1 Reply Latest reply on May 27, 2014 2:48 AM by sandeep_singh

    Does WLS support custom SSL socket factories?




      I have a webapp that includes a web service client component. This used to be deployed in a Tomcat-ish servlet container (i.e. OiWS). The web service that the client connects to uses client certificate-based authentication, and I have three different certificates in my keystore to select from depending on which user I want to authenticate as.


      My solution for this on OiWS was to override the default Sun JVM SSLSocketFactory implementation with my own.


      SSLSocketFactory    factory = getUserSpecificSSLSocketFactory();
      URL url = new URL(webServiceUrl);
      HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();


      When trying to deploy this same code on WLS, it causes an exception:


      java.lang.ClassCastException caught: weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection



      I found a post on stackoverflow.com that suggests forcing WLS to use the Sun HTTP handler instead of letting WLS substitute its own (java - weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection - Stack Overflow). While this may work, if there is a more elegant "WebLogic way" to perform this type of operation, I'd rather refactor the code.


      For additional information on my original approach to this issue, it was inspired by reading this blog post: How to dynamically select a certificate alias when invoking web services | Alexandre Saudate Blog


      Also, if you want complete detail on how I developed this code in the first place, it all started with a a post on java.net:https://www.java.net/node/703765


      So does WLS support multiple client certificates in one keystore that can be selected from for presentation to the same HTTPS web service URL? If so, is there any standard documentation on how this is done?


      If it matters, this code is being developed and deployed on WLS 12c (though a solution that supports 10.3.6 as well would be preferable).


      Thanks for any thoughts you may have on this.