Søg
Avatar billede fredand Forsker
25. april 2005 - 14:31 Der er 1 kommentar og
1 løsning

How to use Tomcat and Axis with SSL?

Hello!

I'm looking at Tomcat Axis and SSL.

I using Axis 1.2RC3
I using Tomcat 5.5.9

I have found this reference but I can not get it right:
http://www.j2ee-security.net/book/dnlds/Chapter11-WebService_Security.pdf

I have one Web Service and one client.

My Web Service looks like:
import java.util.*;

public class SSLSoapWsdlServer
{
    public String getTime(String strangeString)
    {
        Calendar rightNow = Calendar.getInstance();
        return "Prime time is: " + rightNow.getTime().toString();
    }
}

My Client looks like:
import java.net.*;
import org.apache.axis.client.*;
import javax.xml.namespace.*;

public class SSLSoapWsdlClient
{
    public SSLSoapWsdlClient()
    {
        try
        {
            Service service = new Service();
            Call call = (Call)service.createCall();
            call.setTargetEndpointAddress(new URL("https://localhost:8080/axis/services/SSLSoapWsdlServer"));
            call.setOperationName(new QName("https://localhost:8080/axis/services/SSLSoapWsdlServer", "getTime"));
            String time = (String) call.invoke( new Object[] { "2isAnOddPrime" } );
            System.out.println("Response from server:" + time);

        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }

    public static void main(String[] args)
    {
        SSLSoapWsdlClient sslSoapWsdlClient = new SSLSoapWsdlClient();
    }
}

I have put a SSLSoapWsdlServer.jws in TOMCAT_HOME/webapp/axis and I can access it through http://localhost:8080/axis/SSLSoapWsdlServer.jws
(Perhaps that is not necessary?)

I have also created keystores like they say at the above reference like:

set SERVER_DN="CN=localhost, OU=X, O=Y, L=Z, S=XY, C=YZ"
set CLIENT_DN="CN=Client, OU=X, O=Y, L=Z, S=XY, C=YZ"
set KSDEFAULTS=-storepass changeit -storetype JCEKS
set KEYINFO=-keyalg RSA

keytool -genkey -dname %SERVER_DN% %KSDEFAULTS% -keystore server.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore server.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore client.ts -alias serverkey -noprompt
keytool -genkey -dname %CLIENT_DN% %KSDEFAULTS% -keystore client.ks\ %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore client.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore server.ts\ -alias clientkey -noprompt

I have also put the Connector-tag into server.xml like, (I have tried with both absolute path and relative path to the keystores):

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" protocol="TLS" clientAuth="true" keystoreFile="D:\Fredrik\soapssl\server.ks" keystoreType="JCEKS" truststoreFile="D:\Fredrik\soapssl\server.ts" truststoreType="JCEKS" keystorePass="changeit" />
</Connector>

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" protocol="TLS" clientAuth="true" keystoreFile="server.ks" keystoreType="JCEKS" truststoreFile="server.ts" truststoreType="JCEKS" keystorePass="changeit" />
</Connector>

I start the TomCat like, (I have tried with booth absolute path and relative path to the keystore):
//set TS_PROP=-Djavax.net.ssl.trustStore=server.ts
set TS_PROP=-Djavax.net.ssl.trustStore=D:\Fredrik\soapssl\server.ts
set TSTYPE_PROP=-Djavax.net.ssl.trustStoreType=JCEKS
set CATALINA_OPTS=%TS_PROP% %TSTYPE_PROP%

I also start the client like (standing in the class folder of the client with the clint truststore):
java -Djavax.net.ssl.keyStore=client.ks -Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=client.ts -Djavax.net.ssl.trustStoreType=JCEKS SSLSoapWsdlClient

I have deployed the server into axis like:
java org.apache.axis.client.AdminClient -lhttp://localhost:8080/axis/services/AdminService SSLSoap
WsdlServer.wsdd
log4j:WARN No appenders could be found for logger (org.apache.axis.i18n.ProjectR
esourceBundle).
log4j:WARN Please initialize the log4j system properly.
Processing file SSLSoapWsdlServer.wsdd
<Admin>Done processing</Admin>

