JAX-WS: How to choose from multiple client certificates on the fly?
I have a webapp that is calling a web service supplied by a vendor. The vendor requires the use of client certificates for authentication, and I have successfully called their service using the PKCS#12 keystore they gave us with JAX-WS 2.2 using code like this:
System.setProperty("javax.net.ssl.keyStore", "myKeyStore.p12");<br />
System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");<br />
System.setProperty("javax.net.ssl.keyStorePassword", "password");The problem is, my webapp will be supporting multiple business units, and the vendor differentiates between our business units by issuing separate certificates for each. So I'm in a quandary: I have four PKCS#12 files, one per business unit, and my webapp will need to decide which one to use at runtime. Moreover, this webapp could be heavily used by many simultaneous users, and thus more than one of the certs may need to be used at the same time. Hence whatever the solution is, it will need to be thread safe.
I was able to combine all four certificates into a single JKS keystore using the JDK 1.6 "keytool -importkeystore" operation with each of my four PKCS#12 certs, so I now have all four in a single JKS keystore. The above code then becomes this:
System.setProperty("javax.net.ssl.keyStore", "myKeyStore.jks");<br />
System.setProperty("javax.net.ssl.keyStoreType", "jks");<br />
System.setProperty("javax.net.ssl.keyStorePassword", "password");So my challenge now is to programatically select between the four possible certs when calling the vendor's web service. How do I do that with JAX-WS RI 2.2?
Thanks,
Bill
Just to close the loop on this (and for the next person trying to figure out how to do it), I was able to [extend X509KeyManager as described in Alexandre Saudate's blog|http://alesaudate.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/] . I was then able to set the com.sun.xml.ws.developer.JAXWSProperties.SSL_SOCKET_FACTORY on my JAX-WS request context to use my custom SSLSocketFactory, and it works like a charm!
Thanks,
Bill
Similar Messages
-
How to select from multiple output tables in the SAP Data Source
Hi,
We're using the SAP Data Source to display SAP data in our portal from the Bapi: BAPI_INFORECORD_GETLIST. When defining the Bapi Meta Data we can select data from one of the two output tables (INFORECORD_GENERAL and INFORECORD_PURCHORG). But we want to select data from both tables (some columns we want to show are in INFORECORD_GENERAL and some are in INFORECORD_PURCHORG) .
How can we do this ?
With regards,
Ramon van der WeidenYou can query multiple TimesTen databases, but your original question was about joining tables from two databases, which is not supported.
Using Cache Connect to Oracle to query an Oracle database is not distributed. It's still one single Oracle database you are querying. You cannot join a table in the TimesTen database with a table in the Oracle database, this is not allowed.
If you are willing to share your business requiremens, we can take a look and see what solution might work for you. Would you like to discuss this offline?
Susan -
Accessing the same stateful session bean from multiple clients in a clustered environment
I am trying to access the same stateful session bean from multiple
clients. I also want this bean to have failover support so we want to
deploy it in a cluster. The following description is how we have tried
to solve this problem, but it does not seem to be working. Any
insight would be greatly appreciated!
I have set up a cluster of three servers. I deployed a stateful
session bean with in memory replication across the cluster. A client
obtains a reference to an instance of one of these beans to handle a
request. Subsequent requests will have to use the same bean and could
come from various clients. So after using the bean the first client
stores the handle to the bean (actually the replica aware stub) to be
used by other clients to be able to obtain the bean. When another
client retrieves the handle gets the replica aware stub and makes a
call to the bean the request seems to unpredictably go to any of the
three servers rather than the primary server hosting that bean. If the
call goes to the primary server everything seems to work fine the
session data is available and it gets backed up on the secondary
server. If it happens to go to the secondary server a bean that has
the correct session data services the request but gives the error
<Failed to update the secondary copy of a stateful session bean from
home:ejb20-statefulSession-TraderHome>. Then any subsequent requests
to the primary server will not reflect changes made on the secondary
and vice versa. If the request happens to go to the third server that
is not hosting an instance of that bean then the client receives an
error that the bean was not available. From my understanding I thought
the replica aware stub would know which server is the primary host for
that bean and send the request there.
