Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do you use TLS/SSL Http Authentication with a CXF client to a web service?

Tags:

java

ssl

web-services

cxf

ws-security

I'm trying to access a web service secured by a certificate. The security is setup on IIS and the web service is behind it.

I don't think WS-SECURITY will do this type of authentication. Is there any way to pass the client certificate when you call the web service?

I'm just getting an IIS Error Page that says "The page requires a client certificate".

I'm using CXF 2.1.4

like image 282
ScArcher2 Avatar asked Feb 12 '09 22:02

ScArcher2

People also ask

How does SSL client authentication work?

If the SSL or TLS server requires client authentication, the server verifies the client's identity by verifying the client's digital certificate with the public key for the CA that issued the personal certificate to the client, in this case CA X .

What is CXF client?

CXF includes a Client interface which allows you to invoke operations and pass parameters for those operations. For instance: Client client = ....; Object[] result = client.

How do I enable SSL client?

Log into the SSL VPN web interface. Go to the Manage System > ACCESS CONTROL > Security Settings page. In the Client Certificates section, configure the client certificates settings. Click Save Changes.

How do I create a CXF client?

By setting up the pom. xml file, Maven can automatically generate the Java CXF client. Alternatively, you can directly use the WebClient APIs to develop a Java CXF client.

1 Answers

Yes, this is possible using CXF. You will need to set up the client conduit. You can specify the keystore that contains the certificates that will allow you to access the web service in IIS. As long as the certificate you are using here is a known allowed client in IIS, you should be ok.

<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">

   <http:tlsClientParameters>
       <sec:keyManagers keyPassword="password">
            <sec:keyStore type="JKS" password="password"
                 file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
       </sec:keyManagers>
       <sec:trustManagers>
           <sec:keyStore type="JKS" password="password"
                file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
       </sec:trustManagers>

       ...

   </http:tlsClientParameters>

Sample from: CXF Wiki

like image 54
Chris Dail Avatar answered Sep 27 '22 18:09

Chris Dail
Sign in to Comment

Related questions

How to find out the occurred exception during using a PrintStream in Java
Sonar - Store a copy - Mutable members should not be stored or returned directly
Any way to programmatically determine which Java language features are available on current platform?
Package not found (Multi-module spring project)
What Java DateTime class should I use?
Java JDK 11 Breaking Old Jars/Programs
Lombok-related errors on Visual Studio Code with the extension installed
Composite Key and spring-data-jdbc
How to exclude error prone from being run on unit tests?
Prevent Spring Boot application closing until all current requests are finished
BuildConfig is public, should be declared in a file named BuildConfig.java
Why do ZonedDateTime and Calendar disagree on the hour in year 2050? [duplicate]
Observing SharedPreferences Data
How to check if thread holds the monitor in IntelliJ?
How to use ViewModel in a fragment?
Java Generic Wildcard Constructor not accepting objects?
Neural Network returning NaN as output
How to create a standalone .exe in Java (that runs without an installer and a JRE)
Accessing a bean with a dot(.) in its ID
How to detect synchronization violations with Java

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!