WS-SOAP java security policy override

Please refer to this article for some guidance:

 

 

http://devcentral.f5.com/Default.aspx?TabID=29&newsType=ArticleView&articleId=22

 

 

Loc

Also, check out my recent blog post on this topic (Click here)

Excellent!

 

 

If you post your solution up here (either this thread, or Code Share), I'll contact you directly with a list of items that you can pick from the F5 Employee Store.

 

 

Depending on how elegant the solution is, I'll up the price level of the choices. By elegant, I mean that hopefully this can be seemlessly integrated into a client application without hacking up the Apache or the JSSE internals similarly to how I did it with our .NET sample code. That way we can include it in our SDK in the future!

 

 

If your solution required changes to Apache or the JSSE then that wouldn't provide much value to 3rd party developers who rely on the stock versions of those toolkits.

 

 

-Joe

I modified the code to make it little more "professionalized" and submitted the class to Code Share.

 

 

 
 package support.net.ssl; 
  
 /* 
  * @version 1.0 04/06/2005 
  * @author Jacob Gilley 
  */ 
  
 import java.security.AccessController; 
 import java.security.InvalidAlgorithmParameterException; 
 import java.security.KeyStore; 
 import java.security.KeyStoreException; 
 import java.security.PrivilegedAction; 
 import java.security.Security; 
 import java.security.cert.X509Certificate; 
  
 import javax.net.ssl.ManagerFactoryParameters; 
 import javax.net.ssl.TrustManager; 
 import javax.net.ssl.TrustManagerFactorySpi; 
 import javax.net.ssl.X509TrustManager; 
  
 public final class XTrustProvider extends java.security.Provider { 
 private final static String NAME = "XTrustJSSE"; 
 private final static String INFO = "XTrust JSSE Provider (implements trust factory with truststore validation disabled)"; 
 private final static double VERSION = 1.0D; 
  
 public XTrustProvider() { 
 super(NAME, VERSION, INFO); 
  
 AccessController.doPrivileged(new PrivilegedAction() { 
             public Object run() { 
                 put("TrustManagerFactory." + TrustManagerFactoryImpl.getAlgorithm(),  
                 TrustManagerFactoryImpl.class.getName()); 
                 return null; 
             } 
 }); 
 } 
  
 public static void install() { 
 if(Security.getProvider(NAME) == null) { 
 Security.insertProviderAt(new XTrustProvider(), 2); 
 Security.setProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactoryImpl.getAlgorithm()); 
 } 
 } 
  
 public final static class TrustManagerFactoryImpl extends TrustManagerFactorySpi { 
 public TrustManagerFactoryImpl() { } 
 public static String getAlgorithm() { return "XTrust509"; } 
 protected void engineInit(KeyStore keystore) throws KeyStoreException { } 
 protected void engineInit(ManagerFactoryParameters mgrparams) throws InvalidAlgorithmParameterException { 
 throw new InvalidAlgorithmParameterException(XTrustProvider.NAME + " does not use ManagerFactoryParameters"); 
 } 
  
 protected TrustManager[] engineGetTrustManagers() { 
         return new TrustManager[] { new X509TrustManager() { 
 public X509Certificate[] getAcceptedIssuers() { return null; } 
 public void checkClientTrusted(X509Certificate[] certs, String authType) { } 
 public void checkServerTrusted(X509Certificate[] certs, String authType) { } 
         }}; 
     } 
 } 
 } 
  
 

Exnihilo,

 

 

Great Post! For those interested, I've verified that this works with Apache SOAP as well as Apache Axis! So I think with this single code sample, we've got all the java camps covered!

 

 

I've just approved the sample on Code Share so all you java coders out there you can either rip the code from here or download it from the Code Share page.

 

 

Also, as promised for being the first to solve this problem, I've sent off an email to you regarding the goodies. Let me know directly if you haven't received the email so that we can get your your stuff!

 

 

Thanks again for the Contribution!

 

 

BTW, great avatar!

 

 

-Joe