Thanks in advance,
Justin
If 'allow-concurrent-call' does exactly what you need, then you don't have a problem,
do you?
Except of course if you switch ejb containers. Oh well.
Mike
"FBenvadi" <[email protected]> wrote:
>I've got the same problem.
>I understand from you that concurrent access to a stateful session bean
>is
>not allowed but there is a
>token is weblogic-ejb-jar.xml that is called 'allow-concurrent-call'
>that
>does exactly what I need.
>What you mean 'you'll get a surprise when you go to production' ?
>I need to understand becouse I can still change the design.
>Thanks Francesco
>[email protected]
>
>"Mike Reiche" <[email protected]> wrote in message
>news:[email protected]...
>>
>> Get the fix immediately from BEA and test it. It would be a shame to
>wait
>until
>> December only to get a fix - that doesn't work.
>>
>> As for stateful session bean use - just remember that concurrent access
>to
>a stateful
>> session bean is not allowed. Things will work fine until you go to
>production
>> and encounter some real load - then you will get a surprise.
>>
>> Mike
>>
>> [email protected] (Justin Meyer) wrote:
>> >I just heard back from WebLogic Tech Support and they have confirmed
>> >that this is a bug. Here is their reply:
>> >
>> >There is some problem in failover of stateful session beans when its
>> >run from a java client.However, it is fixed now.
>> >
>> >The fix will be in SP2 which will be out by december.
>> >
>> >
>> >Mike,
>> >Thanks for your reply. I do infact believe we are correctly using
>a
>> >stateful session bean however it may have been misleading from my
>> >description of the problem. We are not accessing the bean
>> >concurrently from 2 different clients. The second client will only
>> >come into play if the first client fails. In this case we want to
>be
>> >able to reacquire the handle to our stateful session bean and call
>it
>> >from the secondary client.
>> >
>> >
>> >Justin
>> >
>> >"Mike Reiche" <[email protected]> wrote in message
>news:<[email protected]>...
>> >> You should be using an entity bean, not a stateful session bean
>for
>> >this application.
>> >>
>> >> A stateful session bean is intended to be keep state (stateful)
>for
>> >the duration
>> >> of a client's session (session).
>> >>
>> >> It is not meant to be shared by different clients - in fact, if
>you
>> >attempt to
>> >> access the same stateful session bean concurrently - it will throw
>> >an exception.
>> >>
>> >> We did your little trick (storing/retrieving handle) with a stateful
>> >session bean
>> >> on WLS 5.1 - and it did work properly - not as you describe. Our
>sfsb's
>> >were not
>> >> replicated as yours are.
>> >>
>> >> Mike
>> >>
>> >> [email protected] (Justin Meyer) wrote:
>> >> >I am trying to access the same stateful session bean from multiple
>> >> >clients. I also want this bean to have failover support so we want
>> >to
>> >> >deploy it in a cluster. The following description is how we have
>tried
>> >> >to solve this problem, but it does not seem to be working. Any
>> >> >insight would be greatly appreciated!
>> >> >
>> >> >I have set up a cluster of three servers. I deployed a stateful
>> >> >session bean with in memory replication across the cluster. A client
>> >> >obtains a reference to an instance of one of these beans to handle
>> >a
>> >> >request. Subsequent requests will have to use the same bean and
>could
>> >> >come from various clients. So after using the bean the first client
>> >> >stores the handle to the bean (actually the replica aware stub)
>to
>> >be
>> >> >used by other clients to be able to obtain the bean. When another
>> >> >client retrieves the handle gets the replica aware stub and makes
>> >a
>> >> >call to the bean the request seems to unpredictably go to any of
>the
>> >> >three servers rather than the primary server hosting that bean.
