How to use webservices with SSL

Hello!

I have some problems with axis and SSL.

I have set up my Tomcat 5.5.9 for SSL like:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="D:\Fredrik\Kurser\DSV\int_4\assignments\assignments2\java_233\server.ks"
keystorePass="changeit"
keystoreType="JKS"
truststoreFile="D:\Fredrik\Kurser\DSV\int_4\assignments\assignments2\java_233\server.ts"
truststorePass="changeit"
truststoreType="JKS"
clientAuth="false" sslProtocol="TLS" />

I can access it like https://localhost:8443, to me that sound like the tomcat is OK.

I have put the WebService file into the axis webapps\axis like a jws

import java.util.*;
public class SSLSoapWsdlServer
{
    public String getPrime(String strangeString)
    {
        Calendar rightNow = Calendar.getInstance();
        return "Prime time is: " + rightNow.getTime().toString();
    }
}

It responds to a call from a webbrowser like https://localhost:8443/axis/SSLSoapWsdlServer.jws to me that sounds that the WebService is available. Correct me if I'm wrong!!

I have wrote a client that tries to connect to the SSLSoapWsdlServer looking like:

import java.net.*;
import org.apache.axis.client.*;
import javax.xml.namespace.*;
import javax.net.ssl.*;
import java.security.*;

public class SSLSoapWsdlClient
{
    public SSLSoapWsdlClient()
    {
        try
        {
            System.setProperty("javax.net.ssl.keyStore", "client.ks");
            System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
            System.setProperty("javax.net.ssl.keyStoreType", "JKS");
            System.setProperty("javax.net.ssl.trustStore", "client.ts");
            System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

            System.setProperty( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol" );
            Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() );

            String endPointAddress = "https://localhost:8443/axis/services/SSLSoapWsdlServer";
            Service service = new Service();
            Call call = ( Call )service.createCall();
            call.setTargetEndpointAddress( endPointAddress );
            call.setOperationName( new QName("SSLSoapWsdlServer", "getPrime") );
            String returned = ( String )call.invoke( new Object[] { "2isAnOddPrime" } );
            System.out.println( "Soap returned: " + returned );

        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }

    public static void main(String[] args)
    {
        SSLSoapWsdlClient sslSoapWsdlClient = new SSLSoapWsdlClient();
    }
}

I have created my keystores and truststores like below that seems alright to me:

set SERVER_DN="CN=Server, OU=Fredrik Andersson, O=x, L=y, S=sverige, C=se"
set CLIENT_DN="CN=Server, OU=Fredrik Andersson, O=x, L=y, S=sverige, C=se"
set KSDEFAULTS=-storepass changeit -storetype JKS
set KEYINFO=-keyalg RSA

keytool -genkey -dname %SERVER_DN% %KSDEFAULTS% -keystore server.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore server.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore client.ts -alias serverkey -noprompt
keytool -genkey -dname %CLIENT_DN% %KSDEFAULTS% -keystore client.ks\ %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore client.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore server.ts\ -alias clientkey -noprompt

The error I get when I try to execute the client looks like:

log4j:WARN No appenders could be found for logger (org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (401)Unauthorized
faultActor:
faultNode:
faultDetail:
        {}:return code:  401
&lt;html&gt;&lt;head&gt;&lt;title&gt;Apache Tomcat/5.5.9 - Error report&lt;/titl
e&gt;&lt;style&gt;&lt;!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;bac
kground-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;c
olor:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Aria
l,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-fa
mily:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family
:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:T
ahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : b
lack;}A.name {color : black;}HR {color : #525D76;}--&gt;&lt;/style&gt; &lt;/head
&gt;&lt;body&gt;&lt;h1&gt;HTTP Status 401 - &lt;/h1&gt;&lt;HR size=&quot;1&quot;
noshade=&quot;noshade&quot;&gt;&lt;p&gt;&lt;b&gt;type&lt;/b&gt; Status report&l
t;/p&gt;&lt;p&gt;&lt;b&gt;message&lt;/b&gt; &lt;u&gt;&lt;/u&gt;&lt;/p&gt;&lt;p&g
t;&lt;b&gt;description&lt;/b&gt; &lt;u&gt;This request requires HTTP authenticat
ion ().&lt;/u&gt;&lt;/p&gt;&lt;HR size=&quot;1&quot; noshade=&quot;noshade&quot;
&gt;&lt;h3&gt;Apache Tomcat/5.5.9&lt;/h3&gt;&lt;/body&gt;&lt;/html&gt;
        {http://xml.apache.org/axis/}HttpErrorCode:401

(401)Unauthorized
        at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:693)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:141)

        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2754)
        at org.apache.axis.client.Call.invoke(Call.java:2737)
        at org.apache.axis.client.Call.invoke(Call.java:2413)
        at org.apache.axis.client.Call.invoke(Call.java:2336)
        at org.apache.axis.client.Call.invoke(Call.java:1793)
        at SSLSoapWsdlClient.<init>(SSLSoapWsdlClient.java:27)
        at SSLSoapWsdlClient.main(SSLSoapWsdlClient.java:39)
Tryck på en valfri tangent för att fortsätta...


To me this looks like I need to add some sort of login? Because when I try to access https://localhost:8443/axis/services/SSLSoapWsdlServer trough a web browser I get an login popup. I guess this means that I need som user and password set in the Tomcat config some where or what do you think? You can see how the popup looks like at: http://www.dsv.su.se/~fr-ander/loginpopup.JPG

So if you got any ideas how to solve this please let me know.

Best regards
Fredrik