You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Harsha Devireddy (Created) (JIRA)" <ji...@apache.org> on 2012/01/17 16:39:39 UTC
[jira] [Created] (CXF-4037) Problem creating dynamic client when
WSDL is hosted with secured transport (https)
Problem creating dynamic client when WSDL is hosted with secured transport (https)
----------------------------------------------------------------------------------
Key: CXF-4037
URL: https://issues.apache.org/jira/browse/CXF-4037
Project: CXF
Issue Type: Bug
Components: JAX-WS Runtime
Affects Versions: 2.4.5, 2.4.3, 2.4.2
Reporter: Harsha Devireddy
Priority: Critical
I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
CLIENT CODE
------------
SpringBusFactory bf = new SpringBusFactory();
bus = bf.createBus(securityConfigFile);
BusFactory.setDefaultBus(bus);
JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
dcf.setSimpleBindingEnabled(false);
List<String> bindingFiles = new ArrayList<String>();
File bindingFile = generateCustomBindingFile(fileLocationURL);
try {
bindingFiles.add(bindingFile.getCanonicalPath().toString());
} catch (IOException e) {
throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
bindingFile.toString());
}
Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
EXCEPTION
----------
I get the below Exception while trying to create the client.
log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
log4j:WARN Please initialize the log4j system properly.
Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 37 more
SPRING CONFIG FILE
------------------
Below is my spring config file for my client.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="test/resources/wsdl/truststore.jks"/>
</sec:trustManagers>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="test/resources/wsdl/wibble.jks"/>
</sec:keyManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>admin</sec:UserName>
<sec:Password>admin</sec:Password>
</http:authorization>
</http:conduit>
</beans>
Really appreciate your comments and feedback.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4037) Problem creating dynamic client when
WSDL is hosted with secured transport (https)
Posted by "Harsha Devireddy (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13188755#comment-13188755 ]
Harsha Devireddy commented on CXF-4037:
---------------------------------------
Really appreciate your prompt responses and quick turnaround. I tested with 2.4.6-SNAPSHOT and it works fine. Please let me know if you are aware of the release date for 2.4.6. Thanks Daniel.
> Problem creating dynamic client when WSDL is hosted with secured transport (https)
> ----------------------------------------------------------------------------------
>
> Key: CXF-4037
> URL: https://issues.apache.org/jira/browse/CXF-4037
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.4.2, 2.4.3, 2.4.5
> Reporter: Harsha Devireddy
> Assignee: Daniel Kulp
> Priority: Critical
> Fix For: 2.4.6, 2.5.2
>
>
> I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
> Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
> But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
> CLIENT CODE
> ------------
> {code}
> SpringBusFactory bf = new SpringBusFactory();
> bus = bf.createBus(securityConfigFile);
> BusFactory.setDefaultBus(bus);
>
> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
> dcf.setSimpleBindingEnabled(false);
> List<String> bindingFiles = new ArrayList<String>();
> File bindingFile = generateCustomBindingFile(fileLocationURL);
> try {
> bindingFiles.add(bindingFile.getCanonicalPath().toString());
> } catch (IOException e) {
> throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
> bindingFile.toString());
> }
> Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
> {code}
>
>
> EXCEPTION
> ----------
>
> I get the below Exception while trying to create the client.
>
> {code}
> log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
> log4j:WARN Please initialize the log4j system properly.
> Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
> INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
> Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
> at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
> ... 7 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
> at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 37 more
> {code}
>
>
> SPRING CONFIG FILE
> ------------------
> Below is my spring config file for my client.
> {code:xml}
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
> <http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/wibble.jks"/>
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>admin</sec:UserName>
> <sec:Password>admin</sec:Password>
> </http:authorization>
> </http:conduit>
> </beans>
> {code}
>
> Really appreciate your comments and feedback.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4037) Problem creating dynamic client when
WSDL is hosted with secured transport (https)
Posted by "Daniel Kulp (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13187770#comment-13187770 ]
Daniel Kulp commented on CXF-4037:
----------------------------------
The issue can likely be resolved by adjusting the line:
{code}
<http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
{code}
to be something like:
{code}
<http:conduit name="http://localhost.*">
{code}
or similar. Basically, there isn't a portname or anything during the process of retrieving the wsdl as that is defined in the WSDL. Thus, you need to configure the conduit based on a URL regex so that the WSDL downloading can associate the proper conduit settings.
