You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Ranthydev Rereddy <Ra...@raytheon.com> on 2008/04/03 01:46:17 UTC
HttpClient with JSF pages
Hello.
I am attempting to use HttpClient to access a jsf page for uploading
files. The jsf page has a submit button that invokes an action on a bean.
When I first access the jsf page it returns the file upload page with a
jsessionid. When I submit my request with the post method for file upload,
the HttpClient instance automatically sends the session id but it does not
invoke the action on the bean.
Has this HttpClient 3.1 been tested with jsf pages?
We do not receive any errors and the bean is being instantiated but the
bean method is not being invoked.
There is no login involved. IE works for the same url.
I will happily consider any responses.
Thank you,
Ranthydev Rereddy
RE: getting httpclient to trust all certs for ssl?
Posted by George Ludwig <sf...@yahoo.com>.
Greg,
You reminded me, I'd meant to post another follow-up
on this subject.
The code example I published works, however it needs
the not-yet-commons-ssl library, which can be found
here: http://juliusdavies.ca/commons-ssl/
I'm not sure if he includes the entire contribs jar in
his jar. I don't need the contriibs jar in my
classpath for the code to work. And the contribs jar
by itself will not work.
I'm not sure what the exact issue was, but I was
getting a PKIX validation error when trying to access
this url: https://xlsoutlet.1a-shops.eu/ My guess is
that the cert is invalid for some reason, like expired
or somsuch, because even using the
EasySSLSocketFactory from the contribs jar I could not
talk with the site.
I haven't had the time to look in to this issue in
detail. All I know is that it works now.
Best,
George
--- "Moore, Greg" <Gr...@adp.com> wrote:
> Glad I was able to help George. and thanks for the
> code. your example is
> what I was actually looking for originally. :)
>
> My personal beef is that none of the examples on the
> sslguide show what
> the imports are and as you've said there are a lot
> of out dated
> examples.
> I would be nice to have a complete examples along
> the lines of...
> here are the includes you need for the examples
> below
> if you want to accept everything... [full code
> example]
> if you want to check certs... [full code example]
> if you want to be really paranoid and check
> everything ... [full code
> example]
>
> Especially for people, like me, that have never done
> programming using
> https it would be helpful. But I'm using Jython so
> maybe I just look at
> thing differently :)
>
> Greg.
>
> -----Original Message-----
> From: George Ludwig [mailto:sfmissionman@yahoo.com]
> Sent: Tuesday, April 08, 2008 1:54 PM
> To: HttpClient User Discussion
> Subject: RE: getting httpclient to trust all certs
> for ssl?
>
> Crap, my fat fingered typing prematurely sent the
> response.
>
> Execute this at any time before the SSL session:
>
> public static void trustAllCerts() throws Exception
> {
> ProtocolSocketFactory sf=new
> EasySSLProtocolSocketFactory();
> Protocol p = new Protocol("https", sf, 443);
> Protocol.registerProtocol("https", p);
> }
>
> As a side comment, is there any reason why the
> contribs area is not included by default in the
> httpclient binary distribution? It just complicates
> my
> project management, seemingly unnecessarily.
>
> Thanks again Greg!
>
> -George
>
> --- "Moore, Greg" <Gr...@adp.com> wrote:
>
> > George,
> > Did you take a look at
> > http://hc.apache.org/httpclient-3.x/sslguide.html
> > at the EasySSLProtocolSocketFactory. there is an
> > EasySSLProtocolSocketFactory and an
> EasyTrustmanager
> > in SVN that seem to
> > do ok. of course I wouldn't use it for production.
> >
> > maybe this would help too.
> >
>
http://www.matthewekent.com/2007/09/httpclient-ssl-support-how-to-.html
> >
> >
> > Greg.
> >
> > -----Original Message-----
> > From: George Ludwig
> [mailto:sfmissionman@yahoo.com]
> > Sent: Monday, April 07, 2008 5:07 PM
> > To: HttpClient User Discussion
> > Subject: getting httpclient to trust all certs for
> > ssl?
> >
> > This seems to have come up before, but I've not
> been
> > able to find a resolution that works.
