Setting up Apache Tomcat and a simple Apache Soap4j client for SSL by jizhen1947

VIEWS: 21 PAGES: 7

									Setting up Apache Tomcat and a simple Apache
Soap4j client for SSL communication.
By Peter Glynn




Introduction ......................................................................................................................... 2
Tools needed for Installation .............................................................................................. 2
   Step 1 .............................................................................................................................. 2
Server and Client Certificate Generation ............................................................................ 2
   Step2 Server Key and Certificate generation .................................................................. 3
   Step3 Client Key and Certificate generation .................................................................. 3
   Step 4 Import your Certificate into the keystores ........................................................... 4
Setting up Tomcat for SSL Communication ....................................................................... 4
   Step5 Add to the Server.xml file..................................................................................... 4
Setting up Apache Soap4j Client for SSL Communication ................................................ 5
Problem encountered when try to implement a SSL SOAP Client and Tomcat server. ..... 6
Introduction
This document gives steps involved in setting up Apache Tomcat and a simple SOAP4j
client for SSL communication. The aim of this document is to allow a person with
minimum Java security to be able to set up SSL connection in a SOAP4j /Tomcat
Application.




Tools needed for Installation
Apache SOAP4J – download at xml.apache.org

JavaTM Secure Socket Extension (JSSE) 1.0.2 (jsse1.0.2) – download at
http://java.sun.com/products/jsse/


This document will assume that you have installed Apache SOAP4J and Apache Tomcat.


Step 1
Add JSSE to your classpath. This should hopefully add it to the classpath of your Tomcat
server. If not add it to the classpath of the Tomcat server or just copy the jsse jar file to
the lib directory of Tomcat C:\jakarta-tomcat-3.2.1\lib. This will automatically load on
startup of Tomcat.




Server and Client Certificate Generation
It is necessary to generate a Certificate for a Client and Server. These Certificates are
then imported into a keystore, which the client and server connect to. The keystore acts as
a database for security certificates. You are going to use the keytool utility in the JDK to
do these tasks.



Step2 Server Key and Certificate generation

From command prompt run this command to generate your public and private key.
Note: that the Certificate etc. will be generated in the directory you run keytool from.

keytool -genkey -alias tomcat-sv -dname "CN=Server,OU=ComputerEngineering,
O= Trinity College Dublin,L=Dublin, S=Dublin, C=IE" -keyalg RSA -keypass
changeit -storepass changeit -keystore server.keystore


From command prompt run this command to generate your Certificate.

-keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore


From command prompt run this command to import your certificate into the keystore.

keytool -export -alias tomcat-sv -storepass changeit -file server.cer -keystore
server.keystore



Step3 Client Key and Certificate generation

From command prompt run this command to generate your public and private key.

keytool -genkey -alias tomcat-cl -dname "CN=Client,OU=TRL, O=IBM,
L=Yamato-shi, S=Kanagawa-ken, C=JP" -keyalg RSA -keypass changeit -storepass
changeit -keystore client.keystore

From command prompt run this command to generate your Certificate
keytool -genkey -alias tomcat-sv -dname "CN=Server,OU=ComputerEngineering,
O= Trinity College Dublin,L=Dublin, S=Dublin, C=IE"



keytool -export -alias tomcat-cl -storepass changeit -file client.cer -keystore
client.keystore
Step 4 Import your Certificate into the keystores

keytool -import -v -trustcacerts -alias tomcat -file server.cer -keystore
client.keystore -keypass changeit -storepass changeit

keytool -import -v -trustcacerts -alias tomcat -file client.cer -keystore
server.keystore -keypass changeit -storepass changeit




Setting up Tomcat for SSL Communication

Step5 Add to the Server.xml file
You need to amend the server.xml located in the bin directory of Apache Tomcat. Add
this to the xml file.

<Connector className ="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value
="org.apache.tomcat.service.http.HttpConnectionHandler"/>
       <Parameter name="port" value="8443"/>
       <Parameter name="socketFactory"
          value="org.apache.tomcat.net.SSLSocketFactory" />
       <Parameter name="keystore" value="c: \apache\soap-
2_1\bin\server.keystore" />
       <Parameter name="keypass" value="changeit"/>
       <Parameter name="clientAuth" value="true"/>
     </Connector>


You may need to change the line in bold to the directory path of your server.keystore.
Setting up Apache Soap4j Client for SSL Communication

Step6 set the following properties before instantiating URL

You need to set up properties before you call the url in the SOAP client. Here is an
example SOAP client that calls a https service on a Tomcat server.


System.setProperty("javax.net.ssl.trustStore","C:\\jdk1.3\\bin\\client.keystore");
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
SSLSocketFactory sf1 =(SSLSocketFactory) SSLSocketFactory.getDefault();

        URL url = new URL( "https://localhost:8443/soap/servlet/rpcrouter");
        String urn = "urn:demo:checkflight";
        Properties prop = System.getProperties();

  Call call = new Call(); // prepare the service invocation
  call.setTargetObjectURI( urn );
  call.setMethodName( "getFlightInfo" );


Once again the bold directory path is the a pointer to the client keystore. This may have
to be changed depending on where you generated it.

Also note that the url is https and not http. Simple but it been known for people to leave
it out.
Problem encountered when try to implement a SSL
SOAP Client and Tomcat server.

Bad Certificate Error:
Redo Steps 2, 3 and 4.


java.lang.reflect.InvocationTargetException:
java.net.SocketException:
Connection aborted by peer: socket write error

This problem was corrected by admitting the
         <Parameter name="clientAuth" value="true"/>
in the server.xml code.

								
To top