With the WSDD file looking like:
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
            xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="SSLSoapWsdlServer" provider="java:RPC">
  <parameter name="className" value="SSLSoapWsdlServer"/>
  <parameter name="allowedMethods" value="getTime" />
</service>
</deployment>

When I run the client I get the follwing output:

D:\Fredrik\soapssl>java -Djavax.net.ssl.keyStore=client.ks -Djavax.net.ssl.keyStoreType=JCEKS -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=client.ts -Djavax.net.ssl.trustStoreType=JCEKS SSLSoapWsdlClient
log4j:WARN No appenders could be found for logger (org.apache.axis.i18n.ProjectR
esourceBundle).
log4j:WARN Please initialize the log4j system properly.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake
faultActor:
faultNode:
faultDetail:
        {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:181)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:397)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)

        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2754)
        at org.apache.axis.client.Call.invoke(Call.java:2737)
        at org.apache.axis.client.Call.invoke(Call.java:2413)
        at org.apache.axis.client.Call.invoke(Call.java:2336)
        at org.apache.axis.client.Call.invoke(Call.java:1793)
        at SSLSoapWsdlClient.&lt;init&gt;(SSLSoapWsdlClient.java:28)
        at SSLSoapWsdlClient.main(SSLSoapWsdlClient.java:51)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
        ... 18 more

        {http://xml.apache.org/axis/}hostname:FREANXP

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)

        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2754)
        at org.apache.axis.client.Call.invoke(Call.java:2737)
        at org.apache.axis.client.Call.invoke(Call.java:2413)
        at org.apache.axis.client.Call.invoke(Call.java:2336)
        at org.apache.axis.client.Call.invoke(Call.java:1793)
        at SSLSoapWsdlClient.<init>(SSLSoapWsdlClient.java:28)
        at SSLSoapWsdlClient.main(SSLSoapWsdlClient.java:51)Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:181)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:397)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)

        ... 11 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
        ... 18 more


I thought that my Tomcat would reply with the Tomcat startpage if I tried to access it like https://localhost:8443 but it doesn't, but its answers at http://localhost:8443!

This is a very long and complex question and I hop I have got all the info that you need to give me some guidance. Perhaps I'm missing something important?

Best regards
Fredrik
Avatar billede fredand Forsker
28. april 2005 - 13:34 #1
Hello!
I'm closing this topic since I have done some progress. I will create a new one!

Best regards
Fredrik
Avatar billede fredand Forsker
28. april 2005 - 13:35 #2
Ops!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Programmeringssprog kurser
Kurser inden for grundlæggende programmering
Se alle Programmeringssprog kurser

Flere spørgsmål fra Andet programmering kategorien

Titel Indlæg Oprettet Seneste aktivitet
Bat file. Af johnnylassen i Andet programmering 4 23/04/202616:10 24/04/202609:43
Hjælp til Api.asmx Af lurup i Andet programmering 1 17/03/202609:27 17/03/202614:12
burgermenu til hjemmeside - hjælp! Af SabrinaL i Andet programmering 2 12/11/202514:10 02/12/202520:42
Hjælp til programmering af website Af hamdenlange i Andet programmering 16 17/08/202522:26 19/08/202515:53
Kan man registrere hvis folk lukker en side ned Af KurtG i Andet programmering 8 24/07/202513:06 28/07/202517:03
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 18:29 Beregning af flextid - formler Af Slettet bruger i Excel
I går 10:05 Sætte flere billeder sammen til et billede - IPad seneste version Af nu_igen i Billedbehandling
24/0514:56 Udseende af datoer Af ErikHg i Excel
23/0509:37 hvilken AI synes I er bedst? Af jcr18 i Andre onlineløsninger
22/0518:51 Pausepil på youtube i chrome Af valby i Browsere
White papers
Flere white papers »