cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation of client with wsdl in https
Date Tue, 30 Aug 2011 16:43:20 GMT

The "name" for the http-conduit thing in the config is a full regex.   Thus, 
you should be able to do something like:

<http-conf name="https.*">
....

to match all the https endpoints.   

Dan


On Tuesday, August 30, 2011 2:33:43 PM Guillaume Jouanjan wrote:
> Hi
> 
> I've tried this but i've got the same error.
> 
> org.springframework.web.util.NestedServletException: Request
> processing failed; nested exception is
> org.apache.cxf.service.factory.ServiceConstructionException: Could not
> resolve URL
> "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
> oint?wsdl".
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
> rvlet.java:656)
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> 	
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
> ava:96)
> 
> *cause m�re*
> 
> org.apache.cxf.service.factory.ServiceConstructionException: Could not
> resolve URL
> "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
> oint?wsdl".
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(DynamicClie
> ntFactory.java:569)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:259)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:204)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:197)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:152)
> com.airbus.rmm.controller.ManualController.send(ManualController.java:172)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> 	sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> 	java.lang.reflect.Method.invoke(Unknown Source)
> 	
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invoke
> HandlerMethod(HandlerMethodInvoker.java:176)
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
> er.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
> er.handle(AnnotationMethodHandlerAdapter.java:414)
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServ
> let.java:790)
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServl
> et.java:719)
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
> rvlet.java:644)
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> 	
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
> ava:96)
> 
> *cause m�re*
> 
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No subject alternative names
> present
> 	com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> 	com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> 
> The "mother cause" seems to be the
> 
> Could not resolve URL
> "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpo
> int?wsdl
> 
> but with internet explorer the url is good (after accepting certificates)
> 
> Moreover url of WSDL is calculated dynamically because end user set himself
> via HMI the url of Web Service (i.e :
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only add the endpoint
> + ? wsdl
> 
> (i don't know if i can made a 'response to all', please say it me if i can't
> ;) )
> 
> Guillaume
> 
> 2011/8/30 Freeman Fang <freeman.fang@gmail.com>
> 
> > Hi,
> > 
> > Looks like the error occurs when you try to download remote wsdl, which
> > also need authentication.
> > However the "{WSDL Namespace}portName" would never work for downloading
> > the wsdl as the portName is unknown at that point.
> > You need change your http:conduit like
> > <http-conf:conduit
> > name="https://10.33.30.138:**8443/.*<https://10.33.30.138:8443/.*> ">
> > 
> >  the "https" prefix here is important.
> > 
> > You can take a look at [1] to get more details there.
> > [1]https://issues.apache.org/**jira/browse/CXF-3421<https://issues.apach
> > e.org/jira/browse/CXF-3421>
> > 
> > Freeman
> > 
> > On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
> >  Hello ,
> >  
> >> First of all , sorry for my english , i'm a french developer.
> >> 
> >> My goal is to call dynamically web services method using a WSDL (the
> >> only information i have + name of methods)
> >> 
> >> I've got a problem with the following code :
> >> 
> >> String urlWsdl = "
> >> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
> >> LogbookWSHttpSoap12Endpoint?**wsdl<https://10.33.30.138:8443/eLBG-Serv
> >> er/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl> ";
> >> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
> >> newInstance();
> >> Client clientWS = factory.createClient(urlWsdl);
> >> 
> >> I've got the following error :
> >> 
> >> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet
> >> rmm-ata a
> >> g´┐¢n´┐¢r´┐¢ une exception
> >> java.security.cert.**CertificateException: No subject alternative
> >> names
> >> present
> >> 
> >>       at sun.security.util.**HostnameChecker.matchIP(**Unknown
> >>       Source)
> >>       at sun.security.util.**HostnameChecker.match(Unknown
> >>       Source)
> >>       at
> >> 
> >> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> >> checkIdentity(Unknown
> >> Source)
> >> 
> >>       at
> >> 
> >> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> >> checkServerTrusted(Unknown
> >> Source)
> >> 
> >>       at
> >> 
> >> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
