axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roberto Juárez Maldonado <>
Subject axis over https
Date Tue, 03 May 2011 07:07:45 GMT
Hi all,


I need to create a client of a web service which runs under Tomcat requiring
https protocol; i.e. the url of the service is something like
https://host:port/someService. The Tomcat uses self-signed certificates. I
have found examples on the Internet which say that with Axis 1 that was easy
to do using the
class. However, with Axis 2 it seems not that easy.


There seems to be three options.


1.- Manually download the certificate file and programmatically instruct the
client (the protocol used by the client to be correct) to access the
certificate with code like this

  Protocol protocol = new Protocol ("https", new
AuthSSLProtocolSocketFactory (new URL("keystore URL"), "password", new
URL("truststore URL"), "password"), 443);


2.- Programatically attempt at http://host:port/someService and, after
receiving a response like "302 Temporarily moved...", programatically
download the certificate and continue like option 1. I have seen the SoapUI
tool to behave like this. I still haven't figured out how to do that but
there must be a way to implement this.


3.- Register an implementation of the
org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory which
does not require a certificate. I know about the
class, but this is not part of the standard distribution of the httpclient
(Apache Commons) which comes with Axis2. The code would be sth like this


      Protocol.registerProtocol("https", new Protocol("https", new
EasySSLProtocolSocketFactory(), 443));


Unfortunatelly option 1 is unworkable for me due to the fact that
certificates are changed at the server frequently. Option 3 I consider as a
last resort. Option 2 is for me the ideal one. Has anybody implemented sth
like option 2?


Thanks a lot in advance.




View raw message