I need to have my java applet use a soap based web service over ssl.
I know that you can have a servlet act as a go-between/proxy, but I want to have the applet use the web service directly over SSL.
The problem is supplying the certs to the web server hosting the web services.
I supplied these Java Applet Runtime Settings via the Java Control Panel:
-Djavax.net.ssl.keyStore=<local path to .p12>
-Djavax.net.ssl.keyStorePassword=<password>
I also imported the client cert (.p12) as a Client certificate via the Java Control Panel.
I was hoping to do:
KeyStore ks =
KeyStore.getInstance("JKS");
ks.load(new
FileInputStream(System.getProperty("javax.net.ssl.keyStore"),
System.getProperty("javax.net.ssl.keyStorePassword").toCharArray());
and use the KeyStore from there. But, no dice! It seems that I can't access those properties from within the applet. I don't want to hardcode the paths, either.
I'm using JRE 1.6.0_10
Is there any other way to have the applet use a web service without the servlet proxy approach? It's likely I'm going down the wrong path.
Also, I'd be interested in having this work when the web service is different from the one that's hosting the applet, if possible.
BTW: The servlet proxy approach that I want to move away from is spelled out here:
http://www.ibm.com/developerworks/xml/library/x-jappws/
Thanks!
To access the properties and to connect to a host other than the one the applet was served from you will need (a) a signed applet, and (b) permissions granting your applet the access it needs.
You may want to look into Java Web Start to deliver the application instead of using an applet.
EDIT: The permissions might be automatic once the applet is signed.
Related
I want to build a web service client in Java to be deployed as part of a web application in weblogic. The web service that I want to consume requires password digest for the authentication mechanism.
I see that soapUI automatically creates this password digest along with a nonce and a timestamp. On the other hand, I haven't been able to find a Java library that can help me achieve the same thing.
Do you know any library that I can use for this? or maybe an algorithm that I can reuse so that I don't have to reinvent the wheel and do it from scratch.
Note: I know that it is possible to configure an authentication provider in weblogic for this, but unfortunately I can't rely on the application server configuration in the environment that I am using now.
Thanks
I need to consume a secure webservice deployed in WSO2 AS from another web service develop in axis2 and deployed in apache tomcat.
I create a java project to test the secure webservice client and I work OK.
But when I move the client code inside the axis2 service I cannot access to some resources like in this cases:
System.setProperty("javax.net.ssl.trustStore", "keys\\store.jks");
in this case I have the keys folder in the root of the wb services
sc.engageModule("rampart");
and in this case I leave the code idem
Any idea about this?
Well getting a resource path from an archieve file whether it is a jar ,war or aar is a tedious problem. There are two options two choose from:
1- Since client application runs on a servers put jks file somewhere on the server path, its path retrieved dynamically via property. (Either system property, servers context etc.)
2- A customSSLFactory handling loading keystore from resources.
This SO thread mentions such solution, which i used it too to connect to server via SSL from a web service without touching system properties.
I've a tomcat instance with many webapps. Some of them require their own independent keystore to call an external Web Service over SSL. So far the only way I've found to use the provided keystore is using:
System.setProperty("javax.net.ssl.trustStore", "mykeystore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","mypwd");
But the problem with this way is that the scope of the system properties is per java process, (tomcat shares the same JVM for all the webapps) and this would affect all the other webapps. Right?
How can I use a specific keystore per every webapp in my tomcat instance and keep it limited to the specific Web Service call?
It might matter that I'm using Axis(1) WS clients.
I'm not very familiar with Axis, but there should be a way to configure a keystore or truststore in Axis, for the HTTP client it is using for your web service calls.
Configuring the keystore on Tomcat level is not the way to go, as you found out already.
we are using worker roles to host java apps that are essentially Tompact and App code within an azure package.
We want to be able to setup SSL without having to bake the certs into the app package in a similar way to the .Net side, where you can refer to certs in the certificate store.
How can this be achieved?
I have read this blog post http://blogs.msdn.com/b/avkashchauhan/archive/2010/11/07/adding-ssl-https-security-with-tomcat-java-solution-in-windows-azure.aspx which states we need to create a keystore.bin file from the cert and include it in the package.
The problem is, I dont want to bake the certs into the package for ease of management when rolling out code to multiple environments with different certs etc, and also from a management point of view around cert expiry etc.
Thanks
Amit
The key is how do you want to bring the certificate in the Azure VM to be configured and and used by Tomcat. Another key question is that Tomcat/Java does not use standard Windows CertStore for certificate instead it uses keystore (extended part of your Java runtime) so if you are not using key store configuration in Windows Azure Package then you would need to create on fly during Windows Azure VM configuration.
While others may have different idea, I can propose the following solution:
You need Tomcat Installation done at this point do either you can pack tomcat with Azure
Package or you would need to download and install Tomcat through Startup task
Drop the certificate files on Windows Azure Storage (or some other location on internet)
Create a start up task to download certs either from Windows Azure Storage or your download location
After the certificate is downloaded to local machine, run the same command in Azure VM within startup task to build the key store and be sure to create keystore where your tomcat is going to look it.
This way when the Tomcat starts it knows where to look for key store and configure the endpoint properly.
There is another way is to put together whole Tomcat setup along with keystore etc at Windows Azure Storage and download through Startup task and set it up in the Azure VM. I have described this process in my this blog along with sample source.
In both of above ways whenever you would want to change the Tomcat/certificate, just update the package at your download location and then re-image/Restart the Azure VM and you will have updated VM with new code and you really don't need tore-create Windows Azure Package.
I have to write a java program that hits a url
https://localhost:8443/ping.jsp
over ssl and returns the response whether the application is up or not. If I hit that url manually from my web browser it asks for security certificates and when I provide them it communicates with the application and displayes the response on the web page. I want to automate this process so that the java program takes care of providing the security certificates and everything. I could do it if it were not for ssl and security certificates but I am not sure how to automate this part (providing certificates).
I have truststore/keystore files but I am not sure how to use them in order to accomplish the task. Any ideas or any useful links that I should follow ?