Main Tutorials

Deploy JAX-WS web services on Tomcat + SSL connection

In this article, we show you how to deploy a JAX-WS web service on Tomcat with TLS / SSL or https secure connection enabled. Actually, the answer is quite simple, just deploys it as a normal web service and configured SSL connection on your Tomcat server properly 🙂

Note
This article is just a combination of my last few posts on developing web service in SSL connection environment.

1. Configure Tomcat + SSL

For detail, see this guide – Make Tomcat to support SSL or https connection.

Basically, just buy a certificate from trusted certificate provider, or use JDK’s keytool command to generate a dummy certificate for localhost testing. And put following portion into your Tomcat server.xml file.

File : $Tomcat\conf\server.xml


//...
 <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the 
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->
 
 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
	       keystoreFile="c:\your keystore file"
	       keystorePass="your keystore password" />
  //...

Restart Tomcat, and now, your Tomcat is supported SSL connection, e.g https://localhost:8443

2. Deploy Web Service

Deploy it like a normal web service, see this guide – Deploy JAX-WS web services on Tomcat servlet container.

3. Test It

The configuration is done; you can access the deployed web service in SSL connection by using a normal web service client.

For example,


    URL url = new URL("https://localhost:8443/HelloWorld/hello?wsdl");
    QName qname = new QName("http://ws.mkyong.com/", "HelloWorldImplService");
    Service service = Service.create(url, qname);

    HelloWorld hello = service.getPort(HelloWorld.class);
    System.out.println(hello.getHelloWorldAsString());
Note
For localhost SSL testing environment, the client will hit following exceptions, please read the problem and solution below :

  1. java.security.cert.CertificateException: No name matching localhost found
  2. SunCertPathBuilderException: unable to find valid certification path to requested target

4. Done

Your web service is in SSL protection, rather simple, no changes on the web service site; just configure your Tomcat to support SSL connection only.

Reference

  1. Wiki – SSL connection
  2. JAX-WS hello world example

About Author

author image
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

Subscribe
Notify of
5 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
warlock
11 years ago

When I try to run my cleint it gives the following error
Exception in thread “main” javax.xml.ws.WebServiceException: Undefined port type: {http://client.mtom.com/}SEI
Here SEI is the interface that I have in my client and “client.mtom.com” is the port where it is deployed

Jorge
4 years ago

Hi,

I’m trying to deploy an Spring Boot WS Soap on a tomcat server (not embedded). I modified the pom.xml an the deployments was fine.
The problems comes when I try to config WS to use SSL. There are plenty of examples doing this with embedded tomcat but I’dont find anything simlirar to deploy on tomcat. Could you suggest a way to achieve this configuration.

Regards and thanks

Jorge

jovi
8 years ago

HI I need to know how implement JAX-WS webservices for tomcat with ssl enabled, but by publishing the Endpoints,
Can anyone please help???

Thanks,
Jovi

Jinshad
9 years ago

Hi Mkyong,
https://mkyong.com/ solved my lot of problem in my carrier. Thanks a lot..

I have one doubt. I hope you will help me.

Im using Java HTTP webservice client for requesting to server
as POST (using text/xml request format). Actually its working fine in
my system. But, in Server side they couldnt get any request from my
side. Server is not in our control (its government related server and
they are using SSL/TLS handshake for security). Server team provided
the keys for handshake.

Actually I dont know how to use SSL/TLS and how to add this in my
code. Server team told, they will receive the request after handshake
success.

I’m stuck now. Adding Certificate on my Tomcat server is needed? How
to add SSL handshake in my request?? If anyone know SSL/TLS handshake ,
please help me with hints.

Thanks in advance..

My Codes are following :

public File sendRequest(File req_xml, String responseFileName) {
File xmlFile = new File(responseFileName);
try {

OutputStream outputStream = new FileOutputStream(xmlFile);

HttpClient httpClient = new org.apache.commons.httpclient.HttpClient();
httpClient.getParams().setParameter(“http.useragent”,
“Web Service Test Client”);
BufferedReader br = null;

PostMethod methodPost = new PostMethod(“http://192.168.1.53:8080/MyApplication/service”);

try {
methodPost.setRequestBody(new FileInputStream(req_xml));
} catch (FileNotFoundException e1) {
e1.printStackTrace();
}
methodPost.setRequestHeader(“Content-Type”, “text/xml”);
try {
int returnCode = httpClient.executeMethod(methodPost);
if (returnCode == HttpStatus.SC_NOT_IMPLEMENTED) {
System.out
.println(“The Post method is not implemented by this URI”);
methodPost.getResponseBodyAsString();
} else {
br = new BufferedReader(new InputStreamReader(
methodPost.getResponseBodyAsStream()));

int read = 0;
byte[] bytes = new byte[1024];

while ((read = methodPost.getResponseBodyAsStream().read(
bytes)) != -1) {
outputStream.write(bytes, 0, read);
}

}
} catch (Exception e) {
e.printStackTrace();
} finally {
methodPost.releaseConnection();
if (br != null)
try {
br.close();
} catch (Exception fe) {
fe.printStackTrace();
}
}

} catch (FileNotFoundException e2) {
// TODO Auto-generated catch block
e2.printStackTrace();
}
return xmlFile;
}

narendar chary
11 years ago

Hi,
i need to test a rest api whether its running on HTTPS only.

I have done following things
In the poster tool i have given http://ip/URI and https://ip/URI both the cases gives the results,how to check its served https only?

Thanks,
Narendar