开发者

java WS client-server communication with certificates, what frameworks/apis should i use?

I have simple client-server communication thru WebServices. Now, I'm using javax.ws.* and Endpoint class (is it a default implementation?) to create server side and Netbeans to create client side.

I have a basic knowledge about certificates etc. I want clients to use (private?) certificate to sign (encrypt?) messages, so server knows (can identify) which particular client is calling.

So i have to generate private certificates for clients and public certificate for server? Which APIs/fram开发者_如何学Goeworks (buzzwords like JAAS, ws-security, xwss, tls) should i use ? Maybe just TLS could be enough for that ?

javax.ws.* - is it a reference implementation from Sun ?

I used SAAJ 1.3.4 and it works. Now i have a question, how can i identify client (clients have unique private keys) can i extract some private key hash from SOAP envelope (to identify client) ?


You can try using Bouncycastle library, it's ligth weight and quite complete.

http://www.bouncycastle.org/java.html


Usually the client asks the server to identify itself and not the other way around. There is an option for a 2 way identification, I'm guessing you need to configure it.

I'd suggest using Axis2 for generating the client/service stub and Rampart for handling the security.

Rampart is an axis2 module that handles most of the security hustle for you.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