> Problem creating dynamic client when WSDL is hosted with secured transport (https)
> ----------------------------------------------------------------------------------
>
> Key: CXF-4037
> URL: https://issues.apache.org/jira/browse/CXF-4037
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.4.2, 2.4.3, 2.4.5
> Reporter: Harsha Devireddy
> Priority: Critical
>
> I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
> Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
> But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
> CLIENT CODE
> ------------
> {code}
> SpringBusFactory bf = new SpringBusFactory();
> bus = bf.createBus(securityConfigFile);
> BusFactory.setDefaultBus(bus);
>
> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
> dcf.setSimpleBindingEnabled(false);
> List<String> bindingFiles = new ArrayList<String>();
> File bindingFile = generateCustomBindingFile(fileLocationURL);
> try {
> bindingFiles.add(bindingFile.getCanonicalPath().toString());
> } catch (IOException e) {
> throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
> bindingFile.toString());
> }
> Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
> {code}
>
>
> EXCEPTION
> ----------
>
> I get the below Exception while trying to create the client.
>
> {code}
> log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
> log4j:WARN Please initialize the log4j system properly.
> Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
> INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
> Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
> at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
> ... 7 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
> at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 37 more
> {code}
>
>
> SPRING CONFIG FILE
> ------------------
> Below is my spring config file for my client.
> {code:xml}
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
> <http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/wibble.jks"/>
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>admin</sec:UserName>
> <sec:Password>admin</sec:Password>
> </http:authorization>
> </http:conduit>
> </beans>
> {code}
>
> Really appreciate your comments and feedback.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4037) Problem creating dynamic client when
WSDL is hosted with secured transport (https)
Posted by "Harsha Devireddy (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13187791#comment-13187791 ]
Harsha Devireddy commented on CXF-4037:
---------------------------------------
Thanks Daniel for the prompt response. That chnage you suggested makes sense and seems to work partially. It works when I remove the schema import from my wsdl and have it inline in the wsdl itself. But when I have the schema(xsd) in a seperate file and import it as part of the WSDL then I get the below security exception.
og4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
log4j:WARN Please initialize the log4j system properly.
Jan 17, 2012 11:28:31 AM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
Exception in thread "main" java.lang.RuntimeException: Error compiling schema from WSDL at {https://localhost:9999/getCustomer?wsdl}:
IOException thrown when processing "https://localhost:9999/getCustomer?xsd=AWC.xsd". Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory$InnerErrorListener.throwException(DynamicClientFactory.java:586)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:288)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:237)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:172)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.tools.xjc.ErrorReceiver.error(ErrorReceiver.java:90)
at com.sun.tools.xjc.reader.internalizer.DOMForest.parse(DOMForest.java:401)
at com.sun.tools.xjc.reader.internalizer.DOMForest.parse(DOMForest.java:300)
at com.sun.tools.xjc.reader.internalizer.AbstractReferenceFinderImpl.startElement(AbstractReferenceFinderImpl.java:110)
at org.xml.sax.helpers.XMLFilterImpl.startElement(XMLFilterImpl.java:527)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:239)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:276)
at com.sun.xml.bind.unmarshaller.DOMScanner.visit(DOMScanner.java:245)
at com.sun.xml.bind.unmarshaller.DOMScanner.scan(DOMScanner.java:122)
at com.sun.tools.xjc.api.impl.s2j.SchemaCompilerImpl.parseSchema(SchemaCompilerImpl.java:135)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.cxf.common.util.ReflectionInvokationHandler.invoke(ReflectionInvokationHandler.java:52)
at $Proxy23.parseSchema(Unknown Source)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.addSchemas(DynamicClientFactory.java:439)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:284)
... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
at com.sun.tools.xjc.reader.internalizer.DOMForest.parse(DOMForest.java:393)
... 22 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 41 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 47 more
> Problem creating dynamic client when WSDL is hosted with secured transport (https)
> ----------------------------------------------------------------------------------
>
