Tomcat + axis2 WebService Configure SSL one-way authentication

Source: Internet
Author: User

To enable the client to access WebService over https, You need to configure SSL for Tomcat and axis2. Configure the server and client respectively:

Server:

1. Generate a certificate on the server

Create the C:/CRT folder and execute the following command in the DOS window.

Cd c:/CRT </P> <p> keytool-genkey-keyalg RSA-dname "cn = Jim, ou = Sango, O = none, L = China, st = Beijing, c = us "-alias server-keypass aa1234-keystore server. jks-storepass aa1234-validity 3650 </P> <p>

Generate the certificate: Server. jks in the C:/CRT folder.

Keytool is a built-in JDK certificate management command.

2. Configure Tomcat SSL

Edit C:/Apache-Tomcat-6.0.29/CONF/server. xml and add the following code:

<Connector Port = "8443" protocol = "HTTP/1.1" sslenabled = "true" </P> <p> maxthreads = "150" Scheme = "HTTPS" secure = "true "</P> <p> clientauth =" false "sslprotocol =" TLS "</P> <p> keystorefile =" C: /CRT/server. jks "keystorepass =" aa1234 "/> </P> <p>

Keystorefile is the certificate location, and keystorepass is the password specified when the certificate is generated.

Verify Configuration: https: // localhost: 8443/

3. Configure the SSL of axis2

Edit C:/Apache-Tomcat-6.0.29/webapps/axis2/WEB-INF/Web. xml and add the following code:

<Transportreceiver name = "HTTPS" class = "org. apache. axis2.transport. HTTP. simplehttpserver "> </P> <p> <parameter name =" Port "locked =" false "> 8443 </parameter> </P> <p> </transportreceiver> </P> <p> <transportsender name = "HTTPS" </P> <p> class = "org. apache. axis2.transport. HTTP. commonshttptransportsender "> </P> <p> <parameter name =" protocol "locked =" false "> HTTP/1.1 </parameter> </P> <p> <parameter name = "transfer-encoding"> chunked </parameter> </P> <p> </transportsender> </P> <p>

Client. The client is not a browser, but a program that calls WebService.

1. Import the server certificate

Create the C:/CRT folder on the client, copy the Certificate Server. jks generated by the server to C:/CRT, and execute the following commands in the DOS window respectively.

Cd c:/CRT <br/> keytool-export-alias server-keystore server. jks-file server. CER <br/> Cd C: /program files/Java/jdk1.6.0 _ 20/JRE/lib/security/<br/> keytool-import-trustcacerts-alias server-keystore cacerts-file C:/CRT/server. cer-storepass changeit </P> <p>

In the previous command, C:/program files/Java/jdk1.6.0 _ 20/JRE/lib/security/cacerts must point to the corresponding JRE folder used at runtime.

2. Add the code in the program to specify the certificate location. Add the following before calling the client code in the getxxxstub method of the xxxxfactory class:System. setproperty ("javax.net. SSL. truststore "," C:/program files/Java/jdk1.6.0 _ 20/JRE/lib/security/cacerts "); </P> <p> system. setproperty ("javax.net. SSL. truststorepassword "," aa1234 "); <br/>

After this configuration, you can call the client through HTTPS. You can use HTTP to generate a client. The client generated by HTTP and HTTPS is the same.

Address: http://blog.csdn.net/honglei915/archive/2010/12/13/6073290.aspx

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.