You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Guillaume Jouanjan <gj...@sqli.com> on 2011/08/30 10:18:45 UTC
[JBoss][Spring][Apache CXF] Problems occuring when dynamic creation
of client with wsdl in https
Hello ,
First of all , sorry for my english , i'm a french developer.
My goal is to call dynamically web services method using a WSDL (the only
information i have + name of methods)
I've got a problem with the following code :
String urlWsdl = "
https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl
";
JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
newInstance();
Client clientWS = factory.createClient(urlWsdl);
I've got the following error :
10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet rmm-ata a
g´┐¢n´┐¢r´┐¢ une exception
java.security.cert.CertificateException: No subject alternative names
present
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
at
org.apache.cxf.resource.URIResolver.tryFileSystem(URIResolver.java:167)
at org.apache.cxf.resource.URIResolver.<init>(URIResolver.java:90)
at
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(DynamicClientFactory.java:561)
at
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:259)
at
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:204)
at
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:197)
at
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:152)
at
com.airbus.rmm.controller.ManualController.send(ManualController.java:174)
I have specified a http conduit in spring configuration file but it seems
that information inside is not managed and the disableCNCheck=false is still
active
my http-conduit conf :
<http:conduit name="*.http-conduit">
<http:tlsClientParameters secureSocketProtocol="TLS"
disableCNCheck="true">
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="../classes/server.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="../classes/server.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
<sec:UserName>nandana</sec:UserName>
<sec:Password>password</sec:Password>
</http:authorization>
<http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http:conduit>
Thanks for your help
Guillaume
--
* *
* *
*Guillaume JOUANJAN
*
*Chef de Projet Technique
*
*Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
*Bureau:* +33 (0)5 62 47 33 66
*
*
*
*
*
*
*www.sqli.com*
* *
*
*
*SQLI Toulouse*
7 avenue Didier DAURAT
BP 70118
31 704 BLAGNAC CEDEX
*Standard:* +33 (0)5 62 47 70 70
*Fax:* +33 (0)5 62 47 70 71
**
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation of client with wsdl in https
Posted by Daniel Kulp <dk...@apache.org>.
On Wednesday, August 31, 2011 8:39:43 AM Guillaume Jouanjan wrote:
> Ok
>
> thanks for the answer , i've created the JIRA
> CXF-3781<https://issues.apache.org/jira/browse/CXF-3781>
I kind of got board waiting last night while watching the RedSox lose :-( and
had already created:
https://issues.apache.org/jira/browse/CXF-3780
and even committed a fix for it. :-)
Is there any chance you can test the latest snapshots to see if it actually
fixes the issues?
Thanks!
Dan
>
> Regards,
>
> Guillaume
>
> 2011/8/31 Daniel Kulp <dk...@apache.org>
>
> > On Wednesday, August 31, 2011 9:04:20 AM Willem Jiang wrote:
> > > Maybe you can consider to download the WSDL by using common http
> > > client
> > > and pass the WSDL url into the DynamicClientFactory to workaround
> > > this
> > > kind of issue.
> > >
> > > BTW, I doubt that http-conf setting can't affect the WSDL4J which
> > > loads
> > > the WSDL from the server.
> >
> > WSDL4J calls out to us to load the WSDL and we do use our own conduits
> > for downloading them in the case of https. Thus, it should work fine.
> >
> > HOWEVER, this is a bug in the DynamicClient. The dynamic client tries
> > to validate the wsdlLocation (and turn it into a URL) prior to sending
> > it into the CXF code and THAT part doesn't take into account the
> > conduit settings.
> >
> > Can you log a JIRA for this?
> >
> >
> > Dan
> >
> > > On 8/31/11 12:50 AM, Guillaume Jouanjan wrote:
> > > > I've tried with this regex too and it doesn't work :'(
> > > >
> > > > I've looking a lot of post on internet but it seems that i am
> > > > the only one who try to call dynamically web services in https
> > > > :)
> > > >
> > > > Guillaume
> > > >
> > > > 2011/8/30 Daniel Kulp<dk...@apache.org>
> > > >
> > > >> The "name" for the http-conduit thing in the config is a full
> > > >> regex.
> > > >> Thus,
> > > >> you should be able to do something like:
> > > >>
> > > >> <http-conf name="https.*">
> > > >> ....
> > > >>
> > > >> to match all the https endpoints.
> > > >>
> > > >> Dan
> > > >>
> > > >> On Tuesday, August 30, 2011 2:33:43 PM Guillaume Jouanjan wrote:
> > > >>> Hi
> > > >>>
> > > >>> I've tried this but i've got the same error.
> > > >>>
> > > >>> org.springframework.web.util.NestedServletException: Request
> > > >>> processing failed; nested exception is
> > > >>> org.apache.cxf.service.factory.ServiceConstructionException:
> > > >>> Could
> > > >>> not
> > > >>> resolve URL
> > > >>> "
> >
> > https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> >
> > > >> Endp>>
> > > >>
> > > >>> oint?wsdl".
> > > >>
> > > >> org.springframework.web.servlet.FrameworkServlet.processReques
> > > >> t(Framew orkSe>>
> > > >>
> > > >>> rvlet.java:656)
> > > >>
> > > >> org.springframework.web.servlet.FrameworkServlet.doPost(Framew
> > > >> orkServl et.ja>>
> > > >>
> > > >>> va:560)
> > > >>> javax.servlet.http.HttpServlet.service(HttpServlet.java:637
> > > >>> )> > >>>
> > > >>> javax.servlet.http.HttpServlet.service(HttpSer
> > > >>> vlet.jav
> > > >>> a:717)
> > > >>
> > > >> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyH
> > > >> eaderFil ter.j>>
> > > >>
> > > >>> ava:96)
> > > >>>
> > > >>> *cause m�re*
> > > >>>
> > > >>> org.apache.cxf.service.factory.ServiceConstructionException:
> > > >>> Could
> > > >>> not
> > > >>> resolve URL
> > > >>> "
> >
> > https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> >
> > > >> Endp>>
> > > >>
> > > >>> oint?wsdl".
> > > >>
> > > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUr
> > > >> l(Dynami cClie>>
> > > >>
> > > >>> ntFactory.java:569)
> > > >>
> > > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createCli
> > > >> ent(Dyna micCl>>
> > > >>
> > > >>> ientFactory.java:259)
> > > >>
> > > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createCli
> > > >> ent(Dyna micCl>>
> > > >>
> > > >>> ientFactory.java:204)
> > > >>
> > > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createCli
> > > >> ent(Dyna micCl>>
> > > >>
> > > >>> ientFactory.java:197)
> > > >>
> > > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createCli
> > > >> ent(Dyna micCl>>
> > > >>
> > > >>> ientFactory.java:152)
> > > >>
> > > >> com.airbus.rmm.controller.ManualController.send(ManualControll
> > > >> er.java: 172)>>
> > > >>
> > > >>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > > >>>
> > > >>> sun.reflect.NativeMethodAccessorImpl.invoke(Un
> > > >>> known
> > > >>> Source)
> > > >>> sun.reflect.DelegatingMethodAccessorImpl.invok
> > > >>> e(Unknow
> > > >>> n Source)
> > > >>> java.lang.reflect.Method.invoke(Unknown
> > > >>> Source)
> > > >>
> > > >> org.springframework.web.bind.annotation.support.HandlerMethodI
> > > >> nvoker.i nvoke>>
> > > >>
> > > >>> HandlerMethod(HandlerMethodInvoker.java:176)
> > > >>
> > > >> org.springframework.web.servlet.mvc.annotation.AnnotationMetho
> > > >> dHandler Adapt>>
> > > >>
> > > >>> er.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:4
> > > >>> 26)
> > > >>
> > > >> org.springframework.web.servlet.mvc.annotation.AnnotationMetho
> > > >> dHandler Adapt>>
> > > >>
> > > >>> er.handle(AnnotationMethodHandlerAdapter.java:414)
> > > >>
> > > >> org.springframework.web.servlet.DispatcherServlet.doDispatch(D
> > > >> ispatche rServ>>
> > > >>
> > > >>> let.java:790)
> > > >>
> > > >> org.springframework.web.servlet.DispatcherServlet.doService(Di
> > > >> spatcher Servl>>
> > > >>
> > > >>> et.java:719)
> > > >>
> > > >> org.springframework.web.servlet.FrameworkServlet.processReques
> > > >> t(Framew orkSe>>
> > > >>
> > > >>> rvlet.java:644)
> > > >>
> > > >> org.springframework.web.servlet.FrameworkServlet.doPost(Framew
> > > >> orkServl et.ja>>
> > > >>
> > > >>> va:560)
> > > >>> javax.servlet.http.HttpServlet.service(HttpServlet.java:637
> > > >>> )> > >>>
> > > >>> javax.servlet.http.HttpServlet.service(HttpSer
> > > >>> vlet.jav
> > > >>> a:717)
> > > >>
> > > >> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyH
> > > >> eaderFil ter.j>>
> > > >>
> > > >>> ava:96)
> > > >>>
> > > >>> *cause m�re*
> > > >>>
> > > >>> javax.net.ssl.SSLHandshakeException:
> > > >>> java.security.cert.CertificateException: No subject
> > > >>> alternative
> > > >>> names
> > > >>> present
> > > >>>
> > > >>> com.sun.net.ssl.internal.ssl.Alerts.getSSLExce
> > > >>> ption(Un
> > > >>> known Source)
> > > >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fat
> > > >>> al(Unkn
> > > >>> own Source)>>>
> > > >>>
> > > >>> The "mother cause" seems to be the
> > > >>>
> > > >>> Could not resolve URL
> > > >>> "
> >
> > https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> >
> > > >> Endpo>>
> > > >>
> > > >>> int?wsdl
> > > >>>
> > > >>> but with internet explorer the url is good (after accepting
> > > >>> certificates)
> > > >>>
> > > >>> Moreover url of WSDL is calculated dynamically because end
> > > >>> user set
> > > >>
> > > >> himself
> > > >>
> > > >>> via HMI the url of Web Service (i.e :
> > > >>> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only
> > > >>> add the
> > > >>
> > > >> endpoint
> > > >>
> > > >>> + ? wsdl
> > > >>>
> > > >>> (i don't know if i can made a 'response to all', please say
> > > >>> it me if i
> > > >>
> > > >> can't
> > > >>
> > > >>> ;) )
> > > >>>
> > > >>> Guillaume
> > > >>>
> > > >>> 2011/8/30 Freeman Fang<fr...@gmail.com>
> > > >>>
> > > >>>> Hi,
> > > >>>>
> > > >>>> Looks like the error occurs when you try to download
> > > >>>> remote wsdl,
> > > >>>> which also need authentication.
> > > >>>> However the "{WSDL Namespace}portName" would never work
> > > >>>> for
> > > >>>> downloading the wsdl as the portName is unknown at that
> > > >>>> point.
> > > >>>> You need change your http:conduit like
> > > >>>> <http-conf:conduit
> > > >>>> name="https://10.33.30.138:**8443/.*<https://10.33.30.138:
> > > >>>> 8443/.*>
> > > >>>>
> > > >>>> ">
> > > >>>>
> > > >>>> the "https" prefix here is important.
> > > >>>>
> > > >>>> You can take a look at [1] to get more details there.
> > > >>>> [1]https://issues.apache.org/**jira/browse/CXF-3421<
> > > >>
> > > >> https://issues.apach
> > > >>
> > > >>>> e.org/jira/browse/CXF-3421>
> > > >>>>
> > > >>>> Freeman
> > > >>>>
> > > >>>> On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
> > > >>>> Hello ,
> > > >>>>>
> > > >>>>> First of all , sorry for my english , i'm a french
> > > >>>>> developer.
