On Feb 27, 2009, at 10:40 AM, Paul Sandoz wrote:
> Hi Odin,
>
> You have omitted the mapping of the servlet "CheroServer" to a URL.
> You need something like the following:
>
> <servlet-mapping>
> <servlet-name>CheroServer</servlet-name>
> <url-pattern>/jobs/*</url-pattern>
> </servlet-mapping>
>
Also i just verified that i could get things to work. But to do that i
did need to change some settings, via the GF admin console, for the
HTTP listener on port 8181:
- listening was enabled
- client authentication was enabled
- SSL3/SSL2 was enabled.
I have no idea if all of the above is required or not :-) i just
enabled everything!
Paul.
> Paul.
>
> On Feb 26, 2009, at 11:15 PM, odin wrote:
>
>> I have a web service using Jersey API on both server side and
>> client side, the service is running on glassfishv3+jdk1.5. My web
>> service worked well without https, now I want to secure the
>> communication between client and server.
>> I have tried the https example from http://blogs.sun.com/jluehe/entry/how_to_downshift_from_https
>> , and it worked. It was a simple REST web service.
>> I followed the examples in the forum but still can not get it
>> running. My web.xml configuration is like follows:
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web
>> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"><!--http://java.sun.com/dtd/web-app_2_3.dtd--
>> >
>> <web-app>
>> <display-name>Archetype Created Web Application</display-name>
>> <servlet>
>> <servlet-name>CheroServer</servlet-name>
>> <servlet-
>> class>com.sun.jersey.spi.container.servlet.ServletContainer</
>> servlet-class>
>> <init-param>
>> <param-
>> name>com.sun.jersey.config.property.resourceConfigClass</param-name>
>> <param-
>> value>com.sun.jersey.api.core.PackagesResourceConfig</param-value>
>> </init-param>
>> <init-param>
>> <param-name>com.sun.jersey.config.property.packages</
>> param-name>
>> <param-value>org.chero.server.resources</param-value>
>> </init-param>
>> <load-on-startup>1</load-on-startup>
>> </servlet>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Protected resource</web-resource-name>
>> <url-pattern>/jobs</url-pattern>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Protected resource2</web-resource-name>
>> <url-pattern>/jobs/*</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>DELETE</http-method>
>> <http-method>PUT</http-method>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>> </web-app>
>>
>> and to create the client:
>>
>> ClientConfig config = new DefaultClientConfig();
>> HostnameVerifier hv = new HostnameVerifier() {
>>
>> //_at_Override
>> public boolean verify(String hostname, SSLSession
>> session) {
>> System.out.println("Warning: URL Host: " + hostname +
>> " vs. " + session.getPeerHost());
>> return true;
>> }
>> };
>> HttpsURLConnection.setDefaultHostnameVerifier(hv);
>> try { // Create a trust manager that does not validate
>> certificate chains
>> TrustManager[] trustAllCerts = new TrustManager[]{new
>> X509TrustManager() {
>>
>> public void
>> checkClientTrusted(java.security.cert.X509Certificate[] certs,
>> String authType) {
>> }
>>
>> public void
>> checkServerTrusted(java.security.cert.X509Certificate[] certs,
>> String authType) {
>> }
>>
>> public java.security.cert.X509Certificate[]
>> getAcceptedIssuers() {
>> return null;
>> }
>> }
>> };
>>
>> // Install the all-trusting trust manager
>> SSLContext sc = SSLContext.getInstance("SSL");
>> sc.init(null, trustAllCerts, new
>> java.security.SecureRandom());
>>
>>
>> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>>
>> } catch (Exception ex) {
>> throw new RuntimeException(ex);
>> }
>>
>> final String BASE_URI = "https://localhost:8181/cheroServer";
>> Client c = Client.create(config);
>>
>> ......
>> ClientResponse response = service.path("/jobs").
>> type("multipart/
>> mixed").post(ClientResponse.class, multiPart);
>>
>> Now when I type :
>> http://localhost:8080/cheroServer/jobs in the web browser, it would
>> redirect to :
>> https://localhost:8181/cheroServer/jobs, but there is nothing but
>> an error on the page:
>> The requested resource () is not available.
>>
>> I would really appreciate if someone can give me help.
>>
>> Regards.
>> Odin.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>