Home/ Questions/Q 8399375
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T21:17:17+00:00

I am trying to write my first SOA client, and am having difficulties with

  • 0

I am trying to write my first SOA client, and am having difficulties with the
“2-way SSL” part.

Our server runs under Weblogic, but my application is a simple Java Console app – it does not run in any container.

The server uses and requires certificates. We use trusted certificates from Godaddy.com, and we also have internal certificates.

Our sysadm gave me the server certificates, which I added to my JRE “cacerts” file using keytool. I was told that I should use Spring-WS as it would make my life easier, but I am having trouble getting it to work, as there are quite a few variations that Chap. 7 mentions, and I am not sure which one I should be using. He also created a .jks file for me personally to use for my authorization.

I would prefer to not use Spring at all, for this simple application (the SOA method is a simple “Add comment” method with no substantive return data.

I am working with MyEclipse 9.1 and am trying to use Maven4MyEclipse as well.

My question is:

Given that my authentication certs will be available via the JRE cacerts file (if I understand this correctly), the main thing I need to do is to be able to present my .jks file during the SSL handshake.

Can I do this without Spring? If so, is there a way I can simply set a System property with my .jks file so it gets handled automatically? Or do I really need to use Spring to handle the authorization part?

If the latter, how do I know which Spring security interceptor type to use? XwsSecurityInterceptor or Wss4jSecurityInterceptor?

Or another question just occurred to me. Can the .jks file also be added to the
cacerts file and have the authorization handled automatically?

Thanks,

Mitch

p.s. Believe it or not, there is apparently no existing Java client example in my organization to simply look at for a template.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For two way authentication, I have always used the followin when starting the client app: 

    java -Djavax.net.ssl.keyStore=myClientKeystore -Djavax.net.ssl.keyStorePassword=123456 -Djavax.net.ssl.trustStore=myTrustStore -Djavax.net.ssl.trustStorePassword=123456 -Djavax.net.debug=ssl

    That is, my clients private certificate is in the “myClientKeystore” and then the server public certificate is in the “myTrustStore”. The javax.net.debug=ssl will make your life easier, since it outputs some nice debug info if you can’t make the SSL session to work.

    That’s for the SSL part.
    Then I think you mix up SOA with Web Services and SOAP. SOA usually means service oriented architecture and is very high level. I think you are talking about a SOAP implementation.

    If the web service is more than trivial, yes, a framework will make your life easier. Apart from Spring-ws (which I like as well), you can google for CXF and Axis2 and you will find tons of example how to write a SOAP client. But sure, you can write the web service call rather raw, if you are able to create the SOAP envelope manually (use SoapUI to generate test envelopes is a good start..).

    Then, take a look at : this page, it has an example on how to make a SOAP call over HTTP without any framework at hand. Of course, since you are using SSL, you should reference a “https://” address instead.

    • 0