> > > >>>>>
> > > >>>>> My goal is to call dynamically web services method using
> > > >>>>> a WSDL
> > > >>>>> (the
> > > >>>>> only information i have + name of methods)
> > > >>>>>
> > > >>>>> I've got a problem with the following code :
> > > >>>>>
> > > >>>>> String urlWsdl = "
> > > >>>>> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
> > > >>>>> LogbookWSHttpSoap12Endpoint?**wsdl<
> > > >>
> > > >> https://10.33.30.138:8443/eLBG-Serv
> > > >>
> > > >>>>> er/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl> ";
> > > >>>>> JaxWsDynamicClientFactory factory =
> > > >>>>> JaxWsDynamicClientFactory.
> > > >>>>> newInstance();
> > > >>>>> Client clientWS = factory.createClient(urlWsdl);
> > > >>>>>
> > > >>>>> I've got the following error :
> > > >>>>>
> > > >>>>> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour
> > > >>>>> la
> > > >>>>> servlet
> > > >>>>> rmm-ata a
> > > >>>>> g´┐¢n´┐¢r´┐¢ une exception
> > > >>>>> java.security.cert.**CertificateException: No subject
> > > >>>>> alternative
> > > >>>>> names
> > > >>>>> present
> > > >>>>>
> > > >>>>> at
> > > >>>>> sun.security.util.**HostnameChecker.matchI
> > > >>>>> P(**Unk
> > > >>>>> nown
> > > >>>>> Source)
> > > >>>>> at
> > > >>>>> sun.security.util.**HostnameChecker.match(
> > > >>>>> Unknown
> > > >>>>> Source)
> > > >>>>> at
> > > >>>>>
> > > >>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> > > >>>>> checkIdentity(Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> > > >>>>> checkServerTrusted(Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
> > > >>>>> serverCertificate(Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**proces
> > > >>>>> sMessage
> > > >>>>> (Unkno wn
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>> com.sun.net.ssl.internal.ssl.**Handshaker.
> > > >>>>> processL
> > > >>>>> oop(Unk
> > > >>>>> nown
> > > >>>>>
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>> com.sun.net.ssl.internal.ssl.**Handshaker.
> > > >>>>> process_
> > > >>>>> record(
> > > >>>>> **
> > > >>>>>
> > > >>>>> Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketIm
> > > >>>>> pl.readR
> > > >>>>> ecord(*
> > > >>>>> *
> > > >>>>>
> > > >>>>> Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performIn
> > > >>>>> itialHan
> > > >>>>> dshake (** Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketIm
> > > >>>>> pl.start
> > > >>>>> Handsha
> > > >>>>> ke(**
> > > >>>>>
> > > >>>>> Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketIm
> > > >>>>> pl.start
> > > >>>>> Handsha
> > > >>>>> ke(**
> > > >>>>>
> > > >>>>> Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>> sun.net.www.protocol.https.**HttpsClient.a
> > > >>>>> fterConn
> > > >>>>> ect(**U
> > > >>>>> nknown
> > > >>>>>
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> sun.net.www.protocol.https.**AbstractDelegateHttpsURLCon
> > > >>>>> nec**
> > > >>>>> tion.connect(Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> sun.net.www.protocol.http.**HttpURLConnection.**getInput
> > > >>>>> Stream(U
> > > >>>>> nknown Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
> > > >>>>> getInputStream(Unknown
> > > >>>>> Source)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
> > > >>>>> URIResolver.java:167)
> > > >>>>>
> > > >>>>> at
> > > >>>>> org.apache.cxf.resource.**URIResolver.<in
> > > >>>>> it>(**
> > > >>>>>
> > > >>>>> URIResolver.java:90)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.*
> > > >>>>> *compose
> > > >>>>> Url(** DynamicClientFactory.java:561)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.*
> > > >>>>> *createC
> > > >>>>> lient( **
> > > >>>>> DynamicClientFactory.java:259)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.*
> > > >>>>> *createC
> > > >>>>> lient( **
> > > >>>>> DynamicClientFactory.java:204)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.*
> > > >>>>> *createC
> > > >>>>> lient( **
> > > >>>>> DynamicClientFactory.java:197)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.*
> > > >>>>> *createC
> > > >>>>> lient( **
> > > >>>>> DynamicClientFactory.java:152)
> > > >>>>>
> > > >>>>> at
> > > >>>>>
> > > >>>>> com.airbus.rmm.controller.**ManualController.send(**
> > > >>>>> ManualController.java:174)
> > > >>>>>
> > > >>>>> I have specified a http conduit in spring configuration
> > > >>>>> file but
> > > >>>>> it
> > > >>>>> seems that information inside is not managed and the
> > > >>>>> disableCNCheck=false is still
> > > >>>>> active
> > > >>>>>
> > > >>>>> my http-conduit conf :
> > > >>>>>
> > > >>>>> <http:conduit name="*.http-conduit">
> > > >>>>>
> > > >>>>> <http:tlsClientParameters
> > > >>>>> secureSocketProtocol="TLS"
> > > >>>>>
> > > >>>>> disableCNCheck="true">
> > > >>>>>
> > > >>>>> <sec:keyManagers
> > > >>>>> keyPassword="password">
> > > >>>>>
> > > >>>>> <sec:keyStore type="JKS"
> > > >>>>> password="password"
> > > >>>>>
> > > >>>>> file="../classes/s
> > > >>>>> erver.jk
> > > >>>>> s"/>
> > > >>>>>
> > > >>>>> </sec:keyManagers>
> > > >>>>> <sec:trustManagers>
> > > >>>>>
> > > >>>>> <sec:keyStore type="JKS"
> > > >>>>> password="password"
> > > >>>>>
> > > >>>>> file="../classes/ser
> > > >>>>> ver.jks"
> > > >>>>> />
> > > >>>>>
> > > >>>>> </sec:trustManagers>
> > > >>>>> <sec:cipherSuitesFilter>
> > > >>>>>
> > > >>>>> <!-- these filters ensure that a
> > > >>>>> ciphersuite with
> > > >>>>>
> > > >>>>> export-suitable or null
> > > >>>>> encryption is
> > > >>>>> used,
> > > >>>>> but exclude anonymous
> > > >>>>> Diffie-Hellman
> > > >>>>> key
> > > >>>>> change as
> > > >>>>> this is vulnerable to
> > > >>>>> man-in-the-middle
> > > >>>>> attacks -->
> > > >>>>>
> > > >>>>> <sec:include>.*_EXPORT_.*</**sec:i
> > > >>>>> nclude>
> > > >>>>> <sec:include>.*_EXPORT1024_.*<**/s
> > > >>>>> ec:inclu
> > > >>>>> de>
> > > >>>>> <sec:include>.*_WITH_DES_.*</**sec
> > > >>>>> :include
> > > >>>>>
> > > >>>>> <sec:include>.*_WITH_NULL_.*</**se
> > > >>>>> c:includ
> > > >>>>> e>
> > > >>>>> <sec:exclude>.*_DH_anon_.*</**sec:
> > > >>>>> exclude>
> > > >>>>>
> > > >>>>> </sec:cipherSuitesFilter>
> > > >>>>>
> > > >>>>> </http:tlsClientParameters>
> > > >>>>> <http:authorization>
> > > >>>>>
> > > >>>>> <sec:UserName>nandana</sec:**UserName>
> > > >>>>> <sec:Password>password</sec:**Password>
> > > >>>>>
> > > >>>>> </http:authorization>
> > > >>>>> <http:client AutoRedirect="true"
> > > >>>>> Connection="Keep-Alive"/>
> > > >>>>>
> > > >>>>> </http:conduit>
> > > >>>>>
> > > >>>>> Thanks for your help
> > > >>>>>
> > > >>>>> Guillaume
> > > >>>>>
> > > >>>>>
> > > >>>>> --
> > > >>>>>
> > > >>>>> * *
> > > >>>>>
> > > >>>>> * *
> > > >>>>>
> > > >>>>> *Guillaume JOUANJAN
> > > >>>>> *
> > > >>>>>
> > > >>>>> *Chef de Projet Technique
> > > >>>>> *
> > > >>>>>
> > > >>>>> *Email:* gjouanjan@sqli.com
> > > >>>>> *<gj...@sqli.com>*
> > > >>>>>
> > > >>>>> *Bureau:* +33 (0)5 62 47 33 66
> > > >>>>>
> > > >>>>> *
> > > >>>>> *
> > > >>>>>
> > > >>>>> *
> > > >>>>> *
> > > >>>>>
> > > >>>>> *
> > > >>>>> *
> > > >>>>>
> > > >>>>> *www.sqli.com*
> > > >>>>>
> > > >>>>> * *
> > > >>>>>
> > > >>>>> *
> > > >>>>> *
> > > >>>>>
> > > >>>>> *SQLI Toulouse*
> > > >>>>>
> > > >>>>> 7 avenue Didier DAURAT
> > > >>>>> BP 70118
> > > >>>>> 31 704 BLAGNAC CEDEX
> > > >>>>>
> > > >>>>> *Standard:* +33 (0)5 62 47 70 70
> > > >>>>> *Fax:* +33 (0)5 62 47 70 71
> > > >>>>>
> > > >>>>> **
> > > >>>>
> > > >>>> ------------------------------**---------------
> > > >>>> Freeman Fang
> > > >>>>
> > > >>>> FuseSource
> > > >>>> Email:ffang@fusesource.com
> > > >>>> Web: fusesource.com
> > > >>>> Twitter: freemanfang
> > > >>>> Blog: http://freemanfang.blogspot.**com
> > > >>>> <http://freemanfang.blogspot.com>
> > > >>
> > > >> --
> > > >> Daniel Kulp
> > > >> dkulp@apache.org
> > > >> http://dankulp.com/blog
> > > >> Talend - http://www.talend.com
> >
> > --
> > Daniel Kulp
> > dkulp@apache.org
> > http://dankulp.com/blog
> > Talend - http://www.talend.com
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic
creation of client with wsdl in https
Posted by Guillaume Jouanjan <gj...@sqli.com>.
Ok
thanks for the answer , i've created the JIRA
CXF-3781<https://issues.apache.org/jira/browse/CXF-3781>
Regards,
Guillaume
2011/8/31 Daniel Kulp <dk...@apache.org>
> On Wednesday, August 31, 2011 9:04:20 AM Willem Jiang wrote:
> > Maybe you can consider to download the WSDL by using common http client
> > and pass the WSDL url into the DynamicClientFactory to workaround this
> > kind of issue.
> >
> > BTW, I doubt that http-conf setting can't affect the WSDL4J which loads
> > the WSDL from the server.
>
> WSDL4J calls out to us to load the WSDL and we do use our own conduits for
> downloading them in the case of https. Thus, it should work fine.
>
> HOWEVER, this is a bug in the DynamicClient. The dynamic client tries to
> validate the wsdlLocation (and turn it into a URL) prior to sending it into
> the CXF code and THAT part doesn't take into account the conduit settings.
>
> Can you log a JIRA for this?
>
>
> Dan
>
>
> > On 8/31/11 12:50 AM, Guillaume Jouanjan wrote:
> > > I've tried with this regex too and it doesn't work :'(
> > >
> > > I've looking a lot of post on internet but it seems that i am the only
> > > one who try to call dynamically web services in https :)
> > >
> > > Guillaume
> > >
> > > 2011/8/30 Daniel Kulp<dk...@apache.org>
> > >
> > >> The "name" for the http-conduit thing in the config is a full regex.