> >
> > Basically, I want to trust all SSL certs. I doing
> > web
> > harvesting, and I just don't care if a cert is
> > valid,
> > self signed, or has valid trust chain.
> >
> > I've tried a couple of solutions I found on the
> web,
> > but they don't seem to work. Does anyone have a
> > reliable solution to this?
> >
> > The last one I tried was this:
> >
> > public static void trustAllCerts() {
> > // Create a trust manager that does not validate
> > certificate chains
> > TrustManager[] trustAllCerts = new
> > TrustManager[]{
> > new X509TrustManager() {
> > public
> > java.security.cert.X509Certificate[]
> > getAcceptedIssuers() {
> > return null;
> > }
> > public void checkClientTrusted(
> >
> java.security.cert.X509Certificate[]
> > certs, String authType) {
> > }
> > public void checkServerTrusted(
> >
> java.security.cert.X509Certificate[]
> > certs, String authType) {
> > }
> > }
> > };
> >
> > // Install the all-trusting trust manager
> > try {
> > SSLContext sc =
> > SSLContext.getInstance("SSL");
> > sc.init(null, trustAllCerts, new
> > java.security.SecureRandom());
> >
> >
>
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> > } catch (Exception e) {
> > }
> > }
> >
> > I'm currently getting this exception:
> >
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX
> path
> > validation failed:
> > java.security.cert.CertPathValidatorException:
> Path
> > does not chain with any of the trust anchors
> > error!
> >
> >
> > [stack trace deleted]
> >
> >
> > This message and any attachments are intended only
> > for the use of the addressee and may contain
> > information that is privileged and confidential.
> If
> > the reader of the message is not the intended
> > recipient or an authorized representative of the
> > intended recipient, you are hereby notified that
> any
> > dissemination of this communication is strictly
> > prohibited. If you have received this
> communication
> > in error, please notify us immediately by e-mail
> and
> > delete the message and any attachments from your
> > system.
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail:
> > httpclient-users-help@hc.apache.org
> >
> >
>
>
>
>
>
________________________________________________________________________
> ____________
> You rock. That's why Blockbuster's offering you one
> month of Blockbuster
> Total Access, No Cost.
> http://tc.deals.yahoo.com/tc/blockbuster/text5.com
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
>
>
>
> This message and any attachments are intended only
> for the use of the addressee and may contain
> information that is privileged and confidential. If
> the reader of the message is not the intended
> recipient or an authorized representative of the
> intended
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: getting httpclient to trust all certs for ssl?
Posted by "Moore, Greg" <Gr...@adp.com>.
Glad I was able to help George. and thanks for the code. your example is
what I was actually looking for originally. :)
My personal beef is that none of the examples on the sslguide show what
the imports are and as you've said there are a lot of out dated
examples.
I would be nice to have a complete examples along the lines of...
here are the includes you need for the examples below
if you want to accept everything... [full code example]
if you want to check certs... [full code example]
if you want to be really paranoid and check everything ... [full code
example]
Especially for people, like me, that have never done programming using
https it would be helpful. But I'm using Jython so maybe I just look at
thing differently :)
Greg.
-----Original Message-----
From: George Ludwig [mailto:sfmissionman@yahoo.com]
Sent: Tuesday, April 08, 2008 1:54 PM
To: HttpClient User Discussion
Subject: RE: getting httpclient to trust all certs for ssl?
Crap, my fat fingered typing prematurely sent the
response.
Execute this at any time before the SSL session:
public static void trustAllCerts() throws Exception {
ProtocolSocketFactory sf=new
EasySSLProtocolSocketFactory();
Protocol p = new Protocol("https", sf, 443);
Protocol.registerProtocol("https", p);
}
As a side comment, is there any reason why the
contribs area is not included by default in the
httpclient binary distribution? It just complicates my
project management, seemingly unnecessarily.
Thanks again Greg!
-George
--- "Moore, Greg" <Gr...@adp.com> wrote:
> George,
> Did you take a look at
> http://hc.apache.org/httpclient-3.x/sslguide.html
> at the EasySSLProtocolSocketFactory. there is an
> EasySSLProtocolSocketFactory and an EasyTrustmanager
> in SVN that seem to
> do ok. of course I wouldn't use it for production.