>If
>> >the
>> >> >call goes to the primary server everything seems to work fine the
>> >> >session data is available and it gets backed up on the secondary
>> >> >server. If it happens to go to the secondary server a bean that
>has
>> >> >the correct session data services the request but gives the error
>> >> ><Failed to update the secondary copy of a stateful session bean
>from
>> >> >home:ejb20-statefulSession-TraderHome>. Then any subsequent requests
>> >> >to the primary server will not reflect changes made on the secondary
>> >> >and vice versa. If the request happens to go to the third server
>that
>> >> >is not hosting an instance of that bean then the client receives
>an
>> >> >error that the bean was not available. From my understanding I
>thought
>> >> >the replica aware stub would know which server is the primary host
>> >for
>> >> >that bean and send the request there.
>> >> >
>> >> >Thanks in advance,
>> >> >Justin
>>
>
>
-
Saving string from multiple clients on a server data structue
I have a server which receives updates from multiple clients ( in this example, football scores which are updated periodically by the clients.)
When the server receives the scores it needs to store them and at certain time intervals send the complete list of scores to multiple terminals at various locations.
I am approaching this task in stages...
stage 1.
..create the clients and server ...test the clients can send the data and the server can receive the data and output to screen..
this is completed
stage 2...
a/ on the server side store the received scores in a data structure (ArrayList<String> is what I'm thinking.)
b/ periodically output all scores to the screen (maybe every 30 seconds) and empty the ArrayList..am looking at the Timer class for this part..
stage 3
create the monitors and output scores to monitors periodically..
======================================================
right now I'm at stage 2a ie trying to store the received scores in a data structure.
i've created a method saveScore in the StoreScore class which is called by the StoreScore run method...
The saveScore method creates an ArrayList and adds the score to it...
Question
does every thread create a new instance of storedScores and therefore the scores are stored in a multitude of data structures?
I think the answer is yes and if so then this is not the solution...
What I'm thinking is , as all scores can be outputted to the server screen via System.out.println, is there not a way of saving all these scores in a single data structure?
The code below is the server code..
any advice much appreciated....thank you
/*=============================================================== */
import java.io.*;
import java.net.*;
import java.util.*;
import java.util.concurrent.*;
class ScoresServer1{
final static int portNum = 1234; // any number > 1024
final static int numThreads = 10;
static ExecutorService pool;
public static void main(String[] args){
pool = Executors.newFixedThreadPool(numThreads);
System.out.println("Server running ...");
try{
ServerSocket servesock = new ServerSocket(portNum);
// for service requests on port
while (true){
// wait for a service request on port portNum
Socket socket = servesock.accept();
// submit request to pool
pool.submit(new StoreScore(socket));
}catch(IOException e){}
class StoreScore implements Runnable {
BufferedReader reader;
Socket sock;
public StoreScore(Socket clientSOcket) {
try {
sock = clientSOcket;
InputStreamReader isReader = new InputStreamReader(sock.getInputStream());
reader = new BufferedReader(isReader);
} catch (Exception ex) { ex.printStackTrace(); }
public void run() {
String message;
try {
while ((message = reader.readLine()) != null) {
// System.out.println("latest score: " + message);
saveScore(message);
} catch (Exception ex) { ex.printStackTrace(); }
public void saveScore(String message){
ArrayList<String> storedScores = new ArrayList<String>();
storedScores.add(message);
Iterator<String> t = storedScores.iterator();
while(t.hasNext()){
String s = t.next();
System.out.println(s);
}does every thread create a new instance of storedScores and therefore the scores are stored in a multitude of data structures?
I think the answer is yes and if so then this is not the solution...The answer is yes. However, threads can share data, if they were properly synchronized. You should read the threading tutorial before creating a lot of hard to debug mistakes.
[http://java.sun.com/docs/books/tutorial/essential/concurrency/] -
Choosing from multiple itunes libraries with ATV from same computer.
