Announcement Announcement Module
Collapse
No announcement yet.
2-way SSL on Weblogic 10 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2-way SSL on Weblogic 10

    Hope someone can help with this. I am working on a WL Portal application were we will be calling to web services that use 2-way SSL. These service calls are also made from within the EJB container.

    We are using Spring-ws for our client code and have it working successfully from JUnit. But when we stand it up inside WL, we get bad certificate alerts. A little research shows we are failing to pass the cert from the client to the server.

    More research found CR286793 :

    Provide a mechanism for API for Web Service clients to set keystore per service for two-way SSL implementation.
    To implement SSL with certificate for each connection, use the API as follows:

    WlsSSLAdapter adapter = new WlsSSLAdapter();
    adapter.setKeystore("./DemoIdentity.jks",
    "DemoIdentityKeyStorePassPhrase".toCharArray() , "JKS" );
    adapter.setClientCert("DemoIdentity","DemoIdentity PassPhrase".toCharArray());
    adapter.setTrustManager( new TrustManager(){
    public boolean certificateCallback(X509Certificate[] chain, int
    validateErr){
    return true;
    }
    }); weblogic.wsee.connection.transport.https.HttpsTran sportInfo info = new
    weblogic.wsee.connection.transport.https.HttpsTran sportInfo(adapter);
    SimpleImplService service = new SimpleImplService_Impl(args[0] +
    "?WSDL",info);
    Simple port = service.getSimpleSoapPort();
    Stub stub = (Stub)port;
    stub._setProperty('weblogic.wsee.client.ssladapter ', adapter);







    They are essentially saying we have to attach the WlsSSLAdapter to the stub. How do we access that through the Spring-ws APIs?

    An alternative might be to use the filtering classloader to load App-inf/lib classes instead of Weblogic classes, but without know the exact packages involved that won't work either.

    thanks!
    jerry..

  • #2
    FYI - I have a trouble ticket in with BEA/Oracle to look into this further.

    For now I have set the messageSender to CommonsHttpMessageSender and packaged the commons-httpclient libraries in my EAR. It works, but I wish I didn't have to package an HTTP client in an application container.

    Comment


    • #3
      Setting the CommonsHttpMessageSender

      Jerry,
      I am trying to send a text/xml encoded message to a web service from within a message driven bean. Apparently weblogic is setting the encoding to url/application context. I am interested in knowing exaclty how you set the CommonsHttpMessageSender in weblogic? was it a system property or did you do it somehow in your ear configuration?

      Thanks,

      Mike

      Comment


      • #4
        Basically, we just defined a bean for the sender and added it to the senders property of the WebServiceGatewaySupport base bean.

        <bean id="messageSender"
        class="org.springframework.ws.transport.http.Commo nsHttpMessageSender">
        <property name="maxConnectionsPerHost">
        <props>
        <prop key="*">${service.tcp.maxConnection.host}</prop>
        </props>
        </property>
        <property name="maxTotalConnections" value="${service.tcp.maxConnection.total}"/>
        </bean>

        ---to the bean extending WebServiceGatewaySupport
        <property name="messageSenders">
        <list>
        <ref bean="messageSender" />
        </list>
        </property>

        Comment

        Working...
        X