> > >> Thus,
> > >> you should be able to do something like:
> > >>
> > >> <http-conf name="https.*">
> > >> ....
> > >>
> > >> to match all the https endpoints.
> > >>
> > >> Dan
> > >>
> > >> On Tuesday, August 30, 2011 2:33:43 PM Guillaume Jouanjan wrote:
> > >>> Hi
> > >>>
> > >>> I've tried this but i've got the same error.
> > >>>
> > >>> org.springframework.web.util.NestedServletException: Request
> > >>> processing failed; nested exception is
> > >>> org.apache.cxf.service.factory.ServiceConstructionException: Could
> > >>> not
> > >>> resolve URL
> > >>> "
> > >>
> > >>
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> > >> Endp>>
> > >>> oint?wsdl".
> > >>
> > >> org.springframework.web.servlet.FrameworkServlet.processRequest(Framew
> > >> orkSe>>
> > >>> rvlet.java:656)
> > >>
> > >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServl
> > >> et.ja>>
> > >>> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> > >>>
> > >>> javax.servlet.http.HttpServlet.service(HttpServlet.jav
> > >>> a:717)
> > >>
> > >> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFil
> > >> ter.j>>
> > >>> ava:96)
> > >>>
> > >>> *cause m�re*
> > >>>
> > >>> org.apache.cxf.service.factory.ServiceConstructionException: Could
> > >>> not
> > >>> resolve URL
> > >>> "
> > >>
> > >>
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> > >> Endp>>
> > >>> oint?wsdl".
> > >>
> > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(Dynami
> > >> cClie>>
> > >>> ntFactory.java:569)
> > >>
> > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> > >> micCl>>
> > >>> ientFactory.java:259)
> > >>
> > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> > >> micCl>>
> > >>> ientFactory.java:204)
> > >>
> > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> > >> micCl>>
> > >>> ientFactory.java:197)
> > >>
> > >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> > >> micCl>>
> > >>> ientFactory.java:152)
> > >>
> > >> com.airbus.rmm.controller.ManualController.send(ManualController.java:
> > >> 172)>>
> > >>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > >>>
> > >>> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> > >>> Source)
> > >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknow
> > >>> n Source)
> > >>> java.lang.reflect.Method.invoke(Unknown Source)
> > >>
> > >> org.springframework.web.bind.annotation.support.HandlerMethodInvoker.i
> > >> nvoke>>
> > >>> HandlerMethod(HandlerMethodInvoker.java:176)
> > >>
> > >> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandler
> > >> Adapt>>
> > >>> er.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
> > >>
> > >> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandler
> > >> Adapt>>
> > >>> er.handle(AnnotationMethodHandlerAdapter.java:414)
> > >>
> > >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatche
> > >> rServ>>
> > >>> let.java:790)
> > >>
> > >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatcher
> > >> Servl>>
> > >>> et.java:719)
> > >>
> > >> org.springframework.web.servlet.FrameworkServlet.processRequest(Framew
> > >> orkSe>>
> > >>> rvlet.java:644)
> > >>
> > >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServl
> > >> et.ja>>
> > >>> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> > >>>
> > >>> javax.servlet.http.HttpServlet.service(HttpServlet.jav
> > >>> a:717)
> > >>
> > >> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFil
> > >> ter.j>>
> > >>> ava:96)
> > >>>
> > >>> *cause m�re*
> > >>>
> > >>> javax.net.ssl.SSLHandshakeException:
> > >>> java.security.cert.CertificateException: No subject alternative
> > >>> names
> > >>> present
> > >>>
> > >>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Un
> > >>> known Source)
> > >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unkn
> > >>> own Source)>>>
> > >>> The "mother cause" seems to be the
> > >>>
> > >>> Could not resolve URL
> > >>> "
> > >>
> > >>
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> > >> Endpo>>
> > >>> int?wsdl
> > >>>
> > >>> but with internet explorer the url is good (after accepting
> > >>> certificates)
> > >>>
> > >>> Moreover url of WSDL is calculated dynamically because end user set
> > >>
> > >> himself
> > >>
> > >>> via HMI the url of Web Service (i.e :
> > >>> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only add the
> > >>
> > >> endpoint
> > >>
> > >>> + ? wsdl
> > >>>
> > >>> (i don't know if i can made a 'response to all', please say it me if
> > >>> i
> > >>
> > >> can't
> > >>
> > >>> ;) )
> > >>>
> > >>> Guillaume
> > >>>
> > >>> 2011/8/30 Freeman Fang<fr...@gmail.com>
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> Looks like the error occurs when you try to download remote wsdl,
> > >>>> which also need authentication.
> > >>>> However the "{WSDL Namespace}portName" would never work for
> > >>>> downloading the wsdl as the portName is unknown at that point.
> > >>>> You need change your http:conduit like
> > >>>> <http-conf:conduit
> > >>>> name="https://10.33.30.138:**8443/.*<https://10.33.30.138:8443/.*>
> > >>>> ">
> > >>>>
> > >>>> the "https" prefix here is important.
> > >>>>
> > >>>> You can take a look at [1] to get more details there.
> > >>>> [1]https://issues.apache.org/**jira/browse/CXF-3421<
> > >>
> > >> https://issues.apach
> > >>
> > >>>> e.org/jira/browse/CXF-3421>
> > >>>>
> > >>>> Freeman
> > >>>>
> > >>>> On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
> > >>>> Hello ,
> > >>>>>
> > >>>>> First of all , sorry for my english , i'm a french developer.
> > >>>>>
> > >>>>> My goal is to call dynamically web services method using a WSDL
> > >>>>> (the
> > >>>>> only information i have + name of methods)
> > >>>>>
> > >>>>> I've got a problem with the following code :
> > >>>>>
> > >>>>> String urlWsdl = "
> > >>>>> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
> > >>>>> LogbookWSHttpSoap12Endpoint?**wsdl<
> > >>
> > >> https://10.33.30.138:8443/eLBG-Serv
> > >>
> > >>>>> er/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl> ";
> > >>>>> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
> > >>>>> newInstance();
> > >>>>> Client clientWS = factory.createClient(urlWsdl);
> > >>>>>
> > >>>>> I've got the following error :
> > >>>>>
> > >>>>> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la
> > >>>>> servlet
> > >>>>> rmm-ata a
> > >>>>> g´┐¢n´┐¢r´┐¢ une exception
> > >>>>> java.security.cert.**CertificateException: No subject
> > >>>>> alternative
> > >>>>> names
> > >>>>> present
> > >>>>>
> > >>>>> at
> > >>>>> sun.security.util.**HostnameChecker.matchIP(**Unk
> > >>>>> nown
> > >>>>> Source)
> > >>>>> at
> > >>>>> sun.security.util.**HostnameChecker.match(Unknown
> > >>>>> Source)
> > >>>>> at
> > >>>>>
> > >>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> > >>>>> checkIdentity(Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> > >>>>> checkServerTrusted(Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
> > >>>>> serverCertificate(Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage
> > >>>>> (Unkno wn
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>> com.sun.net.ssl.internal.ssl.**Handshaker.processL
> > >>>>> oop(Unk
> > >>>>> nown
> > >>>>>
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>> com.sun.net.ssl.internal.ssl.**Handshaker.process_
> > >>>>> record(
> > >>>>> **
> > >>>>>
> > >>>>> Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readR
> > >>>>> ecord(*
> > >>>>> *
> > >>>>>
> > >>>>> Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHan
> > >>>>> dshake (** Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.start
> > >>>>> Handsha
> > >>>>> ke(**
> > >>>>>
> > >>>>> Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.start
> > >>>>> Handsha
> > >>>>> ke(**
> > >>>>>
> > >>>>> Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>> sun.net.www.protocol.https.**HttpsClient.afterConn
> > >>>>> ect(**U
> > >>>>> nknown
> > >>>>>
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
> > >>>>> tion.connect(Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(U
> > >>>>> nknown Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
> > >>>>> getInputStream(Unknown
> > >>>>> Source)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
> > >>>>> URIResolver.java:167)
> > >>>>>
> > >>>>> at org.apache.cxf.resource.**URIResolver.<init>(**
> > >>>>>
> > >>>>> URIResolver.java:90)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**compose
> > >>>>> Url(** DynamicClientFactory.java:561)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> > >>>>> lient( **
> > >>>>> DynamicClientFactory.java:259)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> > >>>>> lient( **
> > >>>>> DynamicClientFactory.java:204)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> > >>>>> lient( **
> > >>>>> DynamicClientFactory.java:197)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> > >>>>> lient( **
> > >>>>> DynamicClientFactory.java:152)
> > >>>>>
> > >>>>> at
> > >>>>>
> > >>>>> com.airbus.rmm.controller.**ManualController.send(**
> > >>>>> ManualController.java:174)
> > >>>>>
> > >>>>> I have specified a http conduit in spring configuration file but
> > >>>>> it
> > >>>>> seems that information inside is not managed and the
> > >>>>> disableCNCheck=false is still
> > >>>>> active
> > >>>>>
> > >>>>> my http-conduit conf :
> > >>>>>
> > >>>>> <http:conduit name="*.http-conduit">
> > >>>>>
> > >>>>> <http:tlsClientParameters
> > >>>>> secureSocketProtocol="TLS"
> > >>>>>
> > >>>>> disableCNCheck="true">
> > >>>>>
> > >>>>> <sec:keyManagers keyPassword="password">
> > >>>>>
> > >>>>> <sec:keyStore type="JKS"
> > >>>>> password="password"
> > >>>>>
> > >>>>> file="../classes/server.jk
> > >>>>> s"/>
> > >>>>>
> > >>>>> </sec:keyManagers>
> > >>>>> <sec:trustManagers>
> > >>>>>
> > >>>>> <sec:keyStore type="JKS"
> > >>>>> password="password"
> > >>>>>
> > >>>>> file="../classes/server.jks"
> > >>>>> />
> > >>>>>
> > >>>>> </sec:trustManagers>
> > >>>>> <sec:cipherSuitesFilter>
> > >>>>>
> > >>>>> <!-- these filters ensure that a
> > >>>>> ciphersuite with
> > >>>>>
> > >>>>> export-suitable or null encryption is
> > >>>>> used,
> > >>>>> but exclude anonymous Diffie-Hellman
> > >>>>> key
> > >>>>> change as
> > >>>>> this is vulnerable to
> > >>>>> man-in-the-middle
> > >>>>> attacks -->
> > >>>>>
> > >>>>> <sec:include>.*_EXPORT_.*</**sec:include>
> > >>>>> <sec:include>.*_EXPORT1024_.*<**/sec:inclu
> > >>>>> de>
> > >>>>> <sec:include>.*_WITH_DES_.*</**sec:include
> > >>>>> >
> > >>>>> <sec:include>.*_WITH_NULL_.*</**sec:includ
> > >>>>> e>
> > >>>>> <sec:exclude>.*_DH_anon_.*</**sec:exclude>
> > >>>>>
> > >>>>> </sec:cipherSuitesFilter>
> > >>>>>
> > >>>>> </http:tlsClientParameters>
> > >>>>> <http:authorization>
> > >>>>>
> > >>>>> <sec:UserName>nandana</sec:**UserName>
> > >>>>> <sec:Password>password</sec:**Password>
> > >>>>>
> > >>>>> </http:authorization>
> > >>>>> <http:client AutoRedirect="true"
> > >>>>> Connection="Keep-Alive"/>
> > >>>>>
> > >>>>> </http:conduit>
> > >>>>>
> > >>>>> Thanks for your help
> > >>>>>
> > >>>>> Guillaume
> > >>>>>
> > >>>>>
> > >>>>> --
> > >>>>>
> > >>>>> * *
> > >>>>>
> > >>>>> * *
> > >>>>>
> > >>>>> *Guillaume JOUANJAN
> > >>>>> *
> > >>>>>
> > >>>>> *Chef de Projet Technique
> > >>>>> *
> > >>>>>
> > >>>>> *Email:* gjouanjan@sqli.com *<gj...@sqli.com>*
> > >>>>>
> > >>>>> *Bureau:* +33 (0)5 62 47 33 66
> > >>>>>
> > >>>>> *
> > >>>>> *
> > >>>>>
> > >>>>> *
> > >>>>> *
> > >>>>>
> > >>>>> *
> > >>>>> *
> > >>>>>
> > >>>>> *www.sqli.com*
> > >>>>>
> > >>>>> * *
> > >>>>>
> > >>>>> *
> > >>>>> *
> > >>>>>
> > >>>>> *SQLI Toulouse*
> > >>>>>
> > >>>>> 7 avenue Didier DAURAT
> > >>>>> BP 70118
> > >>>>> 31 704 BLAGNAC CEDEX
> > >>>>>
> > >>>>> *Standard:* +33 (0)5 62 47 70 70
> > >>>>> *Fax:* +33 (0)5 62 47 70 71
> > >>>>>
> > >>>>> **
> > >>>>
> > >>>> ------------------------------**---------------
> > >>>> Freeman Fang
> > >>>>
> > >>>> FuseSource
> > >>>> Email:ffang@fusesource.com
> > >>>> Web: fusesource.com
> > >>>> Twitter: freemanfang
> > >>>> Blog: http://freemanfang.blogspot.**com
> > >>>> <http://freemanfang.blogspot.com>
> > >>
> > >> --
> > >> Daniel Kulp
> > >> dkulp@apache.org
> > >> http://dankulp.com/blog
> > >> Talend - http://www.talend.com
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
> Talend - http://www.talend.com
>
--
* *
* *
*Guillaume JOUANJAN
*
*Chef de Projet Technique
*
*Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
*Bureau:* +33 (0)5 62 47 33 66
*
*
*
*
*
*
*www.sqli.com*
* *
*
*
*SQLI Toulouse*
7 avenue Didier DAURAT
BP 70118
31 704 BLAGNAC CEDEX
*Standard:* +33 (0)5 62 47 70 70
*Fax:* +33 (0)5 62 47 70 71
**
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation of client with wsdl in https
Posted by Daniel Kulp <dk...@apache.org>.