Hello to Apple universe. this question pertains to seeing and choosing from multiple librairies that i created through itunes on my one imac music server.
i created a second library on an attached external drive as my internal is almost full. I was wondering if there is a way to configure either itunes or ATV or both so that when I use ATV i am able to choose from which library to play from. i would appreciate steps to take or if this is an old topic, perhaps a referral link to the correct answer. Running Itunes v.10.6.3 on Imac running v.10.5.8 and ATV running v.6.2 Thanks for your time. John.If you set up homesharing in iTunes on the Windows computer, using the same ID and password as used with your first library, then both libraries will show up under the computers heading on the Apple TV. When you navigate to the computers section you will be able to choose either library and hence any content from it.
-
How can I insert multiple page contents in the page layout properly?
I wanted to create 4 columns on the page layout. These 4 columns are of page contents.
After creating new web page based on that page layout, I attempted to enter 4 different inputs on all 4 columns.
Then, the result (from all columns) becomes the same.
Image - edit the web page based on 4 columns page layout:
Image - after edit & save:
How can I insert multiple page contents in the page layout properly?First, I copied the HTML snippet for the Page Content on Sharepoint's Design Manger. The code of Page Content HTML snippet is shown below:
<div data-name="Page Field: Page Content">
<!--CS: Start Page Field: Page Content Snippet-->
<!--SPM:<%@Register Tagprefix="PageFieldRichHtmlField"
Namespace="Microsoft.SharePoint.Publishing.WebControls"
Assembly="Microsoft.SharePoint.Publishing, Version=15.0.0.0,
Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>-->
<!--MS:<PageFieldRichHtmlField:RichHtmlField
FieldName="f55c4d88-1f2e-4ad9-aaa8-819af4ee7ee8" runat="server">-->
<!--PS: Start of READ-ONLY PREVIEW (do not modify)-->
<div id="ctl02_label" style="display:none">Page Content</div>
<div id="ctl02__ControlWrapper_RichHtmlField" class="ms-rtestate-field"
style="display:inline" aria-labelledby="ctl02_label"><div align="left"
class="ms-formfieldcontainer"><div class="ms-formfieldlabelcontainer"
nowrap="nowrap"><span class="ms-formfieldlabel"
nowrap="nowrap">Page Content</span></div>
<div class="ms-formfieldvaluecontainer"><div class="ms-rtestate-field">
Page Content field value. Lorem ipsum dolor sit incididuntet dolore.</div>
</div></div></div><!--PE: End of READ-ONLY PREVIEW-->
<!--ME:</PageFieldRichHtmlField:RichHtmlField>-->
<!--CE: End Page Field: Page Content Snippet-->
</div>
After I published the page layout, I found the code for Page Content from its ASPX page. The code is shown below:
<div data-name="Page Field: Page Content">
<PageFieldRichHtmlField:RichHtmlField FieldName="f55c4d88-1f2e-4ad9-aaa8-819af4ee7ee8" runat="server"/></div>
So, I attempted to create 4 columns by using 4 HTML snippets of Page Content on the same page layout. The page layout is generated from HTML file to ASPX file.
Then I edited some parts in ASPX page layout:
<asp:Content runat="server" ContentPlaceHolderID="PlaceHolderMain">
<table>
<tr>
<td style="width:70px;"> </td>
<td style="width:250px; text-align:right;">
<div data-name="Page Field: Page Content">
<PageFieldRichHtmlField:RichHtmlField FieldName="f55c4d88-1f2e-4ad9-aaa8-819af4ee7ee8" runat="server"/>
</div>
</td>
<td style="width:40px;"> </td>
<td style="width:200px;">
<div data-name="Page Field: Page Content">
<PageFieldRichHtmlField:RichHtmlField FieldName="f55c4d88-1f2e-4ad9-aaa8-819af4ee7ee8" runat="server"/>
</div>
</td>
<td style="width:25px;"> </td>
<td style="width:200px;">
<div data-name="Page Field: Page Content">
<PageFieldRichHtmlField:RichHtmlField FieldName="f55c4d88-1f2e-4ad9-aaa8-819af4ee7ee8" runat="server"/>
</div>
</td>
<td style="width:25px;"> </td>
<td style="width:200px;">
<div data-name="Page Field: Page Content">
<PageFieldRichHtmlField:RichHtmlField FieldName="f55c4d88-1f2e-4ad9-aaa8-819af4ee7ee8" runat="server"/>
</div>
</td>
<td style="width:175px;"> </td>
</tr>
</table>
</asp:Content>
The 4 columns for Page Contents appeared on the web page when I created new page using that page layout. But the problem is that all 4 columns displayed the same result from 4th column. -
How can i create multiple accounts but use the same itunes?
