- [下載 | 檢視] (2007-07-10 13:48:54, 12.3 KB) [[attachment:axistools-src.jar]]
- [下載 | 檢視] (2007-07-10 13:48:09, 16.4 KB) [[attachment:axistools.jar]]
The following describes a setup for dynamically choosing the client certificate used for SSL Authentication from an Axis Client.
This method has been tested using Axis 1.4 and Java 1.5 under Tomcat 5.5.20 and WebSphere 6.1.
The Motivation
Generally, a client will use one client certificate to identify itself to services it is accessing. Depending on the application, the client certificate will belong to the user of the application, or will be part of the installation of the application client itself.
Sometimes this model is insufficient:
- Perhaps more than one service needs to be accessed by the client, and the client is not free to choose the certificates used for access. In this case the client will need to work with the (multiple) certificates provided.
- In some cases the client will be acting "on behalf" of more than one user, and will want to employ the different user's different certificates to authenticate against backend systems.
Whatever the reason, sometimes the "one client, one certificate" model is not applicable. In this case, the client has to work, dynamically at run-time, with more than one certificate at a time.
The Problem
In its current implementation, the SSL Transport for Axis has several shortcomings:
-
The base SecureSocketFactory (JSSE!SocketFactory) cannot be configured dynamically. It is configured using environment variables, which is not suitable if it is desired to change the client certificate at run-time.
-
The SunJSSE!SocketFactory is more configurable, accepting a keyfile parameter from the Axis configuration at run-time. This is the one to use, however, by itself it does not do all that we need, so we have provided an extension of this class (see below)...
-
Even the SunJSSE!SocketFactory does not accept all the configurations we need (eg: truststore config)
-
Even were the SocketFactory fully configurable to our desires, dynamic configuration at runtime would not be possible. This is beacause Axis caches the instantiated SocketFactories, meaning settings are applied only once.
-
The cacheing of SocketFactories occurs in a component called SocketFactoryFactory, the cache remembers one entry per protocol. So, the moment you make the first call over https, a SocketFactory is created for the protocol https using the currently configured parameters. After this no new SocketFactories are created for https, even if the parameters (eg keystore name) change.
So, it seems we are in a bind if we want to enable dynamic runtime selection of the client certificate.
The Solution
The solution depends on a few modified classes for Apache Axis. In particular the solution consists of:
-
A modified SocketFactoryFactory, which implements a cacheing scheme in which the keystore name is considered
-
An extension to SunJSSE!SocketFactory which allows more configuration from Axis
-
An Axis EngineConfiguration class, SSL!ClientAxisConfig, which holds the SSL paramters, and sets everything up
Together, use of these components allows the desired dynamic configuration.
Usage / Configuration
To set up dynamic certificates for your axis client, proceed as follows:
-
Replace the SocketFactoryFactory class with your new version. This can be done in one of three ways (method 1 is safest):
- Find the original class file within axis.jar (it lives in org/apache/axis/components/net) and delete it, replace it with the modified class file
- Place the modified class file in a new JAR, and make sure this JAR loads before axis.jar (eg call it _axis.jar)
- For webapps, place the modified class file within your WEB-INF/classes folder. It seems tomcat loads these before axis.jar
- Add the remaining classes to your application
-
Use the SSL!ClientAxisConfig class to initialize your Axis client before making a call (see example below)
-
When you want to use a different certificate, create a new SSL!ClientAxisConfig, with updated paramters, and use it to create a new Axis client. This client will use the new certificate.
