is unauthorized and may be illegal.



This e-mail and any attachments may contain confidential and
privileged information. If you are not the intended recipient,
please notify the sender immediately by return e-mail, do not forward 
this email to any other person, delete this
e-mail and destroy all copies. Any dissemination or use of this
information by a person other than the intended recipient is
unauthorized and may be illegal.

Mime
View raw message