cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4037) Problem creating dynamic client when WSDL is hosted with secured transport (https)
Date Tue, 17 Jan 2012 15:59:41 GMT

    [ https://issues.apache.org/jira/browse/CXF-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13187770#comment-13187770
] 

Daniel Kulp commented on CXF-4037:
----------------------------------


The issue can likely be resolved by adjusting the line:

{code}
<http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
{code}

to be something like:
{code}
<http:conduit name="http://localhost.*">
{code}

or similar.    Basically, there isn't a portname or anything during the process of retrieving
the wsdl as that is defined in the WSDL.  Thus, you need to configure the conduit based on
a URL regex so that the WSDL downloading can associate the proper conduit settings.


                
> Problem creating dynamic client when WSDL is hosted with secured transport (https)
> ----------------------------------------------------------------------------------
>
>                 Key: CXF-4037
>                 URL: https://issues.apache.org/jira/browse/CXF-4037
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime
>    Affects Versions: 2.4.2, 2.4.3, 2.4.5
>            Reporter: Harsha Devireddy
>            Priority: Critical
>
> I am trying to call a create a client dynamically to invoke the WebService(see below).
Notice my WSDL URL is https. 
> Also, with a minor modification(to add the spring config file to the bus) to the client
generated using the wsdl2java utility I am able to call the secured webservice. 
> But my requirement is to dynamically generate clients and call the webservice provided
the wsdlUrl, method name and method arguments.
> CLIENT CODE
> ------------
> {code}
> SpringBusFactory bf = new SpringBusFactory();
> bus = bf.createBus(securityConfigFile);
> BusFactory.setDefaultBus(bus);
>  
> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
> dcf.setSimpleBindingEnabled(false);
> List<String> bindingFiles = new ArrayList<String>();
> File bindingFile = generateCustomBindingFile(fileLocationURL);
> try {
> bindingFiles.add(bindingFile.getCanonicalPath().toString());
> } catch (IOException e) {
> throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
> bindingFile.toString());
> }
> Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
> {code}
>  
>  
> EXCEPTION
> ----------
>  
> I get the below Exception while trying to create the client. 
>  
> {code}
> log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
> log4j:WARN Please initialize the log4j system properly.
> Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
> INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
> Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException:
Failed to create service.
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
> at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing
'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
> ... 7 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
> at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 37 more
> {code}
>  
>  
> SPRING CONFIG FILE
> ------------------
> Below is my spring config file for my client.
> {code:xml}
>  
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
> <http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password" 
> file="test/resources/wsdl/wibble.jks"/>
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>admin</sec:UserName>
> <sec:Password>admin</sec:Password>
> </http:authorization>
> </http:conduit>
> </beans> 
> {code}
>  
> Really appreciate your comments and feedback.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message