On Wednesday, August 31, 2011 9:04:20 AM Willem Jiang wrote:
> Maybe you can consider to download the WSDL by using common http client
> and pass the WSDL url into the DynamicClientFactory to workaround this
> kind of issue.
>
> BTW, I doubt that http-conf setting can't affect the WSDL4J which loads
> the WSDL from the server.
WSDL4J calls out to us to load the WSDL and we do use our own conduits for
downloading them in the case of https. Thus, it should work fine.
HOWEVER, this is a bug in the DynamicClient. The dynamic client tries to
validate the wsdlLocation (and turn it into a URL) prior to sending it into
the CXF code and THAT part doesn't take into account the conduit settings.
Can you log a JIRA for this?
Dan
> On 8/31/11 12:50 AM, Guillaume Jouanjan wrote:
> > I've tried with this regex too and it doesn't work :'(
> >
> > I've looking a lot of post on internet but it seems that i am the only
> > one who try to call dynamically web services in https :)
> >
> > Guillaume
> >
> > 2011/8/30 Daniel Kulp<dk...@apache.org>
> >
> >> The "name" for the http-conduit thing in the config is a full regex.
> >> Thus,
> >> you should be able to do something like:
> >>
> >> <http-conf name="https.*">
> >> ....
> >>
> >> to match all the https endpoints.
> >>
> >> Dan
> >>
> >> On Tuesday, August 30, 2011 2:33:43 PM Guillaume Jouanjan wrote:
> >>> Hi
> >>>
> >>> I've tried this but i've got the same error.
> >>>
> >>> org.springframework.web.util.NestedServletException: Request
> >>> processing failed; nested exception is
> >>> org.apache.cxf.service.factory.ServiceConstructionException: Could
> >>> not
> >>> resolve URL
> >>> "
> >>
> >> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> >> Endp>>
> >>> oint?wsdl".
> >>
> >> org.springframework.web.servlet.FrameworkServlet.processRequest(Framew
> >> orkSe>>
> >>> rvlet.java:656)
> >>
> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServl
> >> et.ja>>
> >>> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> >>>
> >>> javax.servlet.http.HttpServlet.service(HttpServlet.jav
> >>> a:717)
> >>
> >> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFil
> >> ter.j>>
> >>> ava:96)
> >>>
> >>> *cause m�re*
> >>>
> >>> org.apache.cxf.service.factory.ServiceConstructionException: Could
> >>> not
> >>> resolve URL
> >>> "
> >>
> >> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> >> Endp>>
> >>> oint?wsdl".
> >>
> >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(Dynami
> >> cClie>>
> >>> ntFactory.java:569)
> >>
> >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> >> micCl>>
> >>> ientFactory.java:259)
> >>
> >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> >> micCl>>
> >>> ientFactory.java:204)
> >>
> >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> >> micCl>>
> >>> ientFactory.java:197)
> >>
> >> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(Dyna
> >> micCl>>
> >>> ientFactory.java:152)
> >>
> >> com.airbus.rmm.controller.ManualController.send(ManualController.java:
> >> 172)>>
> >>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>>
> >>> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
> >>> Source)
> >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknow
> >>> n Source)
> >>> java.lang.reflect.Method.invoke(Unknown Source)
> >>
> >> org.springframework.web.bind.annotation.support.HandlerMethodInvoker.i
> >> nvoke>>
> >>> HandlerMethod(HandlerMethodInvoker.java:176)
> >>
> >> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandler
> >> Adapt>>
> >>> er.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
> >>
> >> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandler
> >> Adapt>>
> >>> er.handle(AnnotationMethodHandlerAdapter.java:414)
> >>
> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatche
> >> rServ>>
> >>> let.java:790)
> >>
> >> org.springframework.web.servlet.DispatcherServlet.doService(Dispatcher
> >> Servl>>
> >>> et.java:719)
> >>
> >> org.springframework.web.servlet.FrameworkServlet.processRequest(Framew
> >> orkSe>>
> >>> rvlet.java:644)
> >>
> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServl
> >> et.ja>>
> >>> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> >>>
> >>> javax.servlet.http.HttpServlet.service(HttpServlet.jav
> >>> a:717)
> >>
> >> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFil
> >> ter.j>>
> >>> ava:96)
> >>>
> >>> *cause m�re*
> >>>
> >>> javax.net.ssl.SSLHandshakeException:
> >>> java.security.cert.CertificateException: No subject alternative
> >>> names
> >>> present
> >>>
> >>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Un
> >>> known Source)
> >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unkn
> >>> own Source)>>>
> >>> The "mother cause" seems to be the
> >>>
> >>> Could not resolve URL
> >>> "
> >>
> >> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12
> >> Endpo>>
> >>> int?wsdl
> >>>
> >>> but with internet explorer the url is good (after accepting
> >>> certificates)
> >>>
> >>> Moreover url of WSDL is calculated dynamically because end user set
> >>
> >> himself
> >>
> >>> via HMI the url of Web Service (i.e :
> >>> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only add the
> >>
> >> endpoint
> >>
> >>> + ? wsdl
> >>>
> >>> (i don't know if i can made a 'response to all', please say it me if
> >>> i
> >>
> >> can't
> >>
> >>> ;) )
> >>>
> >>> Guillaume
> >>>
> >>> 2011/8/30 Freeman Fang<fr...@gmail.com>
> >>>
> >>>> Hi,
> >>>>
> >>>> Looks like the error occurs when you try to download remote wsdl,
> >>>> which also need authentication.
> >>>> However the "{WSDL Namespace}portName" would never work for
> >>>> downloading the wsdl as the portName is unknown at that point.
> >>>> You need change your http:conduit like
> >>>> <http-conf:conduit
> >>>> name="https://10.33.30.138:**8443/.*<https://10.33.30.138:8443/.*>
> >>>> ">
> >>>>
> >>>> the "https" prefix here is important.
> >>>>
> >>>> You can take a look at [1] to get more details there.
> >>>> [1]https://issues.apache.org/**jira/browse/CXF-3421<
> >>
> >> https://issues.apach
> >>
> >>>> e.org/jira/browse/CXF-3421>
> >>>>
> >>>> Freeman
> >>>>
> >>>> On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
> >>>> Hello ,
> >>>>>
> >>>>> First of all , sorry for my english , i'm a french developer.