> >> serverCertificate(Unknown
> >> Source)
> >> 
> >>       at
> >> 
> >> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage(Unkno
> >> wn
> >> Source)
> >> 
> >>       at
> >>       com.sun.net.ssl.internal.ssl.**Handshaker.processLoop(Unk
> >>       nown
> >> 
> >> Source)
> >> 
> >>       at
> >>       com.sun.net.ssl.internal.ssl.**Handshaker.process_record(
> >>       **
> >> 
> >> Unknown
> >> Source)
> >> 
> >>       at
> >>       com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readRecord(*
> >>       *
> >> 
> >> Unknown
> >> Source)
> >> 
> >>       at
> >> 
> >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHandshake
> >> (** Unknown
> >> Source)
> >> 
> >>       at
> >>       com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
> >>       ke(**
> >> 
> >> Unknown
> >> Source)
> >> 
> >>       at
> >>       com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
> >>       ke(**
> >> 
> >> Unknown
> >> Source)
> >> 
> >>       at
> >>       sun.net.www.protocol.https.**HttpsClient.afterConnect(**U
> >>       nknown
> >> 
> >> Source)
> >> 
> >>       at
> >> 
> >> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
> >> tion.connect(Unknown
> >> Source)
> >> 
> >>       at
> >> 
> >> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(Unknown
> >> Source)
> >> 
> >>       at
> >> 
> >> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
> >> getInputStream(Unknown
> >> Source)
> >> 
> >>       at
> >> 
> >> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
> >> URIResolver.java:167)
> >> 
> >>       at org.apache.cxf.resource.**URIResolver.<init>(**
> >> 
> >> URIResolver.java:90)
> >> 
> >>       at
> >> 
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**composeUrl(**
> >> DynamicClientFactory.java:561)
> >> 
> >>       at
> >> 
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:259)
> >> 
> >>       at
> >> 
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:204)
> >> 
> >>       at
> >> 
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:197)
> >> 
> >>       at
> >> 
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:152)
> >> 
> >>       at
> >> 
> >> com.airbus.rmm.controller.**ManualController.send(**
> >> ManualController.java:174)
> >> 
> >> I have specified a http conduit in spring configuration file but it
> >> seems that information inside is not managed and the
> >> disableCNCheck=false is still
> >> active
> >> 
> >> my http-conduit conf :
> >> 
> >> <http:conduit name="*.http-conduit">
> >> 
> >>       <http:tlsClientParameters secureSocketProtocol="TLS"
> >> 
> >> disableCNCheck="true">
> >> 
> >>         <sec:keyManagers keyPassword="password">
> >>         
> >>              <sec:keyStore type="JKS" password="password"
> >>              
> >>                   file="../classes/server.jks"/>
> >>         
> >>         </sec:keyManagers>
> >>         <sec:trustManagers>
> >>         
> >>             <sec:keyStore type="JKS" password="password"
> >>             
> >>                  file="../classes/server.jks"/>
> >>         
> >>         </sec:trustManagers>
> >>         <sec:cipherSuitesFilter>
> >>         
> >>           <!-- these filters ensure that a ciphersuite with
> >>           
> >>             export-suitable or null encryption is used,
> >>             but exclude anonymous Diffie-Hellman key
> >>             change as
> >>             this is vulnerable to man-in-the-middle
> >>             attacks -->
> >>           
> >>           <sec:include>.*_EXPORT_.*</**sec:include>
> >>           <sec:include>.*_EXPORT1024_.*<**/sec:include>
> >>           <sec:include>.*_WITH_DES_.*</**sec:include>
> >>           <sec:include>.*_WITH_NULL_.*</**sec:include>
> >>           <sec:exclude>.*_DH_anon_.*</**sec:exclude>
> >>         
> >>         </sec:cipherSuitesFilter>
> >>     
> >>     </http:tlsClientParameters>
> >>     <http:authorization>
> >>     
> >>        <sec:UserName>nandana</sec:**UserName>
> >>        <sec:Password>password</sec:**Password>
> >>     
> >>     </http:authorization>
> >>     <http:client AutoRedirect="true" Connection="Keep-Alive"/>
> >>  
> >>  </http:conduit>
> >> 
> >> Thanks for your help
> >> 
> >> Guillaume
> >> 
> >> 
> >> --
> >> 
> >> * *
> >> 
> >> * *
> >> 
> >> *Guillaume JOUANJAN
> >> *
> >> 
> >> *Chef de Projet Technique
> >> *
> >> 
> >> *Email:*       gjouanjan@sqli.com   * <gjouanjan@sqli.com>*
> >> 
> >> *Bureau:*   +33 (0)5 62 47 33 66
> >> 
> >> *
> >> *
> >> 
> >> *
> >> *
> >> 
> >> *
> >> *
> >> 
> >> *www.sqli.com*
> >> 
> >> * *
> >> 
> >> *
> >> *
> >> 
> >> *SQLI Toulouse*
> >> 
> >> 7 avenue Didier DAURAT
> >> BP 70118
> >> 31 704 BLAGNAC CEDEX
> >> 
> >> *Standard:* +33 (0)5 62 47 70 70
> >> *Fax:*       +33 (0)5 62 47 70 71
> >> 
> >> **
> > 
> > ------------------------------**---------------
> > Freeman Fang
> > 
> > FuseSource
> > Email:ffang@fusesource.com
> > Web: fusesource.com
> > Twitter: freemanfang
> > Blog: http://freemanfang.blogspot.**com
> > <http://freemanfang.blogspot.com>
-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com

Mime
View raw message