> Key: CXF-4037
> URL: https://issues.apache.org/jira/browse/CXF-4037
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.4.2, 2.4.3, 2.4.5
> Reporter: Harsha Devireddy
> Priority: Critical
>
> I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
> Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
> But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
> CLIENT CODE
> ------------
> {code}
> SpringBusFactory bf = new SpringBusFactory();
> bus = bf.createBus(securityConfigFile);
> BusFactory.setDefaultBus(bus);
>
> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
> dcf.setSimpleBindingEnabled(false);
> List<String> bindingFiles = new ArrayList<String>();
> File bindingFile = generateCustomBindingFile(fileLocationURL);
> try {
> bindingFiles.add(bindingFile.getCanonicalPath().toString());
> } catch (IOException e) {
> throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
> bindingFile.toString());
> }
> Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
> {code}
>
>
> EXCEPTION
> ----------
>
> I get the below Exception while trying to create the client.
>
> {code}
> log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
> log4j:WARN Please initialize the log4j system properly.
> Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
> INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
> Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
> at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
> ... 7 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
> at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 37 more
> {code}
>
>
> SPRING CONFIG FILE
> ------------------
> Below is my spring config file for my client.
> {code:xml}
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
> <http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/wibble.jks"/>
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>admin</sec:UserName>
> <sec:Password>admin</sec:Password>
> </http:authorization>
> </http:conduit>
> </beans>
> {code}
>
> Really appreciate your comments and feedback.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-4037) Problem creating dynamic client when
WSDL is hosted with secured transport (https)
Posted by "Daniel Kulp (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp updated CXF-4037:
-----------------------------
Description:
I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
CLIENT CODE
------------
{code}
SpringBusFactory bf = new SpringBusFactory();
bus = bf.createBus(securityConfigFile);
BusFactory.setDefaultBus(bus);
JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
dcf.setSimpleBindingEnabled(false);
List<String> bindingFiles = new ArrayList<String>();
File bindingFile = generateCustomBindingFile(fileLocationURL);
try {
bindingFiles.add(bindingFile.getCanonicalPath().toString());
} catch (IOException e) {
throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
bindingFile.toString());
}
Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
{code}
EXCEPTION
----------
I get the below Exception while trying to create the client.
{code}
log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
log4j:WARN Please initialize the log4j system properly.
Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 37 more
{code}
SPRING CONFIG FILE
------------------
Below is my spring config file for my client.
{code:xml}
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="test/resources/wsdl/truststore.jks"/>
</sec:trustManagers>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="test/resources/wsdl/wibble.jks"/>
</sec:keyManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>admin</sec:UserName>
<sec:Password>admin</sec:Password>
</http:authorization>
</http:conduit>
</beans>
{code}
Really appreciate your comments and feedback.
was:
I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
CLIENT CODE
------------
SpringBusFactory bf = new SpringBusFactory();
bus = bf.createBus(securityConfigFile);
BusFactory.setDefaultBus(bus);
JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
dcf.setSimpleBindingEnabled(false);
List<String> bindingFiles = new ArrayList<String>();
File bindingFile = generateCustomBindingFile(fileLocationURL);
try {
bindingFiles.add(bindingFile.getCanonicalPath().toString());
} catch (IOException e) {
throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
bindingFile.toString());
}
Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
EXCEPTION
----------
I get the below Exception while trying to create the client.
log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
log4j:WARN Please initialize the log4j system properly.
Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 37 more
SPRING CONFIG FILE
------------------
Below is my spring config file for my client.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="test/resources/wsdl/truststore.jks"/>
</sec:trustManagers>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="test/resources/wsdl/wibble.jks"/>
</sec:keyManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>admin</sec:UserName>
<sec:Password>admin</sec:Password>
</http:authorization>
</http:conduit>
</beans>
Really appreciate your comments and feedback.