> >>>>>
> >>>>> My goal is to call dynamically web services method using a WSDL
> >>>>> (the
> >>>>> only information i have + name of methods)
> >>>>>
> >>>>> I've got a problem with the following code :
> >>>>>
> >>>>> String urlWsdl = "
> >>>>> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
> >>>>> LogbookWSHttpSoap12Endpoint?**wsdl<
> >>
> >> https://10.33.30.138:8443/eLBG-Serv
> >>
> >>>>> er/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl> ";
> >>>>> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
> >>>>> newInstance();
> >>>>> Client clientWS = factory.createClient(urlWsdl);
> >>>>>
> >>>>> I've got the following error :
> >>>>>
> >>>>> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la
> >>>>> servlet
> >>>>> rmm-ata a
> >>>>> g´┐¢n´┐¢r´┐¢ une exception
> >>>>> java.security.cert.**CertificateException: No subject
> >>>>> alternative
> >>>>> names
> >>>>> present
> >>>>>
> >>>>> at
> >>>>> sun.security.util.**HostnameChecker.matchIP(**Unk
> >>>>> nown
> >>>>> Source)
> >>>>> at
> >>>>> sun.security.util.**HostnameChecker.match(Unknown
> >>>>> Source)
> >>>>> at
> >>>>>
> >>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> >>>>> checkIdentity(Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> >>>>> checkServerTrusted(Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
> >>>>> serverCertificate(Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage
> >>>>> (Unkno wn
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>> com.sun.net.ssl.internal.ssl.**Handshaker.processL
> >>>>> oop(Unk
> >>>>> nown
> >>>>>
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>> com.sun.net.ssl.internal.ssl.**Handshaker.process_
> >>>>> record(
> >>>>> **
> >>>>>
> >>>>> Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readR
> >>>>> ecord(*
> >>>>> *
> >>>>>
> >>>>> Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHan
> >>>>> dshake (** Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.start
> >>>>> Handsha
> >>>>> ke(**
> >>>>>
> >>>>> Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.start
> >>>>> Handsha
> >>>>> ke(**
> >>>>>
> >>>>> Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>> sun.net.www.protocol.https.**HttpsClient.afterConn
> >>>>> ect(**U
> >>>>> nknown
> >>>>>
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
> >>>>> tion.connect(Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(U
> >>>>> nknown Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
> >>>>> getInputStream(Unknown
> >>>>> Source)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
> >>>>> URIResolver.java:167)
> >>>>>
> >>>>> at org.apache.cxf.resource.**URIResolver.<init>(**
> >>>>>
> >>>>> URIResolver.java:90)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**compose
> >>>>> Url(** DynamicClientFactory.java:561)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> >>>>> lient( **
> >>>>> DynamicClientFactory.java:259)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> >>>>> lient( **
> >>>>> DynamicClientFactory.java:204)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> >>>>> lient( **
> >>>>> DynamicClientFactory.java:197)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createC
> >>>>> lient( **
> >>>>> DynamicClientFactory.java:152)
> >>>>>
> >>>>> at
> >>>>>
> >>>>> com.airbus.rmm.controller.**ManualController.send(**
> >>>>> ManualController.java:174)
> >>>>>
> >>>>> I have specified a http conduit in spring configuration file but
> >>>>> it
> >>>>> seems that information inside is not managed and the
> >>>>> disableCNCheck=false is still
> >>>>> active
> >>>>>
> >>>>> my http-conduit conf :
> >>>>>
> >>>>> <http:conduit name="*.http-conduit">
> >>>>>
> >>>>> <http:tlsClientParameters
> >>>>> secureSocketProtocol="TLS"
> >>>>>
> >>>>> disableCNCheck="true">
> >>>>>
> >>>>> <sec:keyManagers keyPassword="password">
> >>>>>
> >>>>> <sec:keyStore type="JKS"
> >>>>> password="password"
> >>>>>
> >>>>> file="../classes/server.jk
> >>>>> s"/>
> >>>>>
> >>>>> </sec:keyManagers>
> >>>>> <sec:trustManagers>
> >>>>>
> >>>>> <sec:keyStore type="JKS"
> >>>>> password="password"
> >>>>>
> >>>>> file="../classes/server.jks"
> >>>>> />
> >>>>>
> >>>>> </sec:trustManagers>
> >>>>> <sec:cipherSuitesFilter>
> >>>>>
> >>>>> <!-- these filters ensure that a
> >>>>> ciphersuite with
> >>>>>
> >>>>> export-suitable or null encryption is
> >>>>> used,
> >>>>> but exclude anonymous Diffie-Hellman
> >>>>> key
> >>>>> change as
> >>>>> this is vulnerable to
> >>>>> man-in-the-middle
> >>>>> attacks -->
> >>>>>
> >>>>> <sec:include>.*_EXPORT_.*</**sec:include>
> >>>>> <sec:include>.*_EXPORT1024_.*<**/sec:inclu
> >>>>> de>
> >>>>> <sec:include>.*_WITH_DES_.*</**sec:include
> >>>>> >
> >>>>> <sec:include>.*_WITH_NULL_.*</**sec:includ
> >>>>> e>
> >>>>> <sec:exclude>.*_DH_anon_.*</**sec:exclude>
> >>>>>
> >>>>> </sec:cipherSuitesFilter>
> >>>>>
> >>>>> </http:tlsClientParameters>
> >>>>> <http:authorization>
> >>>>>
> >>>>> <sec:UserName>nandana</sec:**UserName>
> >>>>> <sec:Password>password</sec:**Password>
> >>>>>
> >>>>> </http:authorization>
> >>>>> <http:client AutoRedirect="true"
> >>>>> Connection="Keep-Alive"/>
> >>>>>
> >>>>> </http:conduit>
> >>>>>
> >>>>> Thanks for your help
> >>>>>
> >>>>> Guillaume
> >>>>>
> >>>>>
> >>>>> --
> >>>>>
> >>>>> * *
> >>>>>
> >>>>> * *
> >>>>>
> >>>>> *Guillaume JOUANJAN
> >>>>> *
> >>>>>
> >>>>> *Chef de Projet Technique
> >>>>> *
> >>>>>
> >>>>> *Email:* gjouanjan@sqli.com *<gj...@sqli.com>*
> >>>>>
> >>>>> *Bureau:* +33 (0)5 62 47 33 66
> >>>>>
> >>>>> *
> >>>>> *
> >>>>>
> >>>>> *
> >>>>> *
> >>>>>
> >>>>> *
> >>>>> *
> >>>>>
> >>>>> *www.sqli.com*
> >>>>>
> >>>>> * *
> >>>>>
> >>>>> *
> >>>>> *
> >>>>>
> >>>>> *SQLI Toulouse*
> >>>>>
> >>>>> 7 avenue Didier DAURAT
> >>>>> BP 70118
> >>>>> 31 704 BLAGNAC CEDEX
> >>>>>
> >>>>> *Standard:* +33 (0)5 62 47 70 70
> >>>>> *Fax:* +33 (0)5 62 47 70 71
> >>>>>
> >>>>> **
> >>>>
> >>>> ------------------------------**---------------
> >>>> Freeman Fang
> >>>>
> >>>> FuseSource
> >>>> Email:ffang@fusesource.com
> >>>> Web: fusesource.com
> >>>> Twitter: freemanfang
> >>>> Blog: http://freemanfang.blogspot.**com
> >>>> <http://freemanfang.blogspot.com>
> >>
> >> --
> >> Daniel Kulp
> >> dkulp@apache.org
> >> http://dankulp.com/blog
> >> Talend - http://www.talend.com
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation
of client with wsdl in https
Posted by Willem Jiang <wi...@gmail.com>.
Maybe you can consider to download the WSDL by using common http client
and pass the WSDL url into the DynamicClientFactory to workaround this
kind of issue.
BTW, I doubt that http-conf setting can't affect the WSDL4J which loads
the WSDL from the server.
On 8/31/11 12:50 AM, Guillaume Jouanjan wrote:
> I've tried with this regex too and it doesn't work :'(
>
> I've looking a lot of post on internet but it seems that i am the only one
> who try to call dynamically web services in https :)
>
> Guillaume
>
> 2011/8/30 Daniel Kulp<dk...@apache.org>
>
>>
>> The "name" for the http-conduit thing in the config is a full regex.
>> Thus,
>> you should be able to do something like:
>>
>> <http-conf name="https.*">
>> ....
>>
>> to match all the https endpoints.
>>
>> Dan
>>
>>
>> On Tuesday, August 30, 2011 2:33:43 PM Guillaume Jouanjan wrote:
>>> Hi
>>>
>>> I've tried this but i've got the same error.
>>>
>>> org.springframework.web.util.NestedServletException: Request
>>> processing failed; nested exception is
>>> org.apache.cxf.service.factory.ServiceConstructionException: Could not
>>> resolve URL
>>> "
>> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
>>> oint?wsdl".
>>>
>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
>>> rvlet.java:656)
>>>
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
>>> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>>
>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
>>> ava:96)
>>>
>>> *cause m�re*
>>>
>>> org.apache.cxf.service.factory.ServiceConstructionException: Could not
>>> resolve URL
>>> "
>> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
>>> oint?wsdl".
>>>
>> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(DynamicClie
>>> ntFactory.java:569)
>>>
>> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
>>> ientFactory.java:259)
>>>
>> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
>>> ientFactory.java:204)
>>>
>> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
>>> ientFactory.java:197)
>>>
>> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
>>> ientFactory.java:152)
>>>
>> com.airbus.rmm.controller.ManualController.send(ManualController.java:172)
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>>> java.lang.reflect.Method.invoke(Unknown Source)
>>>
>> org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invoke
>>> HandlerMethod(HandlerMethodInvoker.java:176)
>>>
>> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
>>> er.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
>>>
>> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
>>> er.handle(AnnotationMethodHandlerAdapter.java:414)
>>>
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServ
>>> let.java:790)
>>>
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServl
>>> et.java:719)
>>>
>> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
>>> rvlet.java:644)
>>>
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
>>> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>>
>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
>>> ava:96)
>>>
>>> *cause m�re*
>>>
>>> javax.net.ssl.SSLHandshakeException:
>>> java.security.cert.CertificateException: No subject alternative names
>>> present
>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
>>>
>>> The "mother cause" seems to be the
>>>
>>> Could not resolve URL
>>> "
>> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpo
>>> int?wsdl
>>>
>>> but with internet explorer the url is good (after accepting certificates)
>>>
>>> Moreover url of WSDL is calculated dynamically because end user set
>> himself
>>> via HMI the url of Web Service (i.e :
>>> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only add the
>> endpoint
>>> + ? wsdl
>>>
>>> (i don't know if i can made a 'response to all', please say it me if i
>> can't
>>> ;) )
>>>
>>> Guillaume
>>>
>>> 2011/8/30 Freeman Fang<fr...@gmail.com>
>>>
>>>> Hi,
>>>>
>>>> Looks like the error occurs when you try to download remote wsdl, which
>>>> also need authentication.
>>>> However the "{WSDL Namespace}portName" would never work for downloading
>>>> the wsdl as the portName is unknown at that point.
>>>> You need change your http:conduit like
>>>> <http-conf:conduit
>>>> name="https://10.33.30.138:**8443/.*<https://10.33.30.138:8443/.*> ">
>>>>
>>>> the "https" prefix here is important.
>>>>
>>>> You can take a look at [1] to get more details there.
>>>> [1]https://issues.apache.org/**jira/browse/CXF-3421<
>> https://issues.apach
>>>> e.org/jira/browse/CXF-3421>
>>>>
>>>> Freeman
>>>>
>>>> On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
>>>> Hello ,
>>>>
>>>>> First of all , sorry for my english , i'm a french developer.
