Hi there, Like you can see in the title I want to create a web service which
I'm developing with NetBeans 7 and which should run on the integrated
GlassFish 3.1 server. The web service should then be called from an android
app over a SSL secured connection. In the android app I am using the SOAP
library ksoap2 [1] to get this done. After a while I was able to establish a
HTTPS connection whereas the client authenticates himself with a username and
a password. So I was just using the default "file" as the standard-realm on
my GlassFish server. In my android app I therefore had to add a security
header to the SOAP envelope I'm sending which contained the username and
password of the user which I created in the GlassFish Administration Tool.
Everything worked fine and I could reach the WSDL file of my web service with
my browser under the following address.
https://192.168.1.214:8181/STAwebservice_ssl/stawebservice?wsdl So my
Netbeans Web Application Project has the name STAwebservice_ssl and my web
service is the class stawebservice.java in the package
de.stapf.staws.stawebservice Now I want the client rather to use a
certificate than the username/password credentials to authenticate himself.
So I used the following documentations to set this up.
http://docs.oracle.com/cd/E19798-01/821-1841/gijrp/index.html [2]
http://m7mdali.blogspot.de/2010/03/client-certificate-authentication.html [3]
So I expected that when I try to reach the WSDL file with my web brower I
would get some warning from the server because I haven't imported my own
certificate in the browser yet. But instead I was just getting an Error 324
ERR_EMPTY_RESPONSE from the server. There are no exceptions thrown in the
GlassFish console. So I would be glad if someone could take a look at the
configuration steps I took if those where the right ones and if I just set a
wrong path and thats why I am getting nothing from the server or if am
missing something important here. *Configuration Steps* *1.* In the GlassFish
Administration Tool (config -> server-config -> security) I set the
standard-realm to certificate *2.* Under confi -> server-config -> security
-> realms -> certificate, I assigend it to the group User and added the
property Name=clientAuth Value=true *3.* I went to my Web Application Project
in Netbeans , right clicked on the web service (stawebservice) -> Edit Web
Service Attributes and in the Secure Service Section where I chose Transport
Security (SSL) -> Configure, I checked Require Client Certificate *4.* Now I
set all the attributes in the web.xml file of my web application project like
in the tutorial I posted. I guesst it's best if I just post the web.xml file
here . <?xml version="1.0" encoding="UTF-8"?> STAwebservice_ssl
de.stapf.staws.stawebservice.stawebservice User STAwebservice_ssl
/STAwebservice_ssl/stawebservice 30 index.jsp Constraint1 User /* User
CONFIDENTIAL CLIENT-CERT certificate User *5.* Now I thought the next step
would be the mapping of the created security role to a group. Since I had no
sun-web.xml file in my projekt I created a glassfish-web.xml in the WEB-INF
folder to set the mapping and I think its working because before I did that
the glassfish server gave me a warning that there is nothing assigned to the
role User. Anyway, this is how my glassfish-web.xml file looks like <?xml
version="1.0" encoding="UTF-8"?> User EmmanuelSP User STAwebservice_ssl
EmmanuelSP Keep a copy of the generated servlet class' java code. By the way,
what exactly is the tag for? I didnt't really get that. I thought the value
entered here is the Common Name (CN) the client certificate has to have. This
is why I entered EmmanuelSP because thats the CN of my selfsigned certificate
which I imported in cacerts.jks and which wanted to import in the browser to
test the connection. If its not like that, how does the server actually check
if the certificate the client presents is the right one? Does is just take a
look if the same certificate is available in the cacerts.jsk keystore? So
these are the configuration steps I took. Did I miss something? I got a
little bit confused with all the configuration stuff. Thanks to everyone who
read my post, maybe someone can give me a hint. Regards, Emmanuel
[1]
http://code.google.com/p/ksoap2-android/
[2]
http://docs.oracle.com/cd/E19798-01/821-1841/gijrp/index.html
[3]
http://m7mdali.blogspot.de/2010/03/client-certificate-authentication.html
--
[Message sent by forum member 'ESer']
View Post: http://forums.java.net/node/892201