Configuring Transport-Level Security 3-9 SSL info for Reliable Messaging, callbacks, and so forth, and supports the following well-known system properties: ■ weblogic.wsee.client.ssl.relaxedtrustmanager ■ weblogic.security.SSL.ignoreHostnameVerification The following new classes are available. See the Javadoc for complete descriptions. ■ weblogic.wsee.jaxws.sslclient.SSLClientUtil. This class has the following methods: – public static SSLSocketFactory getSSLSocketFactoryKeyManager[] kms, TrustManager[] tms; – public static SSLSocketFactory getSSLSocketFactoryPersistentSSLInfo sslInfo; – public static SSLSocketFactory getSSLSocketFactoryFromSysProperties; ■ weblogic.wsee.jaxws.sslclient.PersistentSSLInfo, a Javabean for setting SSL info. ■ weblogic.wsee.jaxws.JAXWSProperties, includes a CLIENT_PERSISTENT_SSL_INFO property.

3.4.1 Example of Getting SSLSocketFactory From System Properties

Example 3–8 shows an example of getting the SSLSocketFactory from system properties and using them in the request context. Example 3–8 Getting SSLSocketFactory From System Properties String clientKeyStore = ...; String clientKeyStorePasswd = ...; String trustKeystore = ...; String trustKeystorePasswd = ...; System.setPropertyjavax.net.ssl.keyStore, clientKeyStore; System.setPropertyjavax.net.ssl.keyStorePassword, clientKeyStorePasswd; System.setPropertyjavax.net.ssl.trustStore, trustKeystore; System.setPropertyjavax.net.ssl.trustStorePasswd, trustKeystorePasswd; BindingProvider port.getRequestContext.put JAXWSProperties.SSL_SOCKET_FACTORY, SSLClientUtil.getSSLSocketFactoryFromSysProperties; Example 3–9 shows an example of getting SSLSocketFactory from persistent info PersistentSSLInfo, as well as directly setting a SSLSocketFactory if persistence is not needed. Example 3–9 Getting SSLSocketFactory from PersistentSSLInfo String clientKeyStore = ...; String clientKeyStorePasswd = ...; String clientKeyAlias = ...; String clientKeyPass = ...; String trustKeystore = ...; Note: The clientKeyStore and clientKeyStorePasswd have this restriction: the SSL package of J2SE requires that the password of the client’s private key must be the same as the password of the client’s keystore. For this reason, the client keystore can include only one private key and X.509 certificate pair. 3-10 Securing WebLogic Web Services for Oracle WebLogic Server String trustKeystorePasswd = ...; PersistentSSLInfo sslInfo = new PersistentSSLInfo; sslInfo.setKeystoreclientKeyStore; sslInfo.setKeystorePasswordclientKeyStorePasswd; sslInfo.setKeyAliasclientKeyAlias; sslInfo.setKeyPasswordclientKeyPass; sslInfo.setTrustKeystoretrustKeystore; user can print out the sslInfo for debug System.out.printsslInfo.toString; Put sslInfo into requestContext for persistence, it might be required by JAX-WS advance features, such as, RM, Callback BindingProvider port.getRequestContext.put JAXWSProperties.CLIENT_PERSISTENT_SSL_INFO, sslInfo; Alternatively, you can directly set a SSLSocketFactory if persistence is not necessary. Note: The following line should be omitted if sslInfo is set with above line. BindingProvider port.getRequestContext.put JAXWSProperties.SSL_SOCKET_FACTORY, SSLClientUtil.getSSLSocketFactorysslInfo; sslInfo can set a key alias clientKeyAlias that points to a key in keystore as an SSL client-side key in the event that the client keystore has multiple keys.

3.5 Configuring Transport-Level Security Via UserDataConstraint: Main Steps JAX-RPC Only