how can i create multiple accounts but use the same itunes?
Hi iCloud is Making Me Go Crazy,
You will need to create a new Apple ID for your GameCenter and iCloud services. You can continue to use the current Apple ID you share with your Mom for access to iTunes Store purchases if you wish.
Using your Apple ID for Apple services
http://support.apple.com/kb/HT4895
Frequently asked questions about Apple ID
http://support.apple.com/kb/HT5622
Cheers,
- Judy -
trying to download an app, I'm instructed to choose from my user folder, but the choose tap cannot be accessed, what do I do
help
-
When I attempt to access my IRA account on line, I get a message saying that the web site requires a client certificate. The certificates listed in the drop down dialog box don't get accepted, even though one is indicated as valid and good until October 2014. I contacted the IRA account managment company and they sais it's an Apple issue. Any ideas?
Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
Back up all data.
Double-click anywhere in the line below on this page to select it:
com.apple.idms.appleid.prd
Copy the selected text to the Clipboard by pressing the key combination command-C.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
Credit for this idea to Christian Braukmueller of SAP. -
There are no client certificates in the 'my' store
I am trying to make a Workgroup Client connect to Internet MP/DP Role server. Client installation commandline is below and it works fine.
D:\SCCM_Client>ccmsetup.exe /usePKICert /NoCRLCheck CCMHOSTNAME=inetxxxx.XXXX.com DNSSUFFIX=xxxxxx.com SMSSITECODE=B12 CCMALWAYSINF=1 SMSMP=https://inetxxxx.xxxxx.com
However I get the following error - "there are no client certificates in the 'my' store"
When I import the Client Certivicate (.cer) to Personal store, I get the following warning and client still does not connect to iNERNET MP/DP.
Certificate [Thumbprint ED7512EB87DD73558BB510E739DDCD986D355C50] issued to 'XXXXXEUC99.corp.XXXXX.com' doesn't have private key or caller doesn't have access to private key.
Any pointers please?You need to create a certificate for that machine including the private key (as also mentioned in the error). See for example this post (it's about ConfigMgr 2007, but the certificate part is still the same):
http://www.petervanderwoude.nl/post/how-to-install-a-configmgr-client-on-a-workgroup-computer-when-the-configmgr-site-is-in-native-mode/
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
How to get system temp dir. path on the fly ,system may be XP or Linux ??
How to get system temp dir. path on the fly ,system may be XP or Linux ??
please suggest solutionThe default temporary-file directory can be retrieved
using:
System.getProperty("java.io.tmpdir")
Thanks a lot for u r reply this one works !!!! -
How to select from multiple addresses of account in IC Web Client
Hi all,
We are implementing a B2C scenario for IC Web Client. We have customers with multiple addresses. However, when we search the acount, only standard address comes to screen. We want to be able select the related address, and then confirm the acount with that address.
Is there any way to customize the Web Client in order to be able to select from multiple addresses of the acount?
Thanks in advance.
Edited by: Danisman Danisman on Aug 31, 2010 2:52 PMThanks for the answer. Yes, we are using 7.0 but in the account identification screen, there is no personalize button ( I assume you are suggesting adding an addres block by using that button, right?).
We checked the necessary customizing : there is an entry for fucntional profile PERSONALIZATION : ALL_ENABLED.
Should we do something else to show the button?
Thanks again. -
Print Report - Choose from Multiple Formats Part II
Hello again!
