`

Axis 运行时动态选择 证书(select a certifiate at runtime)

阅读更多

 

 

  • [下載 | 檢視] (2007-07-10 13:48:54, 12.3 KB) [[attachment:axistools-src.jar]]
  • [下載 | 檢視] (2007-07-10 13:48:09, 16.4 KB) [[attachment:axistools.jar]]

The following describes a setup for dynamically choosing the client certificate used for SSL Authentication from an Axis Client.

This method has been tested using Axis 1.4 and Java 1.5 under Tomcat 5.5.20 and WebSphere 6.1.

 

The Motivation

Generally, a client will use one client certificate to identify itself to services it is accessing. Depending on the application, the client certificate will belong to the user of the application, or will be part of the installation of the application client itself.

Sometimes this model is insufficient:

  • Perhaps more than one service needs to be accessed by the client, and the client is not free to choose the certificates used for access. In this case the client will need to work with the (multiple) certificates provided.
  • In some cases the client will be acting "on behalf" of more than one user, and will want to employ the different user's different certificates to authenticate against backend systems.

Whatever the reason, sometimes the "one client, one certificate" model is not applicable. In this case, the client has to work, dynamically at run-time, with more than one certificate at a time.

 

The Problem

In its current implementation, the SSL Transport for Axis has several shortcomings:

  • The base SecureSocketFactory (JSSE!SocketFactory) cannot be configured dynamically. It is configured using environment variables, which is not suitable if it is desired to change the client certificate at run-time.

  • The SunJSSE!SocketFactory is more configurable, accepting a keyfile parameter from the Axis configuration at run-time. This is the one to use, however, by itself it does not do all that we need, so we have provided an extension of this class (see below)...

  • Even the SunJSSE!SocketFactory does not accept all the configurations we need (eg: truststore config)

  • Even were the SocketFactory fully configurable to our desires, dynamic configuration at runtime would not be possible. This is beacause Axis caches the instantiated SocketFactories, meaning settings are applied only once.

  • The cacheing of SocketFactories occurs in a component called SocketFactoryFactory, the cache remembers one entry per protocol. So, the moment you make the first call over https, a SocketFactory is created for the protocol https using the currently configured parameters. After this no new SocketFactories are created for https, even if the parameters (eg keystore name) change.

So, it seems we are in a bind if we want to enable dynamic runtime selection of the client certificate.

 

The Solution

The solution depends on a few modified classes for Apache Axis. In particular the solution consists of:

  • A modified SocketFactoryFactory, which implements a cacheing scheme in which the keystore name is considered

  • An extension to SunJSSE!SocketFactory which allows more configuration from Axis

  • An Axis EngineConfiguration class, SSL!ClientAxisConfig, which holds the SSL paramters, and sets everything up

Together, use of these components allows the desired dynamic configuration.

 

Usage / Configuration

To set up dynamic certificates for your axis client, proceed as follows:

  1. Replace the SocketFactoryFactory class with your new version. This can be done in one of three ways (method 1 is safest):

    1. Find the original class file within axis.jar (it lives in org/apache/axis/components/net) and delete it, replace it with the modified class file
    2. Place the modified class file in a new JAR, and make sure this JAR loads before axis.jar (eg call it _axis.jar)
    3. For webapps, place the modified class file within your WEB-INF/classes folder. It seems tomcat loads these before axis.jar
  2. Add the remaining classes to your application
  3. Use the SSL!ClientAxisConfig class to initialize your Axis client before making a call (see example below)

  4. When you want to use a different certificate, create a new SSL!ClientAxisConfig, with updated paramters, and use it to create a new Axis client. This client will use the new certificate.

