axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pedro Quintas <pedro.quin...@first.pt>
Subject RE: HTTPS WebService through HTTP Proxy
Date Thu, 15 Oct 2009 08:05:56 GMT
I don't agreed with you.
The Client must know that on the other side (WebService) talks in HTTPS.

For example, I use SOAPUI to test this connections and again I put the TCPMon between the
SOAPUI and the proxy.
I saw in plaintext the communication with the proxy:

CONNECT portal.pt:443 HTTP/1.1
Proxy-Authorization: Basic dGVzdGU6dGVzdGU=
User-Agent: Jakarta Commons-HttpClient/3.1
Host: portal.pt
Proxy-Connection: Keep-Alive

And Received from proxy this:

                HTTP/1.0 200 Connection established

At this time, I'm connect to the portal.pt:443 server.
>From here the difference starts, on my client all the communication continues in plaintext,
on SOAPUI all the communication is encrypted.

Is I use my client without the proxy setting all works fine (the communication is encrypted).

Any ideas?


Thanks,
Kintas


De: Christian Gosch [mailto:christian.gosch@inovex.de]
Enviada: quinta-feira, 15 de Outubro de 2009 08:18
Para: axis-user
Assunto: RE: HTTPS WebService through HTTP Proxy

I'm not quite sure, but shouldn't it be sufficient to talk to the proxy as required, and let
the proxy do whatever it is supposed to?

In other words: I think from an Axis client's view only the instance this client directly
talks to should matter. What happens there (immediate processing or forwarding forth and back
of the SOAP messages by means of a proxy or gateway) should not matter at all for the Axis
client.

This applies to all aspects of the communication, i. e. ports, resource URLs, encryption,
authentication, authorization...

Christian

________________________________

From: Pedro Quintas [mailto:pedro.quintas@first.pt]
Sent: Thursday, October 15, 2009 2:00 AM
To: axis-user@ws.apache.org
Subject: HTTPS WebService through HTTP Proxy
Importance: High

Hello.

I need to call a HTTPS WebService  through a HTTP proxy.
I set on Options object the following:

                options.setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, new Protocol("https",
(ProtocolSocketFactory)new AuthSSLProtocolSocketFactory(endpoint), 443));
                options.setTransportInProtocol(Constants.TRANSPORT_HTTPS);

                options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);

                options.setProperty(HTTPConstants.PROXY, proxyProperty); // proxyProperty
have set ProxyName, ProxyPort, UserName, PassWord

And another options.
I put the TCPMon, between my program and the proxy to see what is send.

On TCPMon I see the connection made to the proxy and then to the HTTPS WebService, all in
plaintext and this is wrong because after the connection to the proxy, all data transmited
should been encrypted.

Any one already have this problem? How can I solve this?

Sorry for my bad English.


Thanks,
Kintas
!DSPAM:4ad66624326667108612316!


Mime
View raw message