I followed the instructions to create a report that gives the client the option to select an output format using a select list. ( http://www.oracle.com/technology/obe/apex/apex31nf/apex31rpt.htm#t2 ).
This works great, but I have a predefined template that I created using BI Publisher that I would like the PDF report format to use instead of the generic layout. All the other formats can use the generic layout option, but the PDF report needs to use the .rtf file. Is this possible, and if so, how?
Thank you!
THere is one possible idea, from bi publisher forum: Re: Automatically selecting a rtf template from multiple templates
Thank you,
Tony Miller
Webster, TX
"Understanding is a three edged sword. Your side, their side, and the truth" - Kosh Naranek -
How can I connect multiple clients to a single client ?
I am currently developing an instant messaging program.I created a server and connected multiple clients to it by using thread logic.However I do not know how to connect multiple client to a single client.
What shall I do for that?Does anybody know a good tutorial or sample program?Or shall anybody explain me what I shall do for building the Instant Messaging part of my chat program?
Thank u in advance.You may use UDP multicast socket. But since you are using the UDP protocol you might risk losing the data that you send since UDP does not guarantee the safe transfer of data.
Alternately, you might create a server that allows multiple client to connect to it whose connection Socket objects are then stored in a Vector <Socket> object. The server then sends back data to the connected client about the other clients connected to it. Now when the client wants to send data (like an IM) to another connected client, it has to send a request to the server specifying the client login name and the server in turn streams that particular client's Address and Port to the requesting client. The requesting client then initiates the connection with the other client and then starts a conversation. One more thing, when the client communicates it needs to send information to the server like the name by which it likes to be referenced. In this scenario the server acts like a central repository for clients to query the existence of other clients in the chat room. Each client here runs a thread that listens to incoming connections and when a connection is established, may be opens a IM window or something.
The third option is to make the server to relay the information from one client to another. Like say, I'm connected to whoopy server and i want to send "Hello" to jackson, then i send the message (ie, Hello) along with the name of the client to which i wish to send it to (ie, jackson). The server then performs a lookup in its Vector <Socket> object and then initiates a connection with jackson and sends the information. However, this method is pretty costly in that you will be wasting a lot of processing behind the server.
--Subhankar
P.s. If you stumble upon any other brilliant ideas let me know. -
Business content load data from multiple clients
Hi Experts,
we are implementing Business Content for FI-GL. On the system there is already the content enabled and the extraction from one client (let's say Client200). We now have to extract data from Client300. How can we do that?
Thanks in advance,
CostiYou should create another Source system on the other client and copy the transfer rules from the extractor mapping them on the other source system . After this you can create the infopackage and load data
hope it helps
Maybe you are looking for
-
When I try get my photos to open in PSE 13 to be edited they do nothing ! In the past I had them set to open in PSE 11 which is what I was using --- I've changed that to open in PSE 13 but it still doesn't work? Can you help me please?
-
Regarding internal table read.
Hi, i want to read internal table and compare the one variable existing with in from date and to date. the psudo code is like this READ TABLE L_TABEMPLOYEE INTO L_WAEMPLOYEE WITH KEY EMPLOYEE = SOURCE_FIELDS_RULE-PERNR ULTIMO BETWEEN L_WAEMPLOYEE-DA
-
I'm trying to reconnect my Time Machine.
Hello, I'm trying to reconnect my Time Machine backup. When I select my Time Machine I'm getting an error message "The disk image "kimby's iMac.sparesebundle" is in use. Try ejecting the disk image. How would I do this? I have no clue what they ar
-
***** urgent help needed ***** N73
i have just download a game "harry potter and the game to far right to the screen, cant see anything i chnage tried different setting and no matter what setting a do, the game remains to the right. is there anyone who can help, or have a problem that
-
Create a new schema from existing schema
Hi, I'm wondering whether there is a way of create a schema from existing one? Could it done through SQL statement or have to go through some sort of tools? Please drop me a few words if you know the answer. Thanks.