Example usage of the SSL!ClientAxisConfig:

切換行號
   1 // create config
   2 boolean logging = false; // no logging
   3 SSLClientAxisEngineConfig axisConfig = new SSLClientAxisEngineConfig();
   4 axisConfig.setKeystore("/path/to/clientkey.p12");
   5 axisConfig.setKeystoreType("PKCS12");
   6 axisConfig.setKeystorePassword("changeit");
   7 axisConfig.setTruststore("/path/to/truststore.jks");
   8 axisConfig.setTruststoreType("JKS");
   9 axisConfig.setTruststorePassword("changeit");
  10 if (logging)
  11     axisConfig.setDebugBaseDir("/path/to/logs");
  12 axisConfig.initialize(logging);
  13 // initialize service
  14 URL soapURL = new URL("https://myserver.com/myapp/services/mywebserviceport");
  15 MyWebServiceServiceLocator locator = new MyServiceLocator(axisConfig);
  16 MyWebServicePort port = locator.getMyWebServicePort(soapURL);
  17 MyWebServiceBindingStub stub = (MyWebServiceBindingStub) port;
  18 // make a call to the webservice (assume no params for this operation)
  19 MyResultType result = stub.myoperation1();

Note: In the example above it is assumed that you have created the client stubs for the web service "MyWebService" using the Axis WSD!L2Java tool.

Note: For an explanation of the logging features, please see FrontPage/Axis/Logging/Logging_with_SSL and FrontPage/Axis/Logging/In_Memory_Logging

Should you have questions about the code, please feel free to contact me (the Author) at: runger --AT-- aon.at

分享到:
评论

相关推荐

    Axis2在独立安装模式下,运行独立服务器

    标题中的“Axis2在独立安装模式下,运行独立服务器”指的是使用Apache Axis2框架构建一个不依赖于其他应用服务器(如Tomcat)的独立Web服务环境。Apache Axis2是Java平台上的一个开源Web服务引擎,它允许开发者创建、...

    Axis动态调用webService

    Axis 动态调用 Web 服务 Axis 动态调用 Web 服务是指通过 Axis 框架来调用远程的 Web 服务。Axis 是一个流行的 Java 基于 SOAP 的 Web 服务框架,它提供了一个灵活的方式来调用 Web 服务。下面将逐步讲解 Axis 动态...

    Axis实践之Axis入门

    注意,启动日志中的`AprLifecycleListener`信息表示Apache Portable Runtime (APR)库未找到,虽然不影响Axis的运行,但在生产环境中使用APR可以提高性能。如果你需要,可以安装Tomcat的APR支持。 至此,Axis已经...

    Axis_API和axis2_API

    Axis的核心特性包括WSDL(Web服务描述语言)到Java代码的生成、动态代理客户端以及对WS-I基本Profile的支持,这些都是实现互操作性的重要组成部分。 然而,随着Web服务技术的发展,Axis逐渐显现出一些局限性,例如...

    axis1.0例子,可以运行。

    在学习和使用这个示例时,开发者需要理解SOAP消息的结构,熟悉XML和WSDL,掌握Axis的配置和部署,以及如何在Java中生成和使用客户端存根。此外,对于可能出现的问题,例如网络通信异常、XML解析错误等,也需要有一定...

    axis1.4和axis2相关jar文件

    4. **配置文件**:如axis2.xml,这是Axis2的全局配置文件,定义了服务的默认行为和运行时参数。 5. **工具和脚本**:可能包括用于生成服务或客户端代码的工具,如wsdl2java等。 了解并熟练使用Axis1.4和Axis2的相关...

    axis 1.4 .zip 运行包

    这个运行包是Axis 1.4版本的压缩文件,包含了运行和开发基于SOAP(简单对象访问协议)的Web服务所需的所有组件。在Web服务的世界里,Axis允许开发者将Java类暴露为Web服务,同时也能够消费由其他系统提供的Web服务。...

    axis2客户端所需要的所有jar包

    在开发基于Web服务的应用时,Axis2是一个非常重要的工具,它是Apache SOAP项目的后续产品,用于构建和部署Web服务。本文将详细阐述Axis2客户端所需的所有jar包及其在调用服务端、测试接口过程中的作用。 首先,让...

    axis 1.x与axis2.x开发

    开发Web服务时,开发者需要注意版本兼容性和选择合适的版本。如果项目需要高性能和模块化设计,那么Axis2.x可能是更好的选择。然而,如果项目对兼容性有较高要求,或者对性能提升的需求不是特别强烈,Axis1.x也能...

