axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roberto Juárez Maldonado <arcad...@insightinformatica.es>
Subject axis over https
Date Tue, 03 May 2011 07:07:45 GMT
Hi all,

 

I need to create a client of a web service which runs under Tomcat requiring
https protocol; i.e. the url of the service is something like
https://host:port/someService. The Tomcat uses self-signed certificates. I
have found examples on the Internet which say that with Axis 1 that was easy
to do using the org.apache.axis.components.net.SunFakeTrustSocketFactory
class. However, with Axis 2 it seems not that easy.

 

There seems to be three options.

 

1.- Manually download the certificate file and programmatically instruct the
client (the protocol used by the client to be correct) to access the
certificate with code like this

  Protocol protocol = new Protocol ("https", new
AuthSSLProtocolSocketFactory (new URL("keystore URL"), "password", new
URL("truststore URL"), "password"), 443);

 

2.- Programatically attempt at http://host:port/someService and, after
receiving a response like "302 Temporarily moved...", programatically
download the certificate and continue like option 1. I have seen the SoapUI
tool to behave like this. I still haven't figured out how to do that but
there must be a way to implement this.

 

3.- Register an implementation of the
org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory which
does not require a certificate. I know about the
org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory
class, but this is not part of the standard distribution of the httpclient
(Apache Commons) which comes with Axis2. The code would be sth like this

      Protocol.unregisterProtocol("https");

      Protocol.registerProtocol("https", new Protocol("https", new
EasySSLProtocolSocketFactory(), 443));

 

Unfortunatelly option 1 is unworkable for me due to the fact that
certificates are changed at the server frequently. Option 3 I consider as a
last resort. Option 2 is for me the ideal one. Has anybody implemented sth
like option 2?

 

Thanks a lot in advance.

 

/Roberto.

 


Mime
View raw message