users@glassfish.java.net

Two way client auth via Glassfish and JAX-WS

From: <glassfish_at_javadesktop.org>
Date: Mon, 14 Jun 2010 00:43:06 PDT

I'm working on a gateway to a vendor that requires client authentication to their system. They required that we setup a certificate in a very specific manner that has left me with a P12 file with a key and cert, as well as a CA cert.

They also provided a WSDL file which I have imported via NetBeans into my project JAX-WS style. However, NetBeans gives me no option to set the WebService Client up as a Secure Service, which would allow me to point it at the p12 file and keystore for the CA cert. In doing the Calculator example I was able to set these things due to policies in the WSDL which aren't present in the WSDL provided by the vendor. I added the CA Cert and the Key / Cert to my Glassfish keystore in the hopes that somehow it would figure out which key / cert to use to encrypt messages to this service, but it will just timeout due to no auth.

Using HttpsURLConnection and SSLContext I have been able to create a java application that can connect to their service by using the p12 file directly and passing string payloads with SOAP XML; however, that seems to be about as far as I can go. The SOAP XML generated is through marshaling directly rather than using an API, and the payloads are very large and complicated. This is pretty much the last straw if I can't get any API to work with client auth.

-

Further complicating matters is I need to implement an inbound listener for their webservice, which is also prescribed by the vendor. Normally this also isn't a problem, but they want two way client auth, so again I'm running into the same issues trying to implement my service to have the same behavior as their service. I have setup a special HTTP listener for this client that uses "Client Authentication" and the proper certificate in the glassfish console. However, without going into too much detail, this setup doesn't behave in the same manner as their listening service.


Long story short, I have been unable to find help for this specific situation. There's plenty of guides on using self signed certificates and home spun java webservices, but not much on this specific scenario. I'm almost suspicious I should be getting the netadmins to modify the firewall rather than bothering with setup on my side. Does anyone have any advice on where to go from here?
[Message sent by forum member 'dokujaryu']

http://forums.java.net/jive/thread.jspa?messageID=474171