Mailing-List: contact users-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@cxf.apache.org
Received-SPF: pass (athena.apache.org: domain of himanshu.kgp@gmail.com
 designates 209.85.212.171 as permitted sender)
MIME-Version: 1.0
In-Reply-To: 
 <CAB8XdGBvHSRFVKZPun+mTMN1qkwSO8HjvR9m3F=Zgqt53DrpzA@mail.gmail.com>
References: 
 <CA+vBPaUC9nXnFbEsoc9j8B3Qkd=wQK_GQErxXkHmEqYHFHiY5w@mail.gmail.com>
	<4FE85ED3.7000708@talend.com>
	<CA+vBPaW4DBXk71rngyVYejLmH4wK+x6R1RHACiaR+9DKzGvgkQ@mail.gmail.com>
	<CAB8XdGBvHSRFVKZPun+mTMN1qkwSO8HjvR9m3F=Zgqt53DrpzA@mail.gmail.com>
Date: Mon, 25 Jun 2012 16:02:14 +0200
Message-ID: 
 <CA+vBPaV3-Q4br+WvGF12G-1zLyUB+mcr9jpTi06gZPi-UB+tVw@mail.gmail.com>
Subject: Re: wsdl_first_https
From: Himanshu Gupta <himanshu.kgp@gmail.com>
To: users@cxf.apache.org, coheigea@apache.org
Content-Type: multipart/alternative; boundary=f46d04428d9cdc185904c34c6deb

--f46d04428d9cdc185904c34c6deb
Content-Type: text/plain; charset=ISO-8859-1

Hello Colm,

In the sample wsdl_first_https, I removed line <sec:clientAuthentication
want="true" required="true"/> from the server configuration. The Client in
the example works well. But the Firefox fails, and still gives error
"javax.net.ssl.SSLHandshakeException: no cipher suites in common" on the
server.

Please let me know, If you want me to try something specific.

Sorry just looking for an appropriate solution :(

Thanks,
Himanshu.


On Mon, Jun 25, 2012 at 3:57 PM, Colm O hEigeartaigh <coheigea@apache.org>wrote:

> > Colm : I did add the certificates to for e.g. in the Firefox explicitly.
>
> Yes, you added the certificates so that the browser trusted the service
> endpoint. However, as I explained in my previous mail, the service endpoint
> requires that the client presents its own certificate + private key for
> client authentication, hence the failure.
>
> Colm.
>
> On Mon, Jun 25, 2012 at 2:51 PM, Himanshu Gupta <himanshu.kgp@gmail.com
> >wrote:
>
> > Hello Guys,
> >
> > Colm : I did add the certificates to for e.g. in the Firefox explicitly.
> >
> > Following
> http://aruld.info/programming-ssl-for-jetty-based-cxf-services/ for
> > my Dynamic Client, I try to do somthing like below :
> >
> > 1. JaxWsDynamicClientFactory dcf =
> JaxWsDynamicClientFactory.newInstance();
> > 2. Client client = dcf.createClient("
> >
> https://localhost:9001/ApexCollateral/ing/services/wss/agreementDemo/2.0?wsdl
> > ");
> > 3. configureSSLOnTheClient(client);
> > 4. Object[] res = client.invoke("getAgreementDemoIdentifier", new
> > Integer(1));
> >
> > Theoretically it should have worked, but it fails with an exception like
> > "org.apache.cxf.service.factory.ServiceConstructionException: Could not
> > resolve URL "https://localhost:9001/someService/2.0?wsdl".", while
> > excetuing *line number 2 (*logs attached*) *that is even before line 3
> > where I could setup the truststore, manually.
> >
> > I really want to use the Dynamic Client approach in the test cases to
> test
> > my web services. I assume, along with the testing services, with this
> > approach I also validate auto code generation for clients, which would be
> > used eventually by the consumers (by exposed wsdls).
> >
> > Please help,
> >
> > Thanks,
> > Himanshu.
> >
> >
> > On Mon, Jun 25, 2012 at 2:51 PM, Glen Mazza <gmazza@talend.com> wrote:
> >
> >> Personally, for SSL, I would recommend using a standalone servlet
> >> container like Tomcat to host your web service (
> http://www.jroller.com/**
> >> gmazza/entry/ssl_for_web_**services<
> http://www.jroller.com/gmazza/entry/ssl_for_web_services>),
> >> I wouldn't rely on Endpoint.publish() for production, especially if
> you're
> >> using SSL.
> >>
> >> For your dynamic client, as the link above mentions, the certs will need
> >> to be in the "cacerts" file used by the JRE that is running the dynamic
> >> client--or another truststore file that you configure--the browser is
> >> irrelevant as it's not being used there.
> >>
> >> HTH,
> >> Glen
> >>
> >>
> >> On 06/25/2012 07:46 AM, Himanshu Gupta wrote:
> >>
> >>> Hello Experts,
> >>>
> >>> Quite new to CXF, having a usecase where I need to expose our existing
> >>> services as webservices. App is a standalone server, so am using
> embedded
> >>> jetty with https. Everything works fine, except that when I hit the
> >>> server
> >>> with the wsdl url through a browser (any browser), I get
> >>> "javax.net.ssl.**SSLHandshakeException: no cipher suites in common".
> >>>
> >>> This could be reproduced if you just run the wsdl_first_https server
> and
> >>> hit the url https://localhost:9001/**SoapContext/SoapPort?wsdl<
> https://localhost:9001/SoapContext/SoapPort?wsdl>.
> >>> Please help
> >>> escape this problem.
> >>>
> >>> Also the client in the wsdl_first_https works. But if I try to use the
> >>> Dynamic Client (thats a requirement), it fails as well, as it could not
> >>> find the wsdl. The Dynamic client looks somthing like below :
> >>>
> >>>
> >>>  JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.**
> >>> newInstance();
> >>>         Client client = dcf.createClient("
> >>> https://localhost:443/**someservice/2.0?wsdl<
> https://localhost:443/someservice/2.0?wsdl>
> >>> <https://**localhost/someservice/2.0?wsdl<
> https://localhost/someservice/2.0?wsdl>
> >>> **>
> >>>
> >>> ");
> >>>         Object[] res = client.invoke(jnew
> >>> QName("http://someNameSpace/<h**ttp://somenamespace/<
> http://somenamespace/>
> >>> >",
> >>>
> >>> "getSomeIdentifier"), new Integer(1));
> >>>
> >>> PS : I have already tried adding the certs to the browser.
> >>>
> >>> Thanks in Advance,
> >>>
> >>>
> >>
> >> --
> >> Glen Mazza
> >> Talend Community Coders
> >> coders.talend.com
> >> blog: www.jroller.com/gmazza
> >>
> >>
> >
> >
> > --
> > Himanshu Gupta.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>


-- 
Himanshu Gupta.

--f46d04428d9cdc185904c34c6deb--