0 Replies Latest reply on Nov 28, 2008 9:55 AM by stbutler11

    Invoking external WebService over https

    stbutler11

      I would like to invoke a WebService over https from within my web application. The WebService is running on an external server. Is there a way to specify the keystore and truststore that are used without using the system properties for these values?

      I've tried using a security domain by adding the following to $JBOSS_HOME/server/[my_profile]/conf/jboss-service.xml:

      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
       name="jboss.security:service=JaasSecurityDomain,domain=my-domain">
       <depends>jboss.security:service=JaasSecurityManager</depends>
       <constructor>
       <arg type="java.lang.String" value="my-domain" />
       </constructor>
      
       <attribute name="ManagerServiceName">jboss.security:service=JaasSecurityManager</attribute>
       <attribute name="KeyStoreURL">/tmp/keystore</attribute>
       <attribute name="KeyStorePass">password</attribute>
       <attribute name="TrustStoreURL">/tmp/keystore</attribute>
       <attribute name="TrustStorePass">password</attribute>
       </mbean>
      


      and in the jboss-web.xml of my web app:
      <jboss-web>
       <security-domain>java:/jaas/my-domain</security-domain>
       ...
      


      I've set the system property javax.net.debug=ssl in run.sh. It looks like the default keystore and truststore are being used when the connection is made from my web app. The debug prints out :
      trustStore is: /usr/jdk/instances/jdk1.6.0_07/jre/lib/security/cacerts

      Should this work or is there a better way to invoke an external webservice from jboss over https?