>>>>>
>>>>> My goal is to call dynamically web services method using a WSDL (the
>>>>> only information i have + name of methods)
>>>>>
>>>>> I've got a problem with the following code :
>>>>>
>>>>> String urlWsdl = "
>>>>> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
>>>>> LogbookWSHttpSoap12Endpoint?**wsdl<
>> https://10.33.30.138:8443/eLBG-Serv
>>>>> er/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl> ";
>>>>> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
>>>>> newInstance();
>>>>> Client clientWS = factory.createClient(urlWsdl);
>>>>>
>>>>> I've got the following error :
>>>>>
>>>>> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet
>>>>> rmm-ata a
>>>>> g´┐¢n´┐¢r´┐¢ une exception
>>>>> java.security.cert.**CertificateException: No subject alternative
>>>>> names
>>>>> present
>>>>>
>>>>> at sun.security.util.**HostnameChecker.matchIP(**Unknown
>>>>> Source)
>>>>> at sun.security.util.**HostnameChecker.match(Unknown
>>>>> Source)
>>>>> at
>>>>>
>>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
>>>>> checkIdentity(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
>>>>> checkServerTrusted(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
>>>>> serverCertificate(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage(Unkno
>>>>> wn
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.**Handshaker.processLoop(Unk
>>>>> nown
>>>>>
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.**Handshaker.process_record(
>>>>> **
>>>>>
>>>>> Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readRecord(*
>>>>> *
>>>>>
>>>>> Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHandshake
>>>>> (** Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
>>>>> ke(**
>>>>>
>>>>> Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
>>>>> ke(**
>>>>>
>>>>> Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.**HttpsClient.afterConnect(**U
>>>>> nknown
>>>>>
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
>>>>> tion.connect(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
>>>>> getInputStream(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>>
>>>>> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
>>>>> URIResolver.java:167)
>>>>>
>>>>> at org.apache.cxf.resource.**URIResolver.<init>(**
>>>>>
>>>>> URIResolver.java:90)
>>>>>
>>>>> at
>>>>>
>>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**composeUrl(**
>>>>> DynamicClientFactory.java:561)
>>>>>
>>>>> at
>>>>>
>>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
>>>>> **
>>>>> DynamicClientFactory.java:259)
>>>>>
>>>>> at
>>>>>
>>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
>>>>> **
>>>>> DynamicClientFactory.java:204)
>>>>>
>>>>> at
>>>>>
>>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
>>>>> **
>>>>> DynamicClientFactory.java:197)
>>>>>
>>>>> at
>>>>>
>>>>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
>>>>> **
>>>>> DynamicClientFactory.java:152)
>>>>>
>>>>> at
>>>>>
>>>>> com.airbus.rmm.controller.**ManualController.send(**
>>>>> ManualController.java:174)
>>>>>
>>>>> I have specified a http conduit in spring configuration file but it
>>>>> seems that information inside is not managed and the
>>>>> disableCNCheck=false is still
>>>>> active
>>>>>
>>>>> my http-conduit conf :
>>>>>
>>>>> <http:conduit name="*.http-conduit">
>>>>>
>>>>> <http:tlsClientParameters secureSocketProtocol="TLS"
>>>>>
>>>>> disableCNCheck="true">
>>>>>
>>>>> <sec:keyManagers keyPassword="password">
>>>>>
>>>>> <sec:keyStore type="JKS" password="password"
>>>>>
>>>>> file="../classes/server.jks"/>
>>>>>
>>>>> </sec:keyManagers>
>>>>> <sec:trustManagers>
>>>>>
>>>>> <sec:keyStore type="JKS" password="password"
>>>>>
>>>>> file="../classes/server.jks"/>
>>>>>
>>>>> </sec:trustManagers>
>>>>> <sec:cipherSuitesFilter>
>>>>>
>>>>> <!-- these filters ensure that a ciphersuite with
>>>>>
>>>>> export-suitable or null encryption is used,
>>>>> but exclude anonymous Diffie-Hellman key
>>>>> change as
>>>>> this is vulnerable to man-in-the-middle
>>>>> attacks -->
>>>>>
>>>>> <sec:include>.*_EXPORT_.*</**sec:include>
>>>>> <sec:include>.*_EXPORT1024_.*<**/sec:include>
>>>>> <sec:include>.*_WITH_DES_.*</**sec:include>
>>>>> <sec:include>.*_WITH_NULL_.*</**sec:include>
>>>>> <sec:exclude>.*_DH_anon_.*</**sec:exclude>
>>>>>
>>>>> </sec:cipherSuitesFilter>
>>>>>
>>>>> </http:tlsClientParameters>
>>>>> <http:authorization>
>>>>>
>>>>> <sec:UserName>nandana</sec:**UserName>
>>>>> <sec:Password>password</sec:**Password>
>>>>>
>>>>> </http:authorization>
>>>>> <http:client AutoRedirect="true" Connection="Keep-Alive"/>
>>>>>
>>>>> </http:conduit>
>>>>>
>>>>> Thanks for your help
>>>>>
>>>>> Guillaume
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> * *
>>>>>
>>>>> * *
>>>>>
>>>>> *Guillaume JOUANJAN
>>>>> *
>>>>>
>>>>> *Chef de Projet Technique
>>>>> *
>>>>>
>>>>> *Email:* gjouanjan@sqli.com *<gj...@sqli.com>*
>>>>>
>>>>> *Bureau:* +33 (0)5 62 47 33 66
>>>>>
>>>>> *
>>>>> *
>>>>>
>>>>> *
>>>>> *
>>>>>
>>>>> *
>>>>> *
>>>>>
>>>>> *www.sqli.com*
>>>>>
>>>>> * *
>>>>>
>>>>> *
>>>>> *
>>>>>
>>>>> *SQLI Toulouse*
>>>>>
>>>>> 7 avenue Didier DAURAT
>>>>> BP 70118
>>>>> 31 704 BLAGNAC CEDEX
>>>>>
>>>>> *Standard:* +33 (0)5 62 47 70 70
>>>>> *Fax:* +33 (0)5 62 47 70 71
>>>>>
>>>>> **
>>>>
>>>> ------------------------------**---------------
>>>> Freeman Fang
>>>>
>>>> FuseSource
>>>> Email:ffang@fusesource.com
>>>> Web: fusesource.com
>>>> Twitter: freemanfang
>>>> Blog: http://freemanfang.blogspot.**com
>>>> <http://freemanfang.blogspot.com>
>> --
>> Daniel Kulp
>> dkulp@apache.org
>> http://dankulp.com/blog
>> Talend - http://www.talend.com
>>
>
>
>
--
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Weibo: willemjiang
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic
creation of client with wsdl in https
Posted by Guillaume Jouanjan <gj...@sqli.com>.
I've tried with this regex too and it doesn't work :'(
I've looking a lot of post on internet but it seems that i am the only one
who try to call dynamically web services in https :)
Guillaume
2011/8/30 Daniel Kulp <dk...@apache.org>
>
> The "name" for the http-conduit thing in the config is a full regex.
> Thus,
> you should be able to do something like:
>
> <http-conf name="https.*">
> ....
>
> to match all the https endpoints.
>
> Dan
>
>
> On Tuesday, August 30, 2011 2:33:43 PM Guillaume Jouanjan wrote:
> > Hi
> >
> > I've tried this but i've got the same error.
> >
> > org.springframework.web.util.NestedServletException: Request
> > processing failed; nested exception is
> > org.apache.cxf.service.factory.ServiceConstructionException: Could not
> > resolve URL
> > "
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
> > oint?wsdl".
> >
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
> > rvlet.java:656)
> >
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
> > va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> >
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
> > ava:96)
> >
> > *cause m�re*
> >
> > org.apache.cxf.service.factory.ServiceConstructionException: Could not
> > resolve URL
> > "
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
> > oint?wsdl".
> >
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(DynamicClie
> > ntFactory.java:569)
> >
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> > ientFactory.java:259)
> >
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> > ientFactory.java:204)
> >
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> > ientFactory.java:197)
> >
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> > ientFactory.java:152)
> >
> com.airbus.rmm.controller.ManualController.send(ManualController.java:172)
> > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> > java.lang.reflect.Method.invoke(Unknown Source)
> >
> org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invoke
> > HandlerMethod(HandlerMethodInvoker.java:176)
> >
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
> > er.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
> >
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
> > er.handle(AnnotationMethodHandlerAdapter.java:414)
> >
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServ
> > let.java:790)
> >
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServl
> > et.java:719)
> >
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
> > rvlet.java:644)
> >
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
> > va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> >
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
> > ava:96)
> >
> > *cause m�re*
> >
> > javax.net.ssl.SSLHandshakeException:
> > java.security.cert.CertificateException: No subject alternative names
> > present
> > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> >
> > The "mother cause" seems to be the
> >
> > Could not resolve URL
> > "
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpo
> > int?wsdl
> >
> > but with internet explorer the url is good (after accepting certificates)
> >
> > Moreover url of WSDL is calculated dynamically because end user set
> himself
> > via HMI the url of Web Service (i.e :
> > https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only add the
> endpoint
> > + ? wsdl
> >
> > (i don't know if i can made a 'response to all', please say it me if i
> can't
> > ;) )
> >
> > Guillaume
> >
> > 2011/8/30 Freeman Fang <fr...@gmail.com>
> >
> > > Hi,
> > >
> > > Looks like the error occurs when you try to download remote wsdl, which
> > > also need authentication.
> > > However the "{WSDL Namespace}portName" would never work for downloading
> > > the wsdl as the portName is unknown at that point.
> > > You need change your http:conduit like
> > > <http-conf:conduit
> > > name="https://10.33.30.138:**8443/.*<https://10.33.30.138:8443/.*> ">
> > >
> > > the "https" prefix here is important.
> > >
> > > You can take a look at [1] to get more details there.
> > > [1]https://issues.apache.org/**jira/browse/CXF-3421<
> https://issues.apach
> > > e.org/jira/browse/CXF-3421>
> > >
> > > Freeman
> > >
> > > On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
> > > Hello ,
> > >
> > >> First of all , sorry for my english , i'm a french developer.
> > >>
> > >> My goal is to call dynamically web services method using a WSDL (the
> > >> only information i have + name of methods)
> > >>
> > >> I've got a problem with the following code :
> > >>
> > >> String urlWsdl = "
> > >> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
> > >> LogbookWSHttpSoap12Endpoint?**wsdl<
> https://10.33.30.138:8443/eLBG-Serv
> > >> er/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl> ";
> > >> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
> > >> newInstance();
> > >> Client clientWS = factory.createClient(urlWsdl);
> > >>
> > >> I've got the following error :
> > >>
> > >> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet
> > >> rmm-ata a
> > >> g´┐¢n´┐¢r´┐¢ une exception
> > >> java.security.cert.**CertificateException: No subject alternative
> > >> names
> > >> present
> > >>
> > >> at sun.security.util.**HostnameChecker.matchIP(**Unknown
> > >> Source)
> > >> at sun.security.util.**HostnameChecker.match(Unknown
> > >> Source)
> > >> at
> > >>
> > >> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> > >> checkIdentity(Unknown
> > >> Source)
> > >>
> > >> at
> > >>
> > >> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> > >> checkServerTrusted(Unknown
> > >> Source)
> > >>
> > >> at
> > >>
> > >> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
> > >> serverCertificate(Unknown
> > >> Source)
> > >>
> > >> at
> > >>
> > >> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage(Unkno
> > >> wn
> > >> Source)
> > >>
> > >> at
> > >> com.sun.net.ssl.internal.ssl.**Handshaker.processLoop(Unk
> > >> nown
> > >>
> > >> Source)
> > >>
> > >> at
> > >> com.sun.net.ssl.internal.ssl.**Handshaker.process_record(
> > >> **
> > >>
> > >> Unknown
> > >> Source)
> > >>
> > >> at
> > >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readRecord(*
> > >> *
> > >>
> > >> Unknown
> > >> Source)
> > >>
> > >> at
> > >>
> > >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHandshake
> > >> (** Unknown
> > >> Source)
> > >>
> > >> at
> > >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
> > >> ke(**
> > >>
> > >> Unknown
> > >> Source)
> > >>
> > >> at
> > >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
> > >> ke(**
> > >>
> > >> Unknown
> > >> Source)
> > >>
> > >> at
> > >> sun.net.www.protocol.https.**HttpsClient.afterConnect(**U
> > >> nknown
> > >>
> > >> Source)
> > >>
> > >> at
> > >>
> > >> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
> > >> tion.connect(Unknown
> > >> Source)
> > >>
> > >> at
> > >>
> > >> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(Unknown
> > >> Source)
> > >>
> > >> at
> > >>
> > >> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
> > >> getInputStream(Unknown
> > >> Source)
> > >>
> > >> at
> > >>
> > >> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
> > >> URIResolver.java:167)
> > >>
> > >> at org.apache.cxf.resource.**URIResolver.<init>(**
> > >>
> > >> URIResolver.java:90)
> > >>
> > >> at
> > >>
> > >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**composeUrl(**
> > >> DynamicClientFactory.java:561)
> > >>
> > >> at
> > >>
> > >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> > >> **
> > >> DynamicClientFactory.java:259)
> > >>
> > >> at
> > >>
> > >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> > >> **
> > >> DynamicClientFactory.java:204)
> > >>
> > >> at
> > >>
> > >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> > >> **
> > >> DynamicClientFactory.java:197)
> > >>
> > >> at
> > >>
> > >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> > >> **
> > >> DynamicClientFactory.java:152)
> > >>
> > >> at
> > >>
> > >> com.airbus.rmm.controller.**ManualController.send(**
> > >> ManualController.java:174)
> > >>
> > >> I have specified a http conduit in spring configuration file but it
> > >> seems that information inside is not managed and the
> > >> disableCNCheck=false is still
> > >> active
> > >>
> > >> my http-conduit conf :
> > >>
> > >> <http:conduit name="*.http-conduit">
> > >>
> > >> <http:tlsClientParameters secureSocketProtocol="TLS"
> > >>
> > >> disableCNCheck="true">
> > >>
> > >> <sec:keyManagers keyPassword="password">
> > >>
> > >> <sec:keyStore type="JKS" password="password"
> > >>
> > >> file="../classes/server.jks"/>
> > >>
> > >> </sec:keyManagers>
> > >> <sec:trustManagers>
> > >>
> > >> <sec:keyStore type="JKS" password="password"
> > >>
> > >> file="../classes/server.jks"/>
> > >>
> > >> </sec:trustManagers>
> > >> <sec:cipherSuitesFilter>
> > >>
> > >> <!-- these filters ensure that a ciphersuite with
> > >>
> > >> export-suitable or null encryption is used,
> > >> but exclude anonymous Diffie-Hellman key
> > >> change as
> > >> this is vulnerable to man-in-the-middle
> > >> attacks -->
> > >>
> > >> <sec:include>.*_EXPORT_.*</**sec:include>
> > >> <sec:include>.*_EXPORT1024_.*<**/sec:include>
> > >> <sec:include>.*_WITH_DES_.*</**sec:include>
> > >> <sec:include>.*_WITH_NULL_.*</**sec:include>
> > >> <sec:exclude>.*_DH_anon_.*</**sec:exclude>
> > >>
> > >> </sec:cipherSuitesFilter>
> > >>
> > >> </http:tlsClientParameters>
> > >> <http:authorization>
> > >>
> > >> <sec:UserName>nandana</sec:**UserName>
> > >> <sec:Password>password</sec:**Password>
> > >>
> > >> </http:authorization>
> > >> <http:client AutoRedirect="true" Connection="Keep-Alive"/>
> > >>
> > >> </http:conduit>
> > >>
> > >> Thanks for your help
> > >>
> > >> Guillaume
> > >>
> > >>
> > >> --
> > >>
> > >> * *
> > >>
> > >> * *
> > >>
> > >> *Guillaume JOUANJAN
> > >> *
> > >>
> > >> *Chef de Projet Technique
> > >> *
> > >>
> > >> *Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
> > >>
> > >> *Bureau:* +33 (0)5 62 47 33 66
> > >>
> > >> *
> > >> *
> > >>
> > >> *
> > >> *
> > >>
> > >> *
> > >> *
> > >>
> > >> *www.sqli.com*
> > >>
> > >> * *
> > >>
> > >> *
> > >> *
> > >>
> > >> *SQLI Toulouse*
> > >>
> > >> 7 avenue Didier DAURAT
> > >> BP 70118
> > >> 31 704 BLAGNAC CEDEX
> > >>
> > >> *Standard:* +33 (0)5 62 47 70 70
> > >> *Fax:* +33 (0)5 62 47 70 71
> > >>
> > >> **
> > >
> > > ------------------------------**---------------
> > > Freeman Fang
> > >
> > > FuseSource
> > > Email:ffang@fusesource.com
> > > Web: fusesource.com
> > > Twitter: freemanfang
> > > Blog: http://freemanfang.blogspot.**com
> > > <http://freemanfang.blogspot.com>
> --
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
> Talend - http://www.talend.com
>
--
* *
* *
*Guillaume JOUANJAN
*
*Chef de Projet Technique
*
*Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
*Bureau:* +33 (0)5 62 47 33 66
*
*
*
*
*
*
*www.sqli.com*
* *
*
*
*SQLI Toulouse*
7 avenue Didier DAURAT
BP 70118
31 704 BLAGNAC CEDEX
*Standard:* +33 (0)5 62 47 70 70
*Fax:* +33 (0)5 62 47 70 71
**
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation of client with wsdl in https
Posted by Daniel Kulp <dk...@apache.org>.
