How to configure the user authentication service in Tomcat for C # client invocation

Today is a good mood, to know that we do not spend so long working days griping at everything together. Now I put in the previous days in the project, encountered a small problem to make a good summary. Because our project is a Java-written server to publish WebService, the client to use C # to invoke WebService (I have been doing a period of time before the C # client, but also summed up an MVP framework Angelframe, published in: http:// www.cnblogs.com/wgp13x/p/99c2adc52d8f0dff30a038841ac32872.html), of course, C # calls Java published WebService can take advantage of a number of third-party projects, such as AXIS2, We use this, there are many introductions on the Internet. However, our project requirements, to use the certificate, the client needs to install the certificate to normal use of webservice, this online very few, the following is my success after the summary of the configuration, to share with you.

Absrtact: I looked for a long time also did not find a complete speaking on the Internet Tomcat 7, AXIC2 Publishing with user-certified WebService, C # clients call this service configuration steps, generally speaking Java client calls. This article is a summary of the completion of this process, step-by-step teaching you how to use the certificate, in the server to publish a user-certified service, in C # client Use this service.

Key words: tomcat,axic2,webservcie,java,c#, service, user authentication, certificate

Prerequisite: A webservcie with no user authentication has been published on Tomcat using Axic2, and the C # client can call it correctly.

Requirements: Use a certificate to configure the service with a user-authenticated, and the C # client can use it correctly.

Description: The following is a detailed procedure for configuring user authentication under Tomcat.

Step One:

First of all, you have to have the certificate, the certificate generation method on the Internet, I'll say it again.

We use the Keytool tool with the JDK to generate the certificate. The command line goes to the bin directory under the JDK and runs the Keytool command. The various parameters inside, build path, valid time, alias, "What is your name and last name?" "," What is the name of your state or province? "," Password "and so can be filled in as needed, here skip ha.

Keytool-genkey-v-alias tomcat-keyalg rsa-keystore D:\tomcat.keystore-validity 36500

Keytool-genkey-v-alias mykey-keyalg rsa-storetype pkcs12-keystore D:\lpClient.p12-validity 36500

Keytool-export-alias mykey-keystore D:\lpClient.p12-storetype pkcs12-storepass password-rfc-file D:\lpClient.cer

Keytool-import-v-file D:\lpClient.cer-keystore D:\tomcat.keystore

Keytool-list-keystore D:\tomcat.keystore

Keytool-keystore D:\lpServer.keystore-export-alias Tomcat-file D:\lpServer.cer

This generates the three files we need: Tomcat.keystore, LPCLINET.P12, Lpserver.cer.

Step Two:

Add the following code snippet to the Tomcat Conf\server.xml file.

<connector port= "8443" protocol= "http/1.1" sslenabled= "true"
               maxthreads= "*" scheme= "https" secure= "true"
               clientauth= "false" sslprotocol= "TLS"
               keystorefile= "d:\\tomcat.keystore" keystorepass= "Password
               " Truststorefile= "D:\\tomcat.keystore" truststorepass= "password"  />

Note: clientauth= "false", the client is not authenticated first so that the C # client can add the service reference normally, otherwise the C # Client cannot add a service reference.

In the D:\ directory to place the Tomcat.keystore, the password according to the actual situation and match.

Step Three:

Add the following code snippet to the end of the Tomcat Conf\web.xml file to use the HTTPS protocol by default, so that all HTTP requests are automatically converted to HTTPS requests. This step can also be skipped if your project does not force the use of HTTPS protocol.

<login-config> 
        <auth-method>CLIENT-CERT</auth-method> 
        <realm-name>client CERT Users-only area</realm-name>
</login-config>
<security-constraint>
        < web-resource-collection> 
            <web-resource-name>SSL</web-resource-name> 
            <url-pattern> /*</url-pattern>
        </web-resource-collection>
            <user-data-constraint>
                < transport-guarantee>confidential</transport-guarantee>
            </user-data-constraint>
</ Security-constraint>

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Programming/csharp/