>
> maybe this would help too.
>
http://www.matthewekent.com/2007/09/httpclient-ssl-support-how-to-.html
>
>
> Greg.
>
> -----Original Message-----
> From: George Ludwig [mailto:sfmissionman@yahoo.com]
> Sent: Monday, April 07, 2008 5:07 PM
> To: HttpClient User Discussion
> Subject: getting httpclient to trust all certs for
> ssl?
>
> This seems to have come up before, but I've not been
> able to find a resolution that works.
>
> Basically, I want to trust all SSL certs. I doing
> web
> harvesting, and I just don't care if a cert is
> valid,
> self signed, or has valid trust chain.
>
> I've tried a couple of solutions I found on the web,
> but they don't seem to work. Does anyone have a
> reliable solution to this?
>
> The last one I tried was this:
>
> public static void trustAllCerts() {
> // Create a trust manager that does not validate
> certificate chains
> TrustManager[] trustAllCerts = new
> TrustManager[]{
> new X509TrustManager() {
> public
> java.security.cert.X509Certificate[]
> getAcceptedIssuers() {
> return null;
> }
> public void checkClientTrusted(
> java.security.cert.X509Certificate[]
> certs, String authType) {
> }
> public void checkServerTrusted(
> java.security.cert.X509Certificate[]
> certs, String authType) {
> }
> }
> };
>
> // Install the all-trusting trust manager
> try {
> SSLContext sc =
> SSLContext.getInstance("SSL");
> sc.init(null, trustAllCerts, new
> java.security.SecureRandom());
>
>
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> } catch (Exception e) {
> }
> }
>
> I'm currently getting this exception:
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path
> validation failed:
> java.security.cert.CertPathValidatorException: Path
> does not chain with any of the trust anchors
> error!
>
>
> [stack trace deleted]
>
>
> This message and any attachments are intended only
> for the use of the addressee and may contain
> information that is privileged and confidential. If
> the reader of the message is not the intended
> recipient or an authorized representative of the
> intended recipient, you are hereby notified that any
> dissemination of this communication is strictly
> prohibited. If you have received this communication
> in error, please notify us immediately by e-mail and
> delete the message and any attachments from your
> system.
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
>
>
________________________________________________________________________
____________
You rock. That's why Blockbuster's offering you one month of Blockbuster
Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: getting httpclient to trust all certs for ssl?
Posted by George Ludwig <sf...@yahoo.com>.
Thanks a lot Greg! There's a fair amount of info on
this subject floating around, unfortunately most of it
is out of date and it's hard to find a solid example.
If anyone else is looking for an answer to this, the
following code is the solution:
public static void trustAllCerts() throws Exception {
ProtocolSocketFactory sf=new
EasySSLProtocolSocketFactory();
Protocol p = new Protocol("https", sf, 443);
Protocol.registerProtocol("https", p);
}
--- "Moore, Greg" <Gr...@adp.com> wrote:
> George,
> Did you take a look at
> http://hc.apache.org/httpclient-3.x/sslguide.html
> at the EasySSLProtocolSocketFactory. there is an
> EasySSLProtocolSocketFactory and an EasyTrustmanager
> in SVN that seem to
> do ok. of course I wouldn't use it for production.
>
> maybe this would help too.
>
http://www.matthewekent.com/2007/09/httpclient-ssl-support-how-to-.html
>
>
> Greg.
>
> -----Original Message-----
> From: George Ludwig [mailto:sfmissionman@yahoo.com]
> Sent: Monday, April 07, 2008 5:07 PM
> To: HttpClient User Discussion
> Subject: getting httpclient to trust all certs for
> ssl?
>
> This seems to have come up before, but I've not been
> able to find a resolution that works.
>
> Basically, I want to trust all SSL certs. I doing
> web
> harvesting, and I just don't care if a cert is
> valid,
> self signed, or has valid trust chain.
>
> I've tried a couple of solutions I found on the web,
> but they don't seem to work. Does anyone have a
> reliable solution to this?
