Hi Chris -
> Can you post the relevant parts of your code?
I used WSDL2Java to create stubs for the Web Service I am connecting to.
Here is my code that wraps around the generated stubs:
try
{
writer = new BufferedWriter(new FileWriter(outFile));
loc = new SDXWSLocator(xmlns, serviceProvider, soapAddress, username,
password);
soap = loc.getSDXWSSoap();
MISO</RC><BeginDate>2007-10-15</BeginDate><EndDate>2007-10-16</EndDate><Time
Inc>Daily</TimeInc></GetLoad>");
ioBuff =
soap.sendData("<GetRCCurrentOutages><RC>MISO</RC></GetRCCurrentOutages>");
MISO</RC><OutageDate>2007-10-15</OutageDate><ShowBranches>1</ShowBranches></
GetSystemState>");
//Log.log("ioBuff="+ioBuff);
if(StringTools.isStringNull(ioBuff) == false)
writer.write(ioBuff);
writer.close();
}
catch(IOException ioe)
...
The only method in the stubs that I modified was sendData() to include the
username/password in the soap header. Here is that code:
public java.lang.String sendData(java.lang.String szXMLRequest) throws
java.rmi.RemoteException
{
if (super.cachedEndpoint == null)
{
throw new org.apache.axis.NoEndPointException();
}
org.apache.axis.client.Call _call = createCall();
_call.setOperation(_operations[1]);
_call.setUseSOAPAction(true);
_call.setSOAPActionURI("SDX:SendData");
_call.setEncodingStyle(null);
_call.setProperty(org.apache.axis.client.Call.SEND_TYPE_ATTR,
Boolean.FALSE);
_call.setProperty(org.apache.axis.AxisEngine.PROP_DOMULTIREFS,
Boolean.FALSE);
_call.setSOAPVersion(org.apache.axis.soap.SOAPConstants.SOAP12_CONSTANTS);
_call.setOperationName(new
javax.xml.namespace.QName("http://ws.sdx.net";, "SendData"));
/*
* Add the authentication information to the Header.
*
* Added manually by FLB.
*/
SOAPHeaderElement header = new SOAPHeaderElement(sXmlns,
"AuthenticationXML");
SOAPElement node;
try
{
node = header.addChildElement("User");
node.addTextNode(sUser);
node = header.addChildElement("Password");
node.addTextNode(sPassword);
}
catch (SOAPException ex)
{
ex.printStackTrace();
}
_call.addHeader(header);
setRequestHeaders(_call);
setAttachments(_call);
try
{
log("szXMLRequest.size="+szXMLRequest.length()+" "+szXMLRequest);
java.lang.Object _resp = _call.invoke(new java.lang.Object[]
{szXMLRequest});
if (_resp instanceof java.rmi.RemoteException)
{
throw (java.rmi.RemoteException)_resp;
}
else
{
extractAttachments(_call);
try
{
return (java.lang.String) _resp;
}
catch (java.lang.Exception _exception)
{
return (java.lang.String)
org.apache.axis.utils.JavaUtils.convert(_resp, java.lang.String.class);
}
}
}
catch (org.apache.axis.AxisFault axisFaultException)
{
throw axisFaultException;
}
}
> Your code may have to become a lot more complicated in order
> to make a connecting using a client certificate while running
> within Tomcat.
I hope not ... it seems like I'm so close.
> Or, you may have to override the keystore on
> Tomcat's command-line so that these system properties are set
> /before/ Tomcat tried to load anything itself.
I added the following to the Tomcat startup command:
-Djavax.net.ssl.trustStore="C:/certs/datahub.keystore"
-Djavax.net.ssl.trustStorePassword="wintwins"
-Djavax.net.ssl.keyStore="C:/certs/SDXWebservice.pfx"
-Djavax.net.ssl.keyStorePassword="137246?82"
-Djavax.net.ssl.keyStoreType="PKCS12"
with no difference in the way things are running. I think my truststore
file is being used because if I don't define the truststore, the
communication process traps out much sooner.
I hope this helps you help me!
- Frank.
> -----Original Message-----
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Monday, June 22, 2009 3:03 PM
> To: Tomcat Users List
> Subject: Re: Trouble calling a secure Web Service requiring
> client certificate
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Frank,
>
> On 6/22/2009 3:53 PM, frank.bowar wrote:
> > I've got a TOMCAT application that pulls data from a Web
> Service and
> > just recently the Web Service was hardened to require
> client certificates.
> >
> > I debugged all my certificate issues and got my Java class
> that talks
> > to the Web Service working just fine as a stand-alone app.
> However,
> > I'm having trouble getting it to work within Tomcat. My
> certificate
> > is not being sent to the Web Service.
>
> Can you post the relevant parts of your code?
>
> > This is how I initialize my keystore and truststore:
> >
> > System.setProperty("javax.net.ssl.trustStore",
> > "c:\\certs\\datahub.keystore");
> >
> System.setProperty("javax.net.ssl.trustStorePassword","turstpass");
> > System.setProperty("javax.net.ssl.keyStore",
> > "c:\\certs\\SDXWebservice.pfx");
> > System.setProperty("javax.net.ssl.keyStorePassword","keypass");
> > System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
>
> Depending on what else your code does, you may have to set
> these values on a KeyStore object and load it yourself. It's
> possible that Tomcat has already loaded the system-wide
> keystore from somewhere else by the time the above code runs,
> and thus does not affect anything.
>
> Your code may have to become a lot more complicated in order
> to make a connecting using a client certificate while running
> within Tomcat. Or, you may have to override the keystore on
> Tomcat's command-line so that these system properties are set
> /before/ Tomcat tried to load anything itself.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAko/44UACgkQ9CaO5/Lv0PANYQCeM9FdzgCvPBZyIOZWzK2+fn/h
> w9oAn3NPslY7Bl9gnUHUSclR6s9B+MxX
> =poak
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
