Consuming web services under https and/or authentication
How do you use a web service under https? How do you use a service with authentication? Are these processes complicated?
The GXtips move keeps getting along. It consists of clear and practical advice that simplifies the tasks at the time of working. In this case, Gonzalo Cuiñas, a member of Artech’s Support Team, explains the necessary steps to use a web service under authentication. |
Consuming a web service under https or authentication can seem complicated but it really is not. Consuming a web service under https requires 3 basic steps:
• Consuming the wsdl located under https
• Saving the server certificate in a keystore
• Consuming the web service while indicating to the application the location of the keystore with the certificate.
Consuming the wsdl
In the case of services under https, it is necessary to obtain the wsdl as a file to then inspect it with the WSDL Inspector locally using the file protocol. A way to obtain the wsdl is by accessing it via the browser to then do a "Save as" of the page. Once the service has been inspected the web service user can be programmed as usual. The only exception is that it will be necessary to create a Location type variable to indicate that the web service is under https, such as:
&location = getlocation("org_tempuriaction__wssuma")
&location.port = 8443
&location.secure = 1
&suma = &ws.execute(5, 3)
Saving the server certificate in a keystore
It is necessary to clarify that to communicate with a resource under https you need to have installed the certificate of the server you wish to communicate with. This certificate contains (among other things) the public key with which the information to be sent is encrypted and which only the server can unencrypt with its private key (more information here). So, at the time of consuming a service under https we'll need the server certificate in order to be able to establish the communication.
Once we have obtained the certificate we have to save it in a keystore, which is basically a “certificate store” that enables us to add new certificates or eliminate them (among other things). One way to manipulate/administer these keystores is the “Keytool.exe” tool included in the JDK.
Indicating the location of the keystore in the java application
What is left now is indicating to the application the location of the keystore so that at the time of establishing communication it knows where to obtain the certificate. For this purpose the “system properties” have to be configured: javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword. It is usual to add those properties in the instance of the virtual machine; this can be done in the GX Interpreter Options.
Otherwise it can be configured by code, adding the following lines in the routine that uses the service (or in any other part of the application that is executed before consuming the service):
java System.setProperty("javax.net.ssl.trustStore", "C:\MiKeystore");
java System.setProperty("javax.net.ssl.trustStorePassword", "MiPassword");
To read the full document including how to work with web services with authentication, click here.