Example usage of the SSL!ClientAxisConfig:
切換行號
1
2 boolean logging = false;
3 SSLClientAxisEngineConfig axisConfig = new SSLClientAxisEngineConfig();
4 axisConfig.setKeystore("/path/to/clientkey.p12");
5 axisConfig.setKeystoreType("PKCS12");
6 axisConfig.setKeystorePassword("changeit");
7 axisConfig.setTruststore("/path/to/truststore.jks");
8 axisConfig.setTruststoreType("JKS");
9 axisConfig.setTruststorePassword("changeit");
10 if (logging)
11 axisConfig.setDebugBaseDir("/path/to/logs");
12 axisConfig.initialize(logging);
13
14 URL soapURL = new URL("https://myserver.com/myapp/services/mywebserviceport");
15 MyWebServiceServiceLocator locator = new MyServiceLocator(axisConfig);
16 MyWebServicePort port = locator.getMyWebServicePort(soapURL);
17 MyWebServiceBindingStub stub = (MyWebServiceBindingStub) port;
18
19 MyResultType result = stub.myoperation1();
Note: In the example above it is assumed that you have created the client stubs for the web service "MyWebService" using the Axis WSD!L2Java tool.
Note: For an explanation of the logging features, please see FrontPage/Axis/Logging/Logging_with_SSL and FrontPage/Axis/Logging/In_Memory_Logging
Should you have questions about the code, please feel free to contact me (the Author) at: runger --AT-- aon.at
分享到:
相关推荐
Axis动态调用webService,所需JAR包,java代码都有,按照文档说明配就可以了
axis1.0例子,可以运行。axis1.0例子,可以运行。
o If you have a bug report for Apache Axis2/C please go log a Jira issue at http://issues.apache.org/jira/browse/AXIS2C o If you want to participate in actively developing Apache Axis2/C please ...
axis 1.4 .zip 运行包
1. axis2-1.1.1.rar中包含工程中所需的axis2的类包。 2. axis2.war是打包好的web应用。用于放在Tomcat中,当运行Tomcat后会自动解压。 3. Axis2_Service_Archiver.zip 和 Axis2_Code_Generator.zip是Axis2插件。 ...
1. axis2-1.1.1.rar中包含工程中所需的axis2的类包。 2. axis2.war是打包好的web应用。用于放在Tomcat中,当运行Tomcat后会自动解压。 3. Axis2_Service_Archiver.zip 和 Axis2_Code_Generator.zip是Axis2插件。 ...
Axis2在独立安装模式下,运行独立服务器
仅作为对接SAP CRM,俗称C4C的webservice所写的基于AXIS2 java 动态调用demo!其他SAP系统对接也可参考此代码~!axis2版本为1.7.7
axis1.4和axis2相关jar文件,axis1.4和axis2相关jar文件
Axis(Apache eXtensible Interaction System)是一款开源的WebService运行引擎,它是SOAP协议的一个实现,其本身来源于Apache的另一个项目Apache SOAP。 Axis分为1.x系列和Axis 2系列,两个系列体系结构和使用上有...
The Apache Axis2/C is a SOAP engine implementation that can be used to provide and consume Web Services. Axis2/C is an effort to implement Axis2 architecture, in C. Please have a look at ...
axis 1.x与axis2.x开发 以及jar
使用axis2生成客户端,调用服务端,测试服务端的接口所需要的最少的jar包。
axis复杂类型axis复杂类型axis复杂类型axis复杂类型
axis的包axis的包axis的包axis的包
axis2例子 webservice axis2 示例axis2例子 webservice axis2 示例axis2例子 webservice axis2 示例axis2例子 webservice axis2 示例axis2例子 webservice axis2 示例
axis发布webservice教程axis发布webservice教程axis发布webservice教程axis发布webservice教程
webService—Axis实例webService—Axis实例webService—Axis实例webService—Axis实例webService—Axis实例webService—Axis实例webService—Axis实例
axis教程 axis教程 axis教程 axis教程 axis教程
axis2 webservice 服务端jar包: -->axis2-kernel-1.6.1.jar -->axis2-spring-1.6.1.jar -->axis2-transport-http-1.6.1.jar -->XmlSchema-1.4.7.jar -->wsdl4j-1.6.2.jar -->axiom-api-1.2.12.jar -->axiom...