    Axis1,Axis2,Xfire,CXF区别

    Axis2 的 Web administrion 模块可以让我们动态的配置 Axis2。 CXF 是一种基于 XFire 和 Celtix 项目的结合产品,它提供了更加灵活的 Binding 机制和更好的性能。CXF 支持 WS-Addressing、WS-Policy、WS-RM、WS-...

    axis和axis2的一些发布差异(WSDL2Java) 收藏

    通过对Axis与Axis2在使用WSDL2Java工具时的不同之处的详细探讨,我们可以看到,虽然两种工具都实现了相似的功能,但Axis2在很多方面都进行了优化和改进,尤其是在命令行参数、部署描述文件生成以及数据绑定等方面。...

    axis2-idea-plugin-1.7.9.zip_axis2_axis2-idea-plugin_idea导入axis2_

    标题中的"axis2-idea-plugin-1.7.9.zip_axis2_axis2-idea-plugin_idea导入axis2_"提到了几个关键元素,分别是"axis2"、"idea-plugin"和"idea导入axis2",这暗示了这个压缩包是用于在IntelliJ IDEA这款集成开发环境...

    Axis2运行环境1

    1. axis2-1.1.1.rar中包含工程中所需的axis2的类包。 2. axis2.war是打包好的web应用。用于放在Tomcat中,当运行Tomcat后会自动解压。 3. Axis2_Service_Archiver.zip 和 Axis2_Code_Generator.zip是Axis2插件。 ...

    Axis2运行环境2

    1. axis2-1.1.1.rar中包含工程中所需的axis2的类包。 2. axis2.war是打包好的web应用。用于放在Tomcat中,当运行Tomcat后会自动解压。 3. Axis2_Service_Archiver.zip 和 Axis2_Code_Generator.zip是Axis2插件。 ...

    eclipse java axis2

    3. **模块化架构**:Axis2采用了模块化设计,允许开发者根据需要选择和组合不同的功能模块,实现轻量级或企业级的应用。 4. **高级功能**:包括MTOM(Message Transmission Optimization Mechanism)和SWA(Soap ...

    axis2-1.5.1-bin.zip axis2-1.5.1-war.zip axis2部署使用

    4. `lib`目录:包含Axis2运行时所需的库文件。 5. `repository`目录:存储服务、模块和依赖库的默认位置。 `axis2-1.5.1-war.zip`是Axis2作为Web应用的WAR(Web Archive)文件形式,适用于直接部署到支持Servlet...

    axis2-1.5.6完整版

    - **axis2-1.5.6-bin.zip**:这是 Axis2 的二进制发行版,包含了 Axis2 运行时环境的全部文件,包括库、配置文件和命令行工具,用于快速搭建和运行 Axis2 服务。 - **axis2-1.5.6-war.zip**:这是一个 Web 应用程序...

    axis2生成客户端服务端代码

    ### Axis2生成客户端与服务端代码详解 #### 一、Axis2简介 Axis2是Apache组织下的一个开源项目,它是一种高性能、轻量级的Web服务框架,支持SOAP和REST等协议,能够帮助开发者轻松地构建和部署Web服务。Axis2提供了...

    axis1.4完整包下载

    在描述中提到,“包含Axis1.4的所有完整包”,这意味着下载包中包含了运行和开发SOAP Web服务所需的所有组件。通常,这样的完整包可能包括以下部分: 1. **Axis1.4 JAR文件**:这是核心库,包含了处理SOAP消息、...

    axis2-1.6.1

    1. `axis2-1.6.1-bin.zip`:这是二进制发行版,包含了编译好的 Axis2 运行时库和必要的执行文件。用户可以下载这个版本快速开始使用,无需进行编译。其中可能包括了轴心模块(Axis2 Modules)、服务部署工具、示例...

Global site tag (gtag.js) - Google Analytics