>
> The last one I tried was this:
>
> public static void trustAllCerts() {
> // Create a trust manager that does not validate
> certificate chains
> TrustManager[] trustAllCerts = new
> TrustManager[]{
> new X509TrustManager() {
> public
> java.security.cert.X509Certificate[]
> getAcceptedIssuers() {
> return null;
> }
> public void checkClientTrusted(
> java.security.cert.X509Certificate[]
> certs, String authType) {
> }
> public void checkServerTrusted(
> java.security.cert.X509Certificate[]
> certs, String authType) {
> }
> }
> };
>
> // Install the all-trusting trust manager
> try {
> SSLContext sc =
> SSLContext.getInstance("SSL");
> sc.init(null, trustAllCerts, new
> java.security.SecureRandom());
>
>
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> } catch (Exception e) {
> }
> }
>
> I'm currently getting this exception:
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path
> validation failed:
> java.security.cert.CertPathValidatorException: Path
> does not chain with any of the trust anchors
> error!
>
>
> [stack trace deleted]
>
>
> This message and any attachments are intended only
> for the use of the addressee and may contain
> information that is privileged and confidential. If
> the reader of the message is not the intended
> recipient or an authorized representative of the
> intended recipient, you are hereby notified that any
> dissemination of this communication is strictly
> prohibited. If you have received this communication
> in error, please notify us immediately by e-mail and
> delete the message and any attachments from your
> system.
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
>
>
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: getting httpclient to trust all certs for ssl?
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2008-04-08 at 13:53 -0700, George Ludwig wrote:
> Crap, my fat fingered typing prematurely sent the
> response.
>
> Execute this at any time before the SSL session:
>
> public static void trustAllCerts() throws Exception {
> ProtocolSocketFactory sf=new
> EasySSLProtocolSocketFactory();
> Protocol p = new Protocol("https", sf, 443);
> Protocol.registerProtocol("https", p);
> }
>
> As a side comment, is there any reason why the
> contribs area is not included by default in the
> httpclient binary distribution? It just complicates my
> project management, seemingly unnecessarily.
>
Because it is not officially supported. The contrib code is provided as
reference material only. The users of that code are expected to review
it thoroughly and make adjustments they deem necessary.
Oleg
> Thanks again Greg!
>
> -George
>
> --- "Moore, Greg" <Gr...@adp.com> wrote:
>
> > George,
> > Did you take a look at
> > http://hc.apache.org/httpclient-3.x/sslguide.html
> > at the EasySSLProtocolSocketFactory. there is an
> > EasySSLProtocolSocketFactory and an EasyTrustmanager
> > in SVN that seem to
> > do ok. of course I wouldn't use it for production.
> >
> > maybe this would help too.
> >
> http://www.matthewekent.com/2007/09/httpclient-ssl-support-how-to-.html
> >
> >
> > Greg.
> >
> > -----Original Message-----
> > From: George Ludwig [mailto:sfmissionman@yahoo.com]
> > Sent: Monday, April 07, 2008 5:07 PM
> > To: HttpClient User Discussion
> > Subject: getting httpclient to trust all certs for
> > ssl?
> >
> > This seems to have come up before, but I've not been
> > able to find a resolution that works.
> >
> > Basically, I want to trust all SSL certs. I doing
> > web
> > harvesting, and I just don't care if a cert is
> > valid,
> > self signed, or has valid trust chain.
> >
> > I've tried a couple of solutions I found on the web,
> > but they don't seem to work. Does anyone have a
> > reliable solution to this?
> >
> > The last one I tried was this:
> >
> > public static void trustAllCerts() {
> > // Create a trust manager that does not validate
> > certificate chains
> > TrustManager[] trustAllCerts = new
> > TrustManager[]{
> > new X509TrustManager() {
> > public
> > java.security.cert.X509Certificate[]
> > getAcceptedIssuers() {
> > return null;
> > }
> > public void checkClientTrusted(
> > java.security.cert.X509Certificate[]
> > certs, String authType) {
> > }
> > public void checkServerTrusted(
> > java.security.cert.X509Certificate[]
> > certs, String authType) {
> > }
> > }
> > };
> >
> > // Install the all-trusting trust manager
> > try {
> > SSLContext sc =
> > SSLContext.getInstance("SSL");
> > sc.init(null, trustAllCerts, new
> > java.security.SecureRandom());
> >
> >
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> > } catch (Exception e) {
> > }
> > }
> >
> > I'm currently getting this exception:
> >
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path
> > validation failed:
> > java.security.cert.CertPathValidatorException: Path
> > does not chain with any of the trust anchors
> > error!
> >
> >
> > [stack trace deleted]
> >
> >
> > This message and any attachments are intended only
> > for the use of the addressee and may contain
> > information that is privileged and confidential. If
> > the reader of the message is not the intended
> > recipient or an authorized representative of the
> > intended recipient, you are hereby notified that any
> > dissemination of this communication is strictly
> > prohibited. If you have received this communication
> > in error, please notify us immediately by e-mail and
> > delete the message and any attachments from your
> > system.
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail:
> > httpclient-users-help@hc.apache.org
> >
> >
>
>
>
> ____________________________________________________________________________________
> You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
> http://tc.deals.yahoo.com/tc/blockbuster/text5.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: getting httpclient to trust all certs for ssl?
Posted by George Ludwig <sf...@yahoo.com>.
Crap, my fat fingered typing prematurely sent the
response.
Execute this at any time before the SSL session:
public static void trustAllCerts() throws Exception {
ProtocolSocketFactory sf=new
EasySSLProtocolSocketFactory();
Protocol p = new Protocol("https", sf, 443);
Protocol.registerProtocol("https", p);
}
As a side comment, is there any reason why the
contribs area is not included by default in the
httpclient binary distribution? It just complicates my
project management, seemingly unnecessarily.
Thanks again Greg!
-George
--- "Moore, Greg" <Gr...@adp.com> wrote:
> George,
> Did you take a look at
> http://hc.apache.org/httpclient-3.x/sslguide.html
> at the EasySSLProtocolSocketFactory. there is an
> EasySSLProtocolSocketFactory and an EasyTrustmanager
> in SVN that seem to
> do ok. of course I wouldn't use it for production.
>
> maybe this would help too.
>
http://www.matthewekent.com/2007/09/httpclient-ssl-support-how-to-.html
>
>
> Greg.
>
> -----Original Message-----
> From: George Ludwig [mailto:sfmissionman@yahoo.com]
> Sent: Monday, April 07, 2008 5:07 PM
> To: HttpClient User Discussion
> Subject: getting httpclient to trust all certs for
> ssl?
>
> This seems to have come up before, but I've not been
> able to find a resolution that works.
>
> Basically, I want to trust all SSL certs. I doing
> web
> harvesting, and I just don't care if a cert is
> valid,
> self signed, or has valid trust chain.
>
> I've tried a couple of solutions I found on the web,
> but they don't seem to work. Does anyone have a
> reliable solution to this?
>
> The last one I tried was this:
>
> public static void trustAllCerts() {
> // Create a trust manager that does not validate
> certificate chains
> TrustManager[] trustAllCerts = new
> TrustManager[]{
> new X509TrustManager() {
> public
> java.security.cert.X509Certificate[]
> getAcceptedIssuers() {
> return null;
> }
> public void checkClientTrusted(
> java.security.cert.X509Certificate[]
> certs, String authType) {
> }
> public void checkServerTrusted(
> java.security.cert.X509Certificate[]
> certs, String authType) {
> }
> }
> };
>
> // Install the all-trusting trust manager
> try {
> SSLContext sc =
> SSLContext.getInstance("SSL");
> sc.init(null, trustAllCerts, new
> java.security.SecureRandom());
>
>
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> } catch (Exception e) {
> }
> }
>
> I'm currently getting this exception:
>
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path
> validation failed:
> java.security.cert.CertPathValidatorException: Path
> does not chain with any of the trust anchors
> error!