The "name" for the http-conduit thing in the config is a full regex. Thus,
you should be able to do something like:
<http-conf name="https.*">
....
to match all the https endpoints.
Dan
On Tuesday, August 30, 2011 2:33:43 PM Guillaume Jouanjan wrote:
> Hi
>
> I've tried this but i've got the same error.
>
> org.springframework.web.util.NestedServletException: Request
> processing failed; nested exception is
> org.apache.cxf.service.factory.ServiceConstructionException: Could not
> resolve URL
> "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
> oint?wsdl".
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
> rvlet.java:656)
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
> ava:96)
>
> *cause m�re*
>
> org.apache.cxf.service.factory.ServiceConstructionException: Could not
> resolve URL
> "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endp
> oint?wsdl".
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(DynamicClie
> ntFactory.java:569)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:259)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:204)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:197)
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicCl
> ientFactory.java:152)
> com.airbus.rmm.controller.ManualController.send(ManualController.java:172)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> java.lang.reflect.Method.invoke(Unknown Source)
>
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invoke
> HandlerMethod(HandlerMethodInvoker.java:176)
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
> er.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapt
> er.handle(AnnotationMethodHandlerAdapter.java:414)
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServ
> let.java:790)
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServl
> et.java:719)
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSe
> rvlet.java:644)
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.ja
> va:560) javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.j
> ava:96)
>
> *cause m�re*
>
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No subject alternative names
> present
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
>
> The "mother cause" seems to be the
>
> Could not resolve URL
> "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpo
> int?wsdl
>
> but with internet explorer the url is good (after accepting certificates)
>
> Moreover url of WSDL is calculated dynamically because end user set himself
> via HMI the url of Web Service (i.e :
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only add the endpoint
> + ? wsdl
>
> (i don't know if i can made a 'response to all', please say it me if i can't
> ;) )
>
> Guillaume
>
> 2011/8/30 Freeman Fang <fr...@gmail.com>
>
> > Hi,
> >
> > Looks like the error occurs when you try to download remote wsdl, which
> > also need authentication.
> > However the "{WSDL Namespace}portName" would never work for downloading
> > the wsdl as the portName is unknown at that point.
> > You need change your http:conduit like
> > <http-conf:conduit
> > name="https://10.33.30.138:**8443/.*<https://10.33.30.138:8443/.*> ">
> >
> > the "https" prefix here is important.
> >
> > You can take a look at [1] to get more details there.
> > [1]https://issues.apache.org/**jira/browse/CXF-3421<https://issues.apach
> > e.org/jira/browse/CXF-3421>
> >
> > Freeman
> >
> > On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
> > Hello ,
> >
> >> First of all , sorry for my english , i'm a french developer.
> >>
> >> My goal is to call dynamically web services method using a WSDL (the
> >> only information i have + name of methods)
> >>
> >> I've got a problem with the following code :
> >>
> >> String urlWsdl = "
> >> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
> >> LogbookWSHttpSoap12Endpoint?**wsdl<https://10.33.30.138:8443/eLBG-Serv
> >> er/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl> ";
> >> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
> >> newInstance();
> >> Client clientWS = factory.createClient(urlWsdl);
> >>
> >> I've got the following error :
> >>
> >> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet
> >> rmm-ata a
> >> g´┐¢n´┐¢r´┐¢ une exception
> >> java.security.cert.**CertificateException: No subject alternative
> >> names
> >> present
> >>
> >> at sun.security.util.**HostnameChecker.matchIP(**Unknown
> >> Source)
> >> at sun.security.util.**HostnameChecker.match(Unknown
> >> Source)
> >> at
> >>
> >> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> >> checkIdentity(Unknown
> >> Source)
> >>
> >> at
> >>
> >> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
> >> checkServerTrusted(Unknown
> >> Source)
> >>
> >> at
> >>
> >> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
> >> serverCertificate(Unknown
> >> Source)
> >>
> >> at
> >>
> >> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage(Unkno
> >> wn
> >> Source)
> >>
> >> at
> >> com.sun.net.ssl.internal.ssl.**Handshaker.processLoop(Unk
> >> nown
> >>
> >> Source)
> >>
> >> at
> >> com.sun.net.ssl.internal.ssl.**Handshaker.process_record(
> >> **
> >>
> >> Unknown
> >> Source)
> >>
> >> at
> >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readRecord(*
> >> *
> >>
> >> Unknown
> >> Source)
> >>
> >> at
> >>
> >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHandshake
> >> (** Unknown
> >> Source)
> >>
> >> at
> >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
> >> ke(**
> >>
> >> Unknown
> >> Source)
> >>
> >> at
> >> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandsha
> >> ke(**
> >>
> >> Unknown
> >> Source)
> >>
> >> at
> >> sun.net.www.protocol.https.**HttpsClient.afterConnect(**U
> >> nknown
> >>
> >> Source)
> >>
> >> at
> >>
> >> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
> >> tion.connect(Unknown
> >> Source)
> >>
> >> at
> >>
> >> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(Unknown
> >> Source)
> >>
> >> at
> >>
> >> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
> >> getInputStream(Unknown
> >> Source)
> >>
> >> at
> >>
> >> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
> >> URIResolver.java:167)
> >>
> >> at org.apache.cxf.resource.**URIResolver.<init>(**
> >>
> >> URIResolver.java:90)
> >>
> >> at
> >>
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**composeUrl(**
> >> DynamicClientFactory.java:561)
> >>
> >> at
> >>
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:259)
> >>
> >> at
> >>
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:204)
> >>
> >> at
> >>
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:197)
> >>
> >> at
> >>
> >> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(
> >> **
> >> DynamicClientFactory.java:152)
> >>
> >> at
> >>
> >> com.airbus.rmm.controller.**ManualController.send(**
> >> ManualController.java:174)
> >>
> >> I have specified a http conduit in spring configuration file but it
> >> seems that information inside is not managed and the
> >> disableCNCheck=false is still
> >> active
> >>
> >> my http-conduit conf :
> >>
> >> <http:conduit name="*.http-conduit">
> >>
> >> <http:tlsClientParameters secureSocketProtocol="TLS"
> >>
> >> disableCNCheck="true">
> >>
> >> <sec:keyManagers keyPassword="password">
> >>
> >> <sec:keyStore type="JKS" password="password"
> >>
> >> file="../classes/server.jks"/>
> >>
> >> </sec:keyManagers>
> >> <sec:trustManagers>
> >>
> >> <sec:keyStore type="JKS" password="password"
> >>
> >> file="../classes/server.jks"/>
> >>
> >> </sec:trustManagers>
> >> <sec:cipherSuitesFilter>
> >>
> >> <!-- these filters ensure that a ciphersuite with
> >>
> >> export-suitable or null encryption is used,
> >> but exclude anonymous Diffie-Hellman key
> >> change as
> >> this is vulnerable to man-in-the-middle
> >> attacks -->
> >>
> >> <sec:include>.*_EXPORT_.*</**sec:include>
> >> <sec:include>.*_EXPORT1024_.*<**/sec:include>
> >> <sec:include>.*_WITH_DES_.*</**sec:include>
> >> <sec:include>.*_WITH_NULL_.*</**sec:include>
> >> <sec:exclude>.*_DH_anon_.*</**sec:exclude>
> >>
> >> </sec:cipherSuitesFilter>
> >>
> >> </http:tlsClientParameters>
> >> <http:authorization>
> >>
> >> <sec:UserName>nandana</sec:**UserName>
> >> <sec:Password>password</sec:**Password>
> >>
> >> </http:authorization>
> >> <http:client AutoRedirect="true" Connection="Keep-Alive"/>
> >>
> >> </http:conduit>
> >>
> >> Thanks for your help
> >>
> >> Guillaume
> >>
> >>
> >> --
> >>
> >> * *
> >>
> >> * *
> >>
> >> *Guillaume JOUANJAN
> >> *
> >>
> >> *Chef de Projet Technique
> >> *
> >>
> >> *Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
> >>
> >> *Bureau:* +33 (0)5 62 47 33 66
> >>
> >> *
> >> *
> >>
> >> *
> >> *
> >>
> >> *
> >> *
> >>
> >> *www.sqli.com*
> >>
> >> * *
> >>
> >> *
> >> *
> >>
> >> *SQLI Toulouse*
> >>
> >> 7 avenue Didier DAURAT
> >> BP 70118
> >> 31 704 BLAGNAC CEDEX
> >>
> >> *Standard:* +33 (0)5 62 47 70 70
> >> *Fax:* +33 (0)5 62 47 70 71
> >>
> >> **
> >
> > ------------------------------**---------------
> > Freeman Fang
> >
> > FuseSource
> > Email:ffang@fusesource.com
> > Web: fusesource.com
> > Twitter: freemanfang
> > Blog: http://freemanfang.blogspot.**com
> > <http://freemanfang.blogspot.com>
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic
creation of client with wsdl in https
Posted by Guillaume Jouanjan <gj...@sqli.com>.
