cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Dushin <f...@dushin.net>
Subject Initializing a Proxy with a "secure" URL
Date Fri, 04 May 2007 02:16:22 GMT

(I hesitate to utter "secure" and "https" in the same breath, but  
here we go...)

What is the expected behavior of the following code fragment?

java.net.URL url = new java.net.URL("https://...");
javax.xml.ws.Service svc = new javax.xml.ws.Service.createService 
(url, qname);

(where qname is a QName appropriate for the occasion) ?

I'm finding that our WSDLManagerImpl is eventually trying to load the  
WSDL behind the URL through a javax.wsdl.xml.WSDLReader, which it  
gets off a WSDLFactory, another javax object (WSDLManagerImpl.java: 
177).  (Eclipse tells me that this implementation is provided  
courtesy of IBM, but that's about all I get get out of the debugger).

In any event, there is really no provision for the specification of  
key and certificate material for the call out to acquire the WSDL off  
the "secure" https URL, in which case the SSL handshake is doomed to  
failure, as it clearly does in my debugger.

Looks like a gaping hole in the spec, if not the javax implementation  
we are using.  I suppose it could be an "implementation specific"  
detail -- how to configure said key and certificate material, but no  
provision seems to be made by the underlying implementation of these  
javax classes, unless anyone here knows any differently.  And there's  
clearly no way to specify this material programmatically, which is  
pretty much the kiss o' death, anyway.  Unless there is some kind of  
contextual API outside of the creation of the Service I

Rats.

-Fred

Mime
View raw message