cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (Resolved) (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-4037) Problem creating dynamic client when WSDL is hosted with secured transport (https)
Date Tue, 17 Jan 2012 21:55:39 GMT

     [ https://issues.apache.org/jira/browse/CXF-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Kulp resolved CXF-4037.
------------------------------

       Resolution: Fixed
    Fix Version/s: 2.5.2
                   2.4.6
         Assignee: Daniel Kulp


The DynamicClient wasn't using the already preloaded schemas and was instead trying to redownload
them.  I've updated it to attempt to reuse the schemas we already gathered.   I'd appreciate
it if you could try testing with tonights snapshots.
                
> Problem creating dynamic client when WSDL is hosted with secured transport (https)
> ----------------------------------------------------------------------------------
>
>                 Key: CXF-4037
>                 URL: https://issues.apache.org/jira/browse/CXF-4037
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime
>    Affects Versions: 2.4.2, 2.4.3, 2.4.5
>            Reporter: Harsha Devireddy
>            Assignee: Daniel Kulp
>            Priority: Critical
>             Fix For: 2.4.6, 2.5.2
>
>
> I am trying to call a create a client dynamically to invoke the WebService(see below).
Notice my WSDL URL is https. 
> Also, with a minor modification(to add the spring config file to the bus) to the client
generated using the wsdl2java utility I am able to call the secured webservice. 
> But my requirement is to dynamically generate clients and call the webservice provided
the wsdlUrl, method name and method arguments.
> CLIENT CODE
> ------------
> {code}
> SpringBusFactory bf = new SpringBusFactory();
> bus = bf.createBus(securityConfigFile);
> BusFactory.setDefaultBus(bus);
>  
> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
> dcf.setSimpleBindingEnabled(false);
> List<String> bindingFiles = new ArrayList<String>();
> File bindingFile = generateCustomBindingFile(fileLocationURL);
> try {
> bindingFiles.add(bindingFile.getCanonicalPath().toString());
> } catch (IOException e) {
> throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
> bindingFile.toString());
> }
> Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
> {code}
>  
>  
> EXCEPTION
> ----------
>  
> I get the below Exception while trying to create the client. 
>  
> {code}
> log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
> log4j:WARN Please initialize the log4j system properly.
> Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
> INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
> Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException:
Failed to create service.
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
> at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing
'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
> ... 7 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
> at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 37 more
> {code}
>  
>  
> SPRING CONFIG FILE
> ------------------
> Below is my spring config file for my client.
> {code:xml}
>  
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
> <http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password" 
> file="test/resources/wsdl/wibble.jks"/>
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>admin</sec:UserName>
> <sec:Password>admin</sec:Password>
> </http:authorization>
> </http:conduit>
> </beans> 
> {code}
>  
> Really appreciate your comments and feedback.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message