Hi
I've tried this but i've got the same error.
org.springframework.web.util.NestedServletException: Request
processing failed; nested exception is
org.apache.cxf.service.factory.ServiceConstructionException: Could not
resolve URL "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl".
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:656)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560)
javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
*cause m�re*
org.apache.cxf.service.factory.ServiceConstructionException: Could not
resolve URL "https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl".
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.composeUrl(DynamicClientFactory.java:569)
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:259)
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:204)
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:197)
org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:152)
com.airbus.rmm.controller.ManualController.send(ManualController.java:172)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
java.lang.reflect.Method.invoke(Unknown Source)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560)
javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
*cause m�re*
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative names
present
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
The "mother cause" seems to be the
Could not resolve URL
"https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl
but with internet explorer the url is good (after accepting certificates)
Moreover url of WSDL is calculated dynamically because end user set himself
via HMI the url of Web Service (i.e :
https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS) i only add the endpoint
+ ? wsdl
(i don't know if i can made a 'response to all', please say it me if i can't
;) )
Guillaume
2011/8/30 Freeman Fang <fr...@gmail.com>
> Hi,
>
> Looks like the error occurs when you try to download remote wsdl, which
> also need authentication.
> However the "{WSDL Namespace}portName" would never work for downloading the
> wsdl as the portName is unknown at that point.
> You need change your http:conduit like
> <http-conf:conduit name="https://10.33.30.138:**8443/.*<https://10.33.30.138:8443/.*>
> ">
> the "https" prefix here is important.
>
> You can take a look at [1] to get more details there.
> [1]https://issues.apache.org/**jira/browse/CXF-3421<https://issues.apache.org/jira/browse/CXF-3421>
>
> Freeman
>
> On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
>
> Hello ,
>>
>> First of all , sorry for my english , i'm a french developer.
>>
>> My goal is to call dynamically web services method using a WSDL (the only
>> information i have + name of methods)
>>
>> I've got a problem with the following code :
>>
>> String urlWsdl = "
>> https://10.33.30.138:8443/**eLBG-Server/WS/LogbookWS.**
>> LogbookWSHttpSoap12Endpoint?**wsdl<https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl>
>> ";
>> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
>> newInstance();
>> Client clientWS = factory.createClient(urlWsdl);
>>
>> I've got the following error :
>>
>> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet rmm-ata
>> a
>> g´┐¢n´┐¢r´┐¢ une exception
>> java.security.cert.**CertificateException: No subject alternative names
>> present
>> at sun.security.util.**HostnameChecker.matchIP(**Unknown Source)
>> at sun.security.util.**HostnameChecker.match(Unknown Source)
>> at
>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
>> checkIdentity(Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**
>> checkServerTrusted(Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**
>> serverCertificate(Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage(Unknown
>> Source)
>> at com.sun.net.ssl.internal.ssl.**Handshaker.processLoop(Unknown
>> Source)
>> at com.sun.net.ssl.internal.ssl.**Handshaker.process_record(**
>> Unknown
>> Source)
>> at com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readRecord(**
>> Unknown
>> Source)
>> at
>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHandshake(**
>> Unknown
>> Source)
>> at com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandshake(**
>> Unknown
>> Source)
>> at com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandshake(**
>> Unknown
>> Source)
>> at sun.net.www.protocol.https.**HttpsClient.afterConnect(**Unknown
>> Source)
>> at
>> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
>> tion.connect(Unknown
>> Source)
>> at
>> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(Unknown
>> Source)
>> at
>> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**
>> getInputStream(Unknown
>> Source)
>> at
>> org.apache.cxf.resource.**URIResolver.tryFileSystem(**
>> URIResolver.java:167)
>> at org.apache.cxf.resource.**URIResolver.<init>(**
>> URIResolver.java:90)
>> at
>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**composeUrl(**
>> DynamicClientFactory.java:561)
>> at
>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(**
>> DynamicClientFactory.java:259)
>> at
>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(**
>> DynamicClientFactory.java:204)
>> at
>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(**
>> DynamicClientFactory.java:197)
>> at
>> org.apache.cxf.endpoint.**dynamic.DynamicClientFactory.**createClient(**
>> DynamicClientFactory.java:152)
>> at
>> com.airbus.rmm.controller.**ManualController.send(**
>> ManualController.java:174)
>>
>> I have specified a http conduit in spring configuration file but it seems
>> that information inside is not managed and the disableCNCheck=false is
>> still
>> active
>>
>> my http-conduit conf :
>>
>> <http:conduit name="*.http-conduit">
>>
>> <http:tlsClientParameters secureSocketProtocol="TLS"
>> disableCNCheck="true">
>> <sec:keyManagers keyPassword="password">
>> <sec:keyStore type="JKS" password="password"
>> file="../classes/server.jks"/>
>> </sec:keyManagers>
>> <sec:trustManagers>
>> <sec:keyStore type="JKS" password="password"
>> file="../classes/server.jks"/>
>> </sec:trustManagers>
>> <sec:cipherSuitesFilter>
>> <!-- these filters ensure that a ciphersuite with
>> export-suitable or null encryption is used,
>> but exclude anonymous Diffie-Hellman key change as
>> this is vulnerable to man-in-the-middle attacks -->
>> <sec:include>.*_EXPORT_.*</**sec:include>
>> <sec:include>.*_EXPORT1024_.*<**/sec:include>
>> <sec:include>.*_WITH_DES_.*</**sec:include>
>> <sec:include>.*_WITH_NULL_.*</**sec:include>
>> <sec:exclude>.*_DH_anon_.*</**sec:exclude>
>> </sec:cipherSuitesFilter>
>> </http:tlsClientParameters>
>> <http:authorization>
>> <sec:UserName>nandana</sec:**UserName>
>> <sec:Password>password</sec:**Password>
>> </http:authorization>
>> <http:client AutoRedirect="true" Connection="Keep-Alive"/>
>>
>> </http:conduit>
>>
>>
>> Thanks for your help
>>
>> Guillaume
>>
>>
>> --
>>
>> * *
>>
>> * *
>>
>> *Guillaume JOUANJAN
>> *
>>
>> *Chef de Projet Technique
>> *
>>
>> *Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
>>
>> *Bureau:* +33 (0)5 62 47 33 66
>>
>> *
>> *
>>
>> *
>> *
>>
>> *
>> *
>>
>> *www.sqli.com*
>>
>> * *
>>
>> *
>> *
>>
>> *SQLI Toulouse*
>>
>> 7 avenue Didier DAURAT
>> BP 70118
>> 31 704 BLAGNAC CEDEX
>>
>> *Standard:* +33 (0)5 62 47 70 70
>> *Fax:* +33 (0)5 62 47 70 71
>>
>> **
>>
>
> ------------------------------**---------------
> Freeman Fang
>
> FuseSource
> Email:ffang@fusesource.com
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.**com <http://freemanfang.blogspot.com>
>
>
>
>
>
>
>
>
>
>
--
* *
* *
*Guillaume JOUANJAN
*
*Chef de Projet Technique
*
*Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
*Bureau:* +33 (0)5 62 47 33 66
*
*
*
*
*
*
*www.sqli.com*
* *
*
*
*SQLI Toulouse*
7 avenue Didier DAURAT
BP 70118
31 704 BLAGNAC CEDEX
*Standard:* +33 (0)5 62 47 70 70
*Fax:* +33 (0)5 62 47 70 71
**
Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation of client with wsdl in https
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Looks like the error occurs when you try to download remote wsdl,
which also need authentication.
However the "{WSDL Namespace}portName" would never work for
downloading the wsdl as the portName is unknown at that point.
You need change your http:conduit like
<http-conf:conduit name="https://10.33.30.138:8443/.*">
the "https" prefix here is important.
You can take a look at [1] to get more details there.
[1]https://issues.apache.org/jira/browse/CXF-3421
Freeman
On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:
> Hello ,
>
> First of all , sorry for my english , i'm a french developer.
>
> My goal is to call dynamically web services method using a WSDL (the
> only
> information i have + name of methods)
>
> I've got a problem with the following code :
>
> String urlWsdl = "
> https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl
> ";
> JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
> newInstance();
> Client clientWS = factory.createClient(urlWsdl);
>
> I've got the following error :
>
> 10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet
> rmm-ata a
> g´┐¢n´┐¢r´┐¢ une exception
> java.security.cert.CertificateException: No subject alternative names
> present
> at sun.security.util.HostnameChecker.matchIP(Unknown Source)
> at sun.security.util.HostnameChecker.match(Unknown Source)
> at
> com
> .sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown
> Source)
> at
> com
> .sun
> .net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> at
> com
> .sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source)
> at
> com
> .sun
> .net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
> at
> sun
> .net
> .www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> Source)
> at
> sun
> .net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> Source)
> at
> org.apache.cxf.resource.URIResolver.tryFileSystem(URIResolver.java:
> 167)
> at
> org.apache.cxf.resource.URIResolver.<init>(URIResolver.java:90)
> at
> org
> .apache
> .cxf
> .endpoint
> .dynamic.DynamicClientFactory.composeUrl(DynamicClientFactory.java:
> 561)
> at
> org
> .apache
> .cxf
> .endpoint
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:
> 259)
> at
> org
> .apache
> .cxf
> .endpoint
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:
> 204)
> at
> org
> .apache
> .cxf
> .endpoint
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:
> 197)
> at
> org
> .apache
> .cxf
> .endpoint
> .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:
> 152)
> at
> com
> .airbus.rmm.controller.ManualController.send(ManualController.java:
> 174)
>
> I have specified a http conduit in spring configuration file but it
> seems
> that information inside is not managed and the disableCNCheck=false
> is still
> active
>
> my http-conduit conf :
>
> <http:conduit name="*.http-conduit">
>
> <http:tlsClientParameters secureSocketProtocol="TLS"
> disableCNCheck="true">
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> file="../classes/server.jks"/>
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="../classes/server.jks"/>
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> <http:authorization>
> <sec:UserName>nandana</sec:UserName>
> <sec:Password>password</sec:Password>
> </http:authorization>
> <http:client AutoRedirect="true" Connection="Keep-Alive"/>
>
> </http:conduit>
>
>
> Thanks for your help
>
> Guillaume
>
>
> --
>
> * *
>
> * *
>
> *Guillaume JOUANJAN
> *
>
> *Chef de Projet Technique
> *
>
> *Email:* gjouanjan@sqli.com * <gj...@sqli.com>*
> *Bureau:* +33 (0)5 62 47 33 66
>
> *
> *
>
> *
> *
>
> *
> *
>
> *www.sqli.com*
>
> * *
>
> *
> *
>
> *SQLI Toulouse*
>
> 7 avenue Didier DAURAT
> BP 70118
> 31 704 BLAGNAC CEDEX
>
> *Standard:* +33 (0)5 62 47 70 70
> *Fax:* +33 (0)5 62 47 70 71
>
> **
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com