In this article you have
- already a Web Service deployed in OC4J that is running on the default HTTP port. The WSDL and Endpoint are available. In my sample
the non secure Web Service endpoint is:
Add HTTPS to OC4J
Creating of the Keystore
The first thing to do to secure OC4J would be to create a new keystore that will contain the different certificates. The easiest way to do that for a Java developer is to use SUN’s keytool:
You can copy the
server.keystore into the
$ORACLE_HOME/j2ee/home/config to simplify the next steps.
OC4J stand alone is using the notion of Web-Site to expose HTTP resources (Web Applications). The default-web-site is define is he
$ORACLE_HOME/j2ee/home/config/default-web-site.xml. To secure an OC4J you can follow the steps describe in the OC4J Security guide that I have summarized in the following section.
What we want to achieve for the purpose of the demonstration is to have OC4J using HTTP and HTTPS, on port 8888 and 4443 for example.
- Edit the secure-web-site.xml:
- Change the
web-sitetag by changing the port to
4443and adding the element
- Add the
ssl-configelement and point this to the new created keystore.
- Change the
The file looks like:
1 2 3 4 5 6 7 8 9 10 11
- Import the new Web site in your OC4J instance by editing the
$ORACLE_HOME/j2ee/home/server.xmlfile. You need to add or replace the web-site tag. In my case I want to add the secure web site to my instance so the configuration looks like:
1 2 3 4
Since we have copied the file from the default-web-site, all applications are available using HTTP and HTTPS
Start OC4J and test the HTTPS port
Start OC4J using the standard Java command or shell script, I am adding the Java Network debug flag that would help you to see what is happening at the SSL level.
You should be able to access the service WSDL using the HTTPS port for example in my case:
Consuming the Service using HTTPS
Generate and configure a client Keystore
Event if this is possible to use the same keystore for the server and the client, I will guide you in the steps to create a client certificate and import the certificate from the existing -server- one.
Here the command to create a new keystore:
The next step is to export the certificate from the server keystore to be able to import it in the client:
You can now import the cerificate in the client keystore:
Generate the proxy
You have now the client certificate so you can use the Oracle Web Service Assembler to generate the proxy. The only specific thing you have to do is to specify which key store to use when running the tool. The command to use when generating the proxy is:
1 2 3 4 5 6 7
Calling the Service using secure endpoint
Configure the Java Environment to use the client store is made using the following System properties:
This could be done using different approach, property file, -D command line parameter or programmatically. To simply the example I am using the programmatic approach, the following code is part of the main method of the Client class:
1 2 3 4 5 6 7 8 9
It is possible to change the Endpoint dynamically in the Proxy using the
1 2 3 4 5 6 7
You should now be able to run the client and call the service using HTTPS. This would look like: