cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <gma...@talend.com>
Subject Re: http-conduit in cxf client - how to configure ?
Date Wed, 25 Jan 2012 12:30:11 GMT
Could it be that your SOAP client is reading your JRE's cacerts file and 
not the one you actually configured with the trusted cert?

Here's what I have on the topic: 
http://www.jroller.com/gmazza/entry/ssl_for_web_services

HTH,
Glen

On 01/25/2012 05:55 AM, Rafal Janik wrote:
> Hi All
>
>
> I'm trying to write a simple cxf client with trustedCert and I'm 
> almost sure I'm doing it in wrong and stupid way :D
>
> The result:
>
> Caused by: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
> find valid certification path to requested target
>
> So I'm not sure if my ssl configuration is set properly...
>
> There is my service exposed via https, the cert is imported into my jks.
>
> application-context.xml  :
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans" 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
> xmlns:jaxws="http://cxf.apache.org/jaxws"
>         xmlns:sec="http://cxf.apache.org/configuration/security"
>        xmlns:http="http://cxf.apache.org/transports/http/configuration"
>     xsi:schemaLocation="http://cxf.apache.org/configuration/security 
> http://cxf.apache.org/schemas/configuration/security.xsd
>                             
> http://cxf.apache.org/transports/http/configuration 
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>     http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans.xsd 
> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
> </beans>
>
>
> ssl.xml :
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>        xmlns:sec="http://cxf.apache.org/configuration/security"
>        xmlns:http="http://cxf.apache.org/transports/http/configuration"
>
>        
> xsi:schemaLocation="http://cxf.apache.org/configuration/security 
> http://cxf.apache.org/schemas/configuration/security.xsd
>                             
> http://cxf.apache.org/transports/http/configuration 
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>                             
> http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans.xsd">
>
> <http:conduit name="{http://my.service}ServiceSoap.http-conduit">
>
>
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="****" resource="cert.jks"/>
> </sec:trustManagers>
> <!--<sec:cipherSuitesFilter>-->
> <!--<sec:include>.*_EXPORT_.*</sec:include>-->
> <!--<sec:include>.*_EXPORT1024_.*</sec:include>-->
> <!--<sec:include>.*_WITH_DES_.*</sec:include>-->
> <!--<sec:include>.*_WITH_NULL_.*</sec:include>-->
> <!--<sec:exclude>.*_DH_anon_.*</sec:exclude>-->
> <!--</sec:cipherSuitesFilter>-->
> </http:tlsClientParameters>
> </http:conduit>
>
>
> </beans>
>
> and the code is generated with cxf-codegen-plugin.
>
> Should it be imported somewhere? It is on classpath, but I'm not sure 
> if it is working... The Client uses generated Service classes in the 
> same way as without ssl.
>
>
> regards
>
>
> rafal
>
>
>


-- 
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza


Mime
View raw message