Re: CXF over HTTPS on Glassfish and Tomcat

[Łukasz Pijanowski <lu...@gmail.com>]

On Wed, Aug 20, 2008 at 12:05 PM, Łukasz Pijanowski
<lu...@gmail.com> wrote:
>
> Do you have any ideas what may cause the broken connection?
>

First of all, thank you guys for your help:-)

I've done some debugging and I've found out that CXF web service
client does not provide a certificate to the CXF web service provider.

As I wrote above, CXFServlet is a part of my enterprise application
under Glassfish. When I access the web service URL I am able to
authenticate and see the web service's WSDL. Proper authentication
real is being invoked (checked by debugging) during that process.
However, when I use the same link to access it from CXF client
(configured via Spring) the connection gets interrupted as the client
does not provide that proper certificate.
Both the certificate and the private key are available in key stored
configured in <sec:keyStore> node in CXF configuration.

Do you know why client does not present the certificate to the web
service provider during SSL handshake?

Cheers!
-- 
Łukasz Pijanowski

Re: CXF over HTTPS on Glassfish and Tomcat

[Glen Mazza <gl...@gmail.com>]

Łukasz Pijanowski wrote:
> 
> You said, that CXF is currently unable to get WSDL via HTTPS/SSL. Is
> there any way to point the web service client to get WSDL file from
> the local directory?
> 

The last paragraph here:
http://www.jroller.com/gmazza/entry/setting_up_ssl_and_basic
has some ideas (untested) that I got from the Metro project, that should
work (if they work) also for CXF.

HTH,
Glen

-- 
View this message in context: http://www.nabble.com/CXF-over-HTTPS-on-Glassfish-and-Tomcat-tp18729679p19464754.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: CXF over HTTPS on Glassfish and Tomcat

[Łukasz Pijanowski <lu...@gmail.com>]

Daniel Kulp wrote:
> At what point is it failing?   During client creation or while actually 
> invoking a method?    
> 
> That's important.   Right now, we don't have anyway to retrieve the wsdl's via 
> custom SSL/HTTPS stuff.  Thus, if it's during the client creation, it's most 
> likely trying to retrieve the wsdl and that's not working.   
> 
> If it's the latter case, it's USUALLY a wrong qname on the http-conf node.   
> Not sure how to debug that though.
> 
> Dan
> 
> 

Hi!

Thanks for you answer.

What is the general scenario here. I assume the following algorithm:
1. CXF client has to authenticate itself into web application that
provides a web service. (CXF client should present the certificate
defined in http-conduit element)
2. After authentication and authorization CXF web service client
should get the access to web service provider's URL.
3. Then to communication should start between the web service and web
service client.

The second point is the problem. CertificateRealm in Glassfish in not
invoked during CXF client authentication. So I think that CXF client
doesn't even tries to get the WSDL file.

Dan or other CXF's users, could you point me a little bit which 
class/package I should look
into during debug to be 100% sure which scenario it is.

Currently I start to debug from the top -
ClassPathXmlApplicationContext(). Unfortunately, I don't know the CXF
well enough yet and I cannot find the exact place to check the
problem.

Second thing:
You said, that CXF is currently unable to get WSDL via HTTPS/SSL. Is
there any way to point the web service client to get WSDL file from
the local directory?
Maybe I should add that I user Java-first approach. I defined web
service provider class with annotations so WSDL file generated
dynamically. However, the web service client was generated with
wsdl2java tool. WSDL was downloaded manually after it's been created
by CXF service.
As I said, everything (timestamp, encryption, signature) over SSL
without client authentication in a web app works just fine. The
problem is when I turn on the security in a web application that
CXFServlet is configured within.

I must say that this problem really intrigues me :/

Cheers!

-- 
Łukasz

Re: CXF over HTTPS on Glassfish and Tomcat

[Daniel Kulp <dk...@apache.org>]

At what point is it failing?   During client creation or while actually 
invoking a method?    

That's important.   Right now, we don't have anyway to retrieve the wsdl's via 
custom SSL/HTTPS stuff.  Thus, if it's during the client creation, it's most 
likely trying to retrieve the wsdl and that's not working.   

If it's the latter case, it's USUALLY a wrong qname on the http-conf node.   
Not sure how to debug that though.

Dan



On Monday 08 September 2008 8:54:30 am Łukasz Pijanowski wrote:
> On Wed, Aug 20, 2008 at 12:05 PM, Łukasz Pijanowski
>
> <lu...@gmail.com> wrote:
> > Do you have any ideas what may cause the broken connection?
>
> First of all, thank you guys for your help:-)
>
> I've done some debugging and I've found out that CXF web service
> client does not provide a certificate to the CXF web service provider.
>
> As I wrote above, CXFServlet is a part of my enterprise application
> under Glassfish. When I access the web service URL I am able to
> authenticate and see the web service's WSDL. Proper authentication
> real is being invoked (checked by debugging) during that process.
> However, when I use the same link to access it from CXF client
> (configured via Spring) the connection gets interrupted as the client
> does not provide that proper certificate.
> Both the certificate and the private key are available in key stored
> configured in <sec:keyStore> node in CXF configuration.
>
> Do you know why client does not present the certificate to the web
> service provider during SSL handshake?
>
> Cheers!



-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog