The following is a two-way certificate authentication to access the Web services built by TOMCAT7 and Axis2, mainly in three sections to explain: building a Web service based on HTTPS, writing a client that supports HTTPS, and a certificate-authenticated Web service. Let's look at the details below.
Build a Web service based on HTTPS
Modify TOMCAT7 Configuration
Open the <tomcat_home>\conf\server.xml file and find the fragment shown in Figure 3:
Figure 3. TOMCAT7 HTTPS port configuration before modification
Remove this section of the annotation so that HTTPS port 8443 takes effect (if you cannot find it, you can add it yourself) and add the parameters Keystorefile and Keystorepass, as shown in Figure 4.
Figure 4. Modified TOMCAT7 HTTPS port configuration
This assumes that the protection password for the previously generated server.keystore file is "server".
where clientauth= "false" indicates that the server side does not need to check the client certificate.
After the modification, restart the TOMCAT7 service, and then open the Web browser, access to https://127.0.0.1:8443 to try, if prompted "untrusted links" such as security alerts, you can click to accept trust, and continue to visit, you can see the display has Apache The TOMCAT flag page is up.
This is not over yet because we are not yet able to access the Web services provided by Axis2.
Modify AXIS2 Configuration
Open the <tomcat_home>\webapps\axis2\web-inf\conf\axis2.xml file and you should find the configuration fragment shown in Figure 5:
Figure 5. AXIS2 Configuration before modification
We add an overview of the section HTTPS below this configuration, as shown in Figure 6:
Figure 6. Modified AXIS2 Configuration
Verifying configuration
The above tomcat7 and AXIS2 configuration files are modified and saved, restart the TOMCAT7 service, and then access the address: https://127.0.0.1:8443/axis2/services/SimpleService?wsdl, If you can display the contents of the XML structure, the publication is successful.
Similarly, you can access the service through other computers in the local area network, if you cannot access it, you need to see whether the IP address and port number are correct, whether the firewall is properly configured or closed, and so on.
In the following article we will write this HTTPS based Web service URL as <service_https>.