cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation of client with wsdl in https
Date Tue, 30 Aug 2011 08:43:46 GMT
Hi,

Looks like the error occurs when you try to download remote wsdl,  
which also need authentication.
However the "{WSDL Namespace}portName" would never work for  
downloading the wsdl as the portName is unknown at that point.
You need change your http:conduit like
<http-conf:conduit name="https://10.33.30.138:8443/.*">
  the "https" prefix here is important.

You can take a look at [1] to get more details there.
[1]https://issues.apache.org/jira/browse/CXF-3421

Freeman
On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:

> Hello ,
>
> First of all , sorry for my english , i'm a french developer.
>
> My goal is to call dynamically web services method using a WSDL (the  
> only
> information i have + name of methods)
>
> I've got a problem with the following code :
>
> String urlWsdl = "
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl
> ";
> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
> newInstance();
> Client clientWS = factory.createClient(urlWsdl);
>
> I've got the following error :
>
> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet  
> rmm-ata a
> g´┐¢n´┐¢r´┐¢ une exception
> java.security.cert.CertificateException: No subject alternative names
> present
>        at sun.security.util.HostnameChecker.matchIP(Unknown Source)
>        at sun.security.util.HostnameChecker.match(Unknown Source)
>        at
> com 
> .sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown
> Source)
>        at
> com 
> .sun 
> .net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
>        at
> com 
> .sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
>        at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown  
> Source)
>        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> Source)
>        at  
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> Source)
>        at  
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source)
>        at
> com 
> .sun 
> .net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
>        at  
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
>        at  
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
>        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
>        at
> sun 
> .net 
> .www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
>        at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown  
> Source)
>        at
> sun 
> .net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> Source)
>        at
> org.apache.cxf.resource.URIResolver.tryFileSystem(URIResolver.java: 
> 167)
>        at  
> org.apache.cxf.resource.URIResolver.<init>(URIResolver.java:90)
>        at
> org 
> .apache 
> .cxf 
> .endpoint 
> .dynamic.DynamicClientFactory.composeUrl(DynamicClientFactory.java: 
> 561)
>        at
> org 
> .apache 
> .cxf 
> .endpoint 
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 
> 259)
>        at
> org 
> .apache 
> .cxf 
> .endpoint 
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 
> 204)
>        at
> org 
> .apache 
> .cxf 
> .endpoint 
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 
> 197)
>        at
> org 
> .apache 
> .cxf 
> .endpoint 
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 
> 152)
>        at
> com 
> .airbus.rmm.controller.ManualController.send(ManualController.java: 
> 174)
>
> I have specified a http conduit in spring configuration file but it  
> seems
> that information inside is not managed and the disableCNCheck=false  
> is still
> active
>
> my http-conduit conf :
>
> <http:conduit name="*.http-conduit">
>
>        <http:tlsClientParameters secureSocketProtocol="TLS"
> disableCNCheck="true">
>          <sec:keyManagers keyPassword="password">
>               <sec:keyStore type="JKS" password="password"
>                    file="../classes/server.jks"/>
>          </sec:keyManagers>
>          <sec:trustManagers>
>              <sec:keyStore type="JKS" password="password"
>                   file="../classes/server.jks"/>
>          </sec:trustManagers>
>          <sec:cipherSuitesFilter>
>            <!-- these filters ensure that a ciphersuite with
>              export-suitable or null encryption is used,
>              but exclude anonymous Diffie-Hellman key change as
>              this is vulnerable to man-in-the-middle attacks -->
>            <sec:include>.*_EXPORT_.*</sec:include>
>            <sec:include>.*_EXPORT1024_.*</sec:include>
>            <sec:include>.*_WITH_DES_.*</sec:include>
>            <sec:include>.*_WITH_NULL_.*</sec:include>
>            <sec:exclude>.*_DH_anon_.*</sec:exclude>
>          </sec:cipherSuitesFilter>
>      </http:tlsClientParameters>
>      <http:authorization>
>         <sec:UserName>nandana</sec:UserName>
>         <sec:Password>password</sec:Password>
>      </http:authorization>
>      <http:client AutoRedirect="true" Connection="Keep-Alive"/>
>
>   </http:conduit>
>
>
> Thanks for your help
>
> Guillaume
>
>
> -- 
>
> * *
>
> * *
>
> *Guillaume JOUANJAN
> *
>
> *Chef de Projet Technique
> *
>
> *Email:*       gjouanjan@sqli.com   * <gjouanjan@sqli.com>*
> *Bureau:*   +33 (0)5 62 47 33 66
>
> *
> *
>
> *
> *
>
> *
> *
>
> *www.sqli.com*
>
> * *
>
> *
> *
>
> *SQLI Toulouse*
>
> 7 avenue Didier DAURAT
> BP 70118
> 31 704 BLAGNAC CEDEX
>
> *Standard:* +33 (0)5 62 47 70 70
> *Fax:*       +33 (0)5 62 47 70 71
>
> **

---------------------------------------------
Freeman Fang

FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com










Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message