Dynamic Passing SSL with Apache Axis
My Company is doing the Infrastructure change to replace Sarvega with Data Power to save the costs for server-to-server XML appliances. My application is no longer work after move to Data Power because it is more strictly and have to pass correct SSL (certificate file and id) and urls for getting the responses from Apache Axis Webservices. Here is the code that works on Sarvega and broke if using Data Power:
System.setProperty("javax.net.ssl.trustStore", certLocation);
System.setProperty("javax.net.ssl.trustStorePassword", certId);
System.setProperty("javax.net.ssl.keyStore", certLocation);
System.setProperty("javax.net.ssl.keyStorePassword", certId);
where certLocation is the location of the JKS file and certId is the JKS password. Everytime, we call a different url, we are setting those system properties and that works on Servega. When we change to Data Power, it throws bad certificate exception and we have found out that it was loading only the first one and cache them and never able to reload with other even though we did the setting every time.
So how to reload the SSL with Apache Axis? Luckily, I have found two sites:
1. http://wiki.apache.org/ws/FrontPage/Axis/DynamicSSLConfig
2. http://code.google.com/p/axis-ssl/
I am NOT able to get the code or jar lib from the first one. So I am using the second one and i am thinking that it is the same code base. It had the instruction for you to implement:
// create config
SSLClientAxisEngineConfig axisConfig = new SSLClientAxisEngineConfig();
axisConfig.setProtocol("TLS") //default SSL
axisConfig.setAlgorithm("SunX509") //default KeyManagerFactory.getDefaultAlgorithm()
//y TrustManagerFactory.getDefaultAlgorithm()
//define config keystore and truststore (optional)
axisConfig.setKeystore("certLocation");
axisConfig.setKeystoreType("JKS");
axisConfig.setKeystorePassword(certId");
axisConfig.setTruststore("certLocation");
axisConfig.setTruststoreType("JKS");
axisConfig.setTruststorePassword("certId");
axisConfig.initialize();
// initialize service
URL soapURL = new URL("https://myserver.com/myapp/services/mywebserviceport");
MyWebServiceServiceLocator locator = new MyServiceLocator(axisConfig);
MyWebServicePort port = locator.getMyWebServicePort(soapURL);
MyWebServiceBindingStub stub = (MyWebServiceBindingStub) port;
MyResultType result = stub.myoperation1(...);
That's it. We are able to pass the right SSL certificates to the specific URL. No more bad certificate exception throws. What's a happy day! Thanks to carlos.alonso.gonzalez who has it on code.google.com.
One of the thing that i don't like package, it had been packed with Axis-1.4, which you can download from this url: http://code.google.com/p/axis-ssl/downloads/list. I would rather have those classes in seperate jar (decoupling) and i believe this would work for all other Axis versions as well (not necessary Axis-1.4). Therefore, you can check out the source: svn checkout http://axis-ssl.googlecode.com/svn/trunk/ axis-ssl-read-only and using my maven pom.xml (attached) to build it separately.