> Problem creating dynamic client when WSDL is hosted with secured transport (https)
> ----------------------------------------------------------------------------------
>
> Key: CXF-4037
> URL: https://issues.apache.org/jira/browse/CXF-4037
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.4.2, 2.4.3, 2.4.5
> Reporter: Harsha Devireddy
> Priority: Critical
>
> I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
> Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
> But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
> CLIENT CODE
> ------------
> {code}
> SpringBusFactory bf = new SpringBusFactory();
> bus = bf.createBus(securityConfigFile);
> BusFactory.setDefaultBus(bus);
>
> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
> dcf.setSimpleBindingEnabled(false);
> List<String> bindingFiles = new ArrayList<String>();
> File bindingFile = generateCustomBindingFile(fileLocationURL);
> try {
> bindingFiles.add(bindingFile.getCanonicalPath().toString());
> } catch (IOException e) {
> throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
> bindingFile.toString());
> }
> Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
> {code}
>
>
> EXCEPTION
> ----------
>
> I get the below Exception while trying to create the client.
>
> {code}
> log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
> log4j:WARN Please initialize the log4j system properly.
> Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
> INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
> Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
> at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
> ... 7 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
> at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 37 more
> {code}
>
>
> SPRING CONFIG FILE
> ------------------
> Below is my spring config file for my client.
> {code:xml}
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
> <http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/wibble.jks"/>
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>admin</sec:UserName>
> <sec:Password>admin</sec:Password>
> </http:authorization>
> </http:conduit>
> </beans>
> {code}
>
> Really appreciate your comments and feedback.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-4037) Problem creating dynamic client when
WSDL is hosted with secured transport (https)
Posted by "Daniel Kulp (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-4037.
------------------------------
Resolution: Fixed
Fix Version/s: 2.5.2
2.4.6
Assignee: Daniel Kulp
The DynamicClient wasn't using the already preloaded schemas and was instead trying to redownload them. I've updated it to attempt to reuse the schemas we already gathered. I'd appreciate it if you could try testing with tonights snapshots.
> Problem creating dynamic client when WSDL is hosted with secured transport (https)
> ----------------------------------------------------------------------------------
>
> Key: CXF-4037
> URL: https://issues.apache.org/jira/browse/CXF-4037
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.4.2, 2.4.3, 2.4.5
> Reporter: Harsha Devireddy
> Assignee: Daniel Kulp
> Priority: Critical
> Fix For: 2.4.6, 2.5.2
>
>
> I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
> Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
> But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.
> CLIENT CODE
> ------------
> {code}
> SpringBusFactory bf = new SpringBusFactory();
> bus = bf.createBus(securityConfigFile);
> BusFactory.setDefaultBus(bus);
>
> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);
> dcf.setSimpleBindingEnabled(false);
> List<String> bindingFiles = new ArrayList<String>();
> File bindingFile = generateCustomBindingFile(fileLocationURL);
> try {
> bindingFiles.add(bindingFile.getCanonicalPath().toString());
> } catch (IOException e) {
> throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",
> bindingFile.toString());
> }
> Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);
> {code}
>
>
> EXCEPTION
> ----------
>
> I get the below Exception while trying to create the client.
>
> {code}
> log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).
> log4j:WARN Please initialize the log4j system properly.
> Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources
> INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.
> Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)
> at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)
> at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)
> at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)
> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)
> at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)
> at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)
> ... 7 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)
> at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
> at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 37 more
> {code}
>
>
> SPRING CONFIG FILE
> ------------------
> Below is my spring config file for my client.
> {code:xml}
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
> <http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/truststore.jks"/>
> </sec:trustManagers>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> file="test/resources/wsdl/wibble.jks"/>
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>admin</sec:UserName>
> <sec:Password>admin</sec:Password>
> </http:authorization>
> </http:conduit>
> </beans>
> {code}
>
> Really appreciate your comments and feedback.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira