Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 6459 invoked from network); 27 Jan 2010 03:13:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 27 Jan 2010 03:13:46 -0000 Received: (qmail 91494 invoked by uid 500); 27 Jan 2010 03:13:45 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 91415 invoked by uid 500); 27 Jan 2010 03:13:45 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 91407 invoked by uid 99); 27 Jan 2010 03:13:44 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Jan 2010 03:13:44 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of xhhsld@gmail.com designates 74.125.92.27 as permitted sender) Received: from [74.125.92.27] (HELO qw-out-2122.google.com) (74.125.92.27) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Jan 2010 03:13:36 +0000 Received: by qw-out-2122.google.com with SMTP id 5so369364qwd.25 for ; Tue, 26 Jan 2010 19:13:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=3r/FkuLOqftfOuiIgPAsiK5+DwujA8yqn4XW6AYElsI=; b=Vy8ECA1rzT6HLh2NmsOSaTwm7JV5W2SGCP8fV+UpWY10IdAhQhs4aoIfOrdQNJDXBM o879UkuKRLG8+uyNKzPPTo2P8FfUpv2A7GcnFtYMuGk0+m/dLgNfM1wGtnILOq60qCv5 SrXOQso4HOMsplIs+L9axNbC6J+6E4DIxylKo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=DDlV/QoCU9apBjI4Q6BdeO5ainkw9M9w2fWKMDfl7beR0wlFVd2LxFp3205Qk/VBU5 uE866gZ1rUzE56Uo1tnBT8bjXQC+exK+Xeh6dKk9kqC3DH5gflH4jBvIrrABVRqlEKGj vXYbrSB8uUFo4pDsfzsWD5fcDfhl6IFNHsXEg= MIME-Version: 1.0 Received: by 10.229.102.165 with SMTP id g37mr3204862qco.65.1264561995332; Tue, 26 Jan 2010 19:13:15 -0800 (PST) In-Reply-To: <98a659de1001260405v6866ec38qd52524b104d7592c@mail.gmail.com> References: <27320444.post@talk.nabble.com> <98a659de1001260405v6866ec38qd52524b104d7592c@mail.gmail.com> Date: Wed, 27 Jan 2010 11:13:15 +0800 Message-ID: <45f744e41001261913g21ea77b8gceacb4645d02b6a7@mail.gmail.com> Subject: Re: How could I access webservice by certificate? From: Ivan To: user@geronimo.apache.org Content-Type: multipart/alternative; boundary=002354470674873e6a047e1cc809 --002354470674873e6a047e1cc809 Content-Type: text/plain; charset=ISO-8859-1 For the webservice client, while using client-cert, you might need to ask the server to add your cert to his trusted key store. In the meanwhile, you need to get the server's cert, add it to your local key store ( Geronim admin should be able help to do it ). IIRC, you might need to set some options below before starting the server. set GERONIMO_OPTS=-Djavax.net.ssl.trustStore=YOUR_CLIENT_TRUSTED_KEY_STORE -Djavax.net.ssl.trustStorePassword=YOUR_CLIENT_TRUSTED_KEY_STORE_PASSWORD -Djavax.net.ssl.keyStore=YOUR_CLIENT_KEY_STORE -Djavax.net.ssl.keyStorePassword=YOUR_CLIENT_KEY_STORE_PASSWORD Then, you should be able to access the remote webservice as usual. Wish it helps ! 2010/1/26 chi runhua > There is a page about this topic for G2.2. Not sure if it helps. > > http://cwiki.apache.org/GMOxDOC22/securing-web-service.html > > Jeff C > > On Tue, Jan 26, 2010 at 6:16 PM, stevens_wu wrote: > >> >> I have configured geronimo-jetty6 2.1 for using axis2 webservice through >> these steps: >> 1.Download axis2.war. >> 2.Write deployment plan. >> 3.Deploy axis2 in console. >> 4.Now I can upload webservice in url http://localhost:8080/axis2. >> 5.Webservice test ok. >> This is my deployment plan. >> >> > xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1"> >> >> axis2group >> axis2 >> 1.0 >> war >> >> >> org.apache.commons >> org.jdom >> org.apache.axis2 >> org.apache.axiom >> >> >> /MyProxyService >> >> Now I must connect to an existing webservice that requires client >> certificate authentication for meeting my client's requirements.How could >> I >> do?I have configured keystore exactly. Thanks! >> -- >> View this message in context: >> http://old.nabble.com/How-could-I-access-webservice-by-certificate--tp27320444s134p27320444.html >> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com. >> >> > -- Ivan --002354470674873e6a047e1cc809 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable For the webservice client, while using client-cert, you might need to ask t= he server to add your cert to his trusted key store. In the meanwhile, you = need to get the server's cert, add it to your local key store ( Geronim= admin should be able help to do it ).
IIRC, you might need to set some options below before starting the server.<= br>set GERONIMO_OPTS=3D-Djavax.net.ssl.trustStore=3DYOUR_CLIENT_TRUSTED_KEY= _STORE -Djavax.net.ssl.trustStorePassword=3DYOUR_CLIENT_TRUSTED_KEY_STORE_P= ASSWORD -Djavax.net.ssl.keyStore=3DYOUR_CLIENT_KEY_STORE -Djavax.net.ssl.ke= yStorePassword=3DYOUR_CLIENT_KEY_STORE_PASSWORD
Then, you should be able to access the remote webservice as usual.
Wish = it helps !

2010/1/26 chi runhua <chirunhua@gmail.com= >
There is a page a= bout this topic for G2.2. Not sure if it helps.

http://cwiki.apache.org/GMOxDOC22/securing-web-service.html

Jeff C

=
On Tue, Jan 26, 2010 at 6:16 PM, stevens_wu <teawater@vip.163.com> wrote:

I have configured geronimo-jetty6 2.1 for using axis2 webservice through these steps:
1.Download axis2.war.
2.Write deployment plan.
3.Deploy axis2 in console.
4.Now I can upload webservice in url http://localhost:8080/axis2.
5.Webservice test ok.
This is my deployment plan.
<web-app xmlns=3D"http://geronimo.apache.org/xml/ns/j2ee/web-1.1<= /a>">
=A0 =A0 =A0 =A0<dep:environment
xmlns:dep=3D"http://geronimo.apache.org/xml/ns/deployment-1.1&= quot;>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:moduleId>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:groupId>axis2gro= up</dep:groupId>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:artifactId>axis2= </dep:artifactId>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:version>1.0</= dep:version>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:type>war</dep= :type>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0</dep:moduleId>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:hidden-classes>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:filter>org.apach= e.commons</dep:filter>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:filter>org.jdom&= lt;/dep:filter>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:filter>org.apach= e.axis2</dep:filter>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<dep:filter>org.apach= e.axiom</dep:filter>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0</dep:hidden-classes>
=A0 =A0 =A0 =A0</dep:environment>
=A0 =A0 =A0 =A0<context-root>/MyProxyService</context-root> </web-app>
Now I must connect to an existing webservice that requires client
certificate authentication for meeting my client's requirements.How cou= ld I
do?I have configured keystore exactly. Thanks!
--
View this message in context: http://old.nabble.com/How-could-I-access-webservice-by-certificate--= tp27320444s134p27320444.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.




--
Ivan
--002354470674873e6a047e1cc809--