>
>
> [stack trace deleted]
>
>
> This message and any attachments are intended only
> for the use of the addressee and may contain
> information that is privileged and confidential. If
> the reader of the message is not the intended
> recipient or an authorized representative of the
> intended recipient, you are hereby notified that any
> dissemination of this communication is strictly
> prohibited. If you have received this communication
> in error, please notify us immediately by e-mail and
> delete the message and any attachments from your
> system.
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
>
>
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
RE: getting httpclient to trust all certs for ssl?
Posted by "Moore, Greg" <Gr...@adp.com>.
George,
Did you take a look at http://hc.apache.org/httpclient-3.x/sslguide.html
at the EasySSLProtocolSocketFactory. there is an
EasySSLProtocolSocketFactory and an EasyTrustmanager in SVN that seem to
do ok. of course I wouldn't use it for production.
maybe this would help too.
http://www.matthewekent.com/2007/09/httpclient-ssl-support-how-to-.html
Greg.
-----Original Message-----
From: George Ludwig [mailto:sfmissionman@yahoo.com]
Sent: Monday, April 07, 2008 5:07 PM
To: HttpClient User Discussion
Subject: getting httpclient to trust all certs for ssl?
This seems to have come up before, but I've not been
able to find a resolution that works.
Basically, I want to trust all SSL certs. I doing web
harvesting, and I just don't care if a cert is valid,
self signed, or has valid trust chain.
I've tried a couple of solutions I found on the web,
but they don't seem to work. Does anyone have a
reliable solution to this?
The last one I tried was this:
public static void trustAllCerts() {
// Create a trust manager that does not validate
certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public
java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[]
certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[]
certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new
java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
}
I'm currently getting this exception:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path
validation failed:
java.security.cert.CertPathValidatorException: Path
does not chain with any of the trust anchors
error!
[stack trace deleted]
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
getting httpclient to trust all certs for ssl?
Posted by George Ludwig <sf...@yahoo.com>.
This seems to have come up before, but I've not been
able to find a resolution that works.
Basically, I want to trust all SSL certs. I doing web
harvesting, and I just don't care if a cert is valid,
self signed, or has valid trust chain.
I've tried a couple of solutions I found on the web,
but they don't seem to work. Does anyone have a
reliable solution to this?
The last one I tried was this:
public static void trustAllCerts() {
// Create a trust manager that does not validate
certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public
java.security.cert.X509Certificate[]
getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[]
certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[]
certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new
java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
}
I'm currently getting this exception:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path
validation failed:
java.security.cert.CertPathValidatorException: Path
does not chain with any of the trust anchors
error!
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:621)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at
com.markmonitor.harvester.util.FetcherUtil.getContent(FetcherUtil.java:91)
at
com.markmonitor.harvester.util.FetcherUtil.getContent(FetcherUtil.java:55)
at
com.markmonitor.reports.channel.UrlProcessingDaemon.getContent(UrlProcessingDaemon.java:197)
at
com.markmonitor.reports.channel.scoring.ChannelScoringTest.readUrls(ChannelScoringTest.java:112)
at
com.markmonitor.reports.channel.scoring.ChannelScoringTest.main(ChannelScoringTest.java:55)
Caused by: sun.security.validator.ValidatorException:
PKIX path validation failed:
java.security.cert.CertPathValidatorException: Path
does not chain with any of the trust anchors
at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251)
at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:148)
at
sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 21 more
Caused by:
java.security.cert.CertPathValidatorException: Path
does not chain with any of the trust anchors
at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195)
at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246)
... 28 more
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Using http client with ssl...WTF?
Posted by George Ludwig <sf...@yahoo.com>.
Oops, my bad. I downloaded the httpclient source, ran
the debugger, and realized it was my own braindead
coding. :)
--- George Ludwig <sf...@yahoo.com> wrote:
> I'm using HttpClient 3.1 with Jdk 1.5 (JRockit).
> WHen
> I try to execute a GET on an https url, I get this:
>
> org.apache.commons.httpclient.URIException: wrong
> class use
> at
>
org.apache.commons.httpclient.HttpURL.checkValid(HttpURL.java:827)
> at
>
org.apache.commons.httpclient.HttpURL.<init>(HttpURL.java:106)
>
> I did some web searches and didn't find much, other
> then I needs JSSE installed. But it comes by default
> with jdk 1.5.
