Java Webservice using HTTPS part 2

Posted on 26. October 2011 by P.J.

This article shows how to implement a HTTPS web service connection where the server only allows trusted clients to connect. It extends and uses the information given in this article.

First, it is necessary to create a certificate for the client and to store it in the client’s keystone:

[shell] keytool -genkey -keystore client_keystore.ks -alias client
[/shell]

This certificate must be exported from the client’s keystore…
[shell] keytool -export -alias client -keystore client_keystore.ks -file client.cer
[/shell]

and imported into the server’s truststore:
[shell] keytool -import -alias client -file client.cer -keystore server_truststore.ks
[/shell]

The server must now be given the information about the truststore, and must request the client authentication:
[java] …
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.ws.Endpoint;
import com.sun.net.httpserver.HttpContext;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
import com.sun.net.httpserver.HttpsServer;
…

httpsServer = HttpsServer.create(new InetSocketAddress(interfaceName, port), 0);
SSLContext sslContext = SSLContext.getInstance("TLS");

// keystore
char[] keystorePassword = "keystore_password".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("server_keystore.ks"), keystorePassword);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keystorePassword);
// truststore
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
char[] truststorePassword = "truststore_password".toCharArray();
ks.load(new FileInputStream("server_truststore.ks"), truststorePassword);
tmf.init(ks);

sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

HttpsConfigurator configurator = new HttpsConfigurator(sslContext) {
/* (non-Javadoc)
* @see com.sun.net.httpserver.HttpsConfigurator#configure(com.sun.net.httpserver.HttpsParameters)
*/
@Override
public void configure(HttpsParameters params) {
SSLParameters sslParams = getSSLContext().getDefaultSSLParameters();
sslParams.setNeedClientAuth(true);
params.setSSLParameters(sslParams);
}
};
httpsServer.setHttpsConfigurator(configurator);

HttpContext httpContext = httpsServer.createContext("/path");
Endpoint endpoint = Endpoint.create(serviceImpl);
endpoint.publish(httpContext);
…
httpsServer.start()
[/java]

For the client, in addition to the truststore settings, now it is necessary to set the System properties for the keystore (either as shown from within the client or by passing the corresponding -D arguments to the Java VM):

[shell] System.getProperties().put("javax.net.ssl.trustStore", "client_truststore.ks");
System.getProperties().put("javax.net.ssl.trustStorePassword", "truststore_password");
System.getProperties().put("javax.net.ssl.keyStore", "client_keystore.ks");
System.getProperties().put("javax.net.ssl.keyStorePassword", "keystore_password");
[/shell]

Java Webservice using HTTPS part 1

Posted on 19. October 2011 by P.J.

This article describes how to offer a web service over a secure HTTPS connection. The basic information about the server setup can be found here. In this first step of securing the connection, the server will accept any client without verifying the client’s identity.

Continue reading →

Java Webservice multithreaded

Posted on 19. October 2011 by P.J.

To have a JAX-WS Webservice in Java 6 or higher with multiple threads, it is necessary to assign an corresponding Executor to the endpoint (the sample uses 5 threads). This extends the example from this article
Continue reading →

Java Webservice Basic

Posted on 19. October 2011 by P.J.

The following example shows ho to start a web service under Java6 or higher. This example does not show the implementation of the service itself, but the configuration of the web server. The implementation of the service is the object serviceImpl. There is explicitly created an object of the class com.sun.net.httpserver.HttpServer which is then configured.

There is no exception handling shown here.
Continue reading →

Growl 1.3 and Skype 2.8

Posted on 13. October 2011 by P.J.

If you are still using Skype 2.8 and switched to Growl 1.3, you need to update the Growl framework that Skype uses. Go to the Growl download page and get the Growl SDK (1.2.2 does work, at the moment there is no 1.3 version).

Open the downloaded dmg and change to the Frameworks folder. You need to copy the Growl.framework folder into your existing Skype installation (quit Skype if it’s running).

To do this, go to your Applications directory, ctrl-klick on Skype and chose „show package contents“. Then navigate into the Contents folder and replace the existing Growl.framework with the one from the Growl SDK.

Restart Skype and it should register with Growl.

[Update 12/01/2011] The Growl Version Detective, available from the Growl Download page, does this very trick for you and as well searches for other apps that use growl and might need an update.

Growl 1.3 and Mail.app

Posted on 13. October 2011 by P.J.

For Growl 1.3 (App Store) to work with Mail.app under 10.7.1, you need to install the actual GrowlMail 1.3

Update: GrowlMail1.3 does not work with Mail.app 5.1 (OS X 10.7.2), there’s a new version 1.3.1 that does work.

sothawo

software: ( design | development | knowledge )

Monthly Archives: October 2011

Java Webservice using HTTPS part 2

Java Webservice using HTTPS part 1

Java Webservice multithreaded

Java Webservice Basic

Growl 1.3 and Skype 2.8

Growl 1.3 and Mail.app