|
I am trying to teach myself about web services. I have successfully built a working service, client, and .jsp-driven UI. I did this with Eclipse, Axis2, Tomcat 7, and Java 7. The basic flow is that the user visits the .jsp and submits a form with input data. The JSP forwards the "request" object to the Java client. The Java client consumes the web service and submits the user input. The service connects to a SQL Server database via JDBC to retrieve information, which is displayed back to the user. This all works perfectly over HTTP, but now I want to secure the process, and this is where I'm running into problems. I'm able to create a cert and get Tomcat to use it. I can connect to the web UI via HTTPS and submit the form and get data back just fine. The problem is that this is only securing the front-end. The web service client code is still connecting to the service via HTTP in the background. According to this page, all I really need to do to enable my service for connections via SSL is to update the axis2.xml file and include a new "transportReceiver" node for HTTPS. I did that and regenerated my client code to use the secure endpoint. It doesn't work. I have configured Tomcat to listen on ports 8081 for http and 8443 for https. But after changing axis2.xml to match, and starting up Tomcat, I get the following: quote:[INFO] Listening on port 8443 I have tried changing the port number in axis2.xml (for example, to 8445), and that sort of works. The server is able to start cleanly, but eventually, the same errors start showing up. For example, when I retrieve the WSDL, I see the error. If I try to actually use the service when on port 8445, I get the following error: quote:org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? I can only assume this is because Tomcat is configured to handle HTTPS on 8443, not 8445, but I honestly don't know. If I leave the port as 8443 and ignore the errors at startup, I get the following message when I connect to the service: quote:org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I followed these steps to try to get it to recognize my certificate, but when importing it into my JRE7 keystore, I get the following: quote:keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical Basically, that cert is already there. Which makes sense, because it's the one that Tomcat is already using successfully. So, I'm pretty clueless at this point. I'm really not sure what I'm supposed to be doing. Any general guidance, or a link to a step-by-step how-to would be really helpful. But for a specific question... What, exactly, am I doing when I set the transportReceiver nodes in axis2.xml? Am I telling it what ports Tomcat is running on and that it should use, or does Axis2 have its own servers that will start on those ports? It seems to be the latter, but that doesn't make a whole lot of sense to me. Mobius fucked around with this message at 20:54 on Nov 5, 2011 |
# ¿ Nov 5, 2011 20:51 |
|
|
# ¿ Apr 26, 2024 07:02 |
|
RitualConfuser posted:I believe you're correct that it seems like that latter is what's happening but you want the former since you're deploying in Tomcat (instead of running standalone). In the axis2.xml config, is the class attribute of the transportReceiver set to AxisServletListener like in that article you linked to? Ahh, good call, that was it! Both my HTTP and HTTPS entries were set to use SimpleHTTPServer instead of AxisServletListener. I updated both to use AxisServletListener, and that got rid of the "Address already in use" errors. On a side note, it looks like the only reason raw HTTP ever worked for me is because axis was configured to listen for it on 8080. So I think it was starting up its own process for it all along. Now, both are listening through the container, like I expected. BUT I'm now consistently getting the "unable to find valid certification path to requested target" error. But this is progress, nonetheless.
|
# ¿ Nov 5, 2011 22:55 |
|
RitualConfuser posted:First step would be to turn on SSL debug on the client side to see what's really going on. It would also be easy to just create a new keystore using keytool, import your cert into it, and explicitly set javax.net.ssl.trustStore to the path of that keystore. Thanks for the tip on SSL Debug, I'll definitely get some use out of that in the future. As for the certificate problem, it was me misunderstanding the distinction between a keystore and a truststore. Explicitly setting the truststore in the code worked, but then it clicked for me that the JVM defaults to a different file for its trust store -- one other than my keystore. So, I imported my certificate into JAVA_HOME\lib\security\cacerts instead of USER_HOME\.keystore, and now it works transparently, without having to explicitly set the truststore in code. This is actually what the instructions I linked to were doing, but I didn't follow them to the letter because I didn't realize the keystore and truststore were separate. Thanks for the help! Mobius fucked around with this message at 17:27 on Nov 6, 2011 |
# ¿ Nov 6, 2011 17:25 |
|
Tots posted:Is do-while ever useful? Its purpose is to have a block of code that is always executed at least once, then repeated if necessary. So, it's useful in those situations. It's also usually (always?) possible to do the same thing with a while or for loop. It's just a style preference.
|
# ¿ Mar 3, 2012 00:29 |
|
I'd like to use a simple web framework on a personal project that I may make open-source in the future. I know Struts from work, but that's really overkill for this. I'm thinking about WEB4J. Has anyone here used it? Or have other recommendations, instead? I'm looking for something that will both get the job done and give me a chance to learn something practical.
|
# ¿ Apr 22, 2012 15:40 |