>
> Any thoughts on what I might be doing wrong? The
> client works great for non-ssl urls.
>
>
>
>
>
>
____________________________________________________________________________________
> You rock. That's why Blockbuster's offering you one
> month of Blockbuster Total Access, No Cost.
> http://tc.deals.yahoo.com/tc/blockbuster/text5.com
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
>
>
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Using http client with ssl...WTF?
Posted by George Ludwig <sf...@yahoo.com>.
I'm using HttpClient 3.1 with Jdk 1.5 (JRockit). WHen
I try to execute a GET on an https url, I get this:
org.apache.commons.httpclient.URIException: wrong
class use
at
org.apache.commons.httpclient.HttpURL.checkValid(HttpURL.java:827)
at
org.apache.commons.httpclient.HttpURL.<init>(HttpURL.java:106)
I did some web searches and didn't find much, other
then I needs JSSE installed. But it comes by default
with jdk 1.5.
Any thoughts on what I might be doing wrong? The
client works great for non-ssl urls.
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient with JSF pages
Posted by Ranthydev Rereddy <Ra...@raytheon.com>.
well, just to clarify further, JSF pages implementation on the server side
use "ViewState" hidden field and
the page when posted requires the "encoded" value for this ViewState to be
sent as well.
I got it resolved by retrieving this value from the response doing a fake
"GET" call before I do the actual
POST.
I am sure, you all must have encountered this "ViewState" thingy, and post
your comments, suggestions,
tips/tricks, so other users might find useful.
-thanks again for holding the fort!
Ranthy.
Oleg Kalnichevski <ol...@apache.org>
04/06/2008 05:29 AM
Please respond to
"HttpClient User Discussion" <ht...@hc.apache.org>
To
HttpClient User Discussion <ht...@hc.apache.org>
cc
Subject
Re: HttpClient with JSF pages
On Wed, 2008-04-02 at 18:46 -0500, Ranthydev Rereddy wrote:
> Hello.
>
> I am attempting to use HttpClient to access a jsf page for uploading
> files. The jsf page has a submit button that invokes an action on a
bean.
> When I first access the jsf page it returns the file upload page with a
> jsessionid. When I submit my request with the post method for file
upload,
> the HttpClient instance automatically sends the session id but it does
not
> invoke the action on the bean.
>
> Has this HttpClient 3.1 been tested with jsf pages?
>>From the HTTP protocol standpoint JSF is no different than any other web
frameworks. They all generate some kind of HTML markup at the end of the
day.
Have a look at the HttpClient programming primer and double-check your
code.
http://wiki.apache.org/HttpComponents/ForAbsoluteBeginners
Oleg
> We do not receive any errors and the bean is being instantiated but the
> bean method is not being invoked.
> There is no login involved. IE works for the same url.
>
> I will happily consider any responses.
>
> Thank you,
> Ranthydev Rereddy
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient with JSF pages
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Wed, 2008-04-02 at 18:46 -0500, Ranthydev Rereddy wrote:
> Hello.
>
> I am attempting to use HttpClient to access a jsf page for uploading
> files. The jsf page has a submit button that invokes an action on a bean.
> When I first access the jsf page it returns the file upload page with a
> jsessionid. When I submit my request with the post method for file upload,
> the HttpClient instance automatically sends the session id but it does not
> invoke the action on the bean.
>
> Has this HttpClient 3.1 been tested with jsf pages?
>>From the HTTP protocol standpoint JSF is no different than any other web
frameworks. They all generate some kind of HTML markup at the end of the
day.
Have a look at the HttpClient programming primer and double-check your
code.
http://wiki.apache.org/HttpComponents/ForAbsoluteBeginners
Oleg
> We do not receive any errors and the bean is being instantiated but the
> bean method is not being invoked.
> There is no login involved. IE works for the same url.
>
> I will happily consider any responses.
>
> Thank you,
> Ranthydev Rereddy
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org