You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Fred Dushin <fr...@dushin.net> on 2007/05/04 04:16:22 UTC
Initializing a Proxy with a "secure" URL
(I hesitate to utter "secure" and "https" in the same breath, but
here we go...)
What is the expected behavior of the following code fragment?
java.net.URL url = new java.net.URL("https://...");
javax.xml.ws.Service svc = new javax.xml.ws.Service.createService
(url, qname);
(where qname is a QName appropriate for the occasion) ?
I'm finding that our WSDLManagerImpl is eventually trying to load the
WSDL behind the URL through a javax.wsdl.xml.WSDLReader, which it
gets off a WSDLFactory, another javax object (WSDLManagerImpl.java:
177). (Eclipse tells me that this implementation is provided
courtesy of IBM, but that's about all I get get out of the debugger).
In any event, there is really no provision for the specification of
key and certificate material for the call out to acquire the WSDL off
the "secure" https URL, in which case the SSL handshake is doomed to
failure, as it clearly does in my debugger.
Looks like a gaping hole in the spec, if not the javax implementation
we are using. I suppose it could be an "implementation specific"
detail -- how to configure said key and certificate material, but no
provision seems to be made by the underlying implementation of these
javax classes, unless anyone here knows any differently. And there's
clearly no way to specify this material programmatically, which is
pretty much the kiss o' death, anyway. Unless there is some kind of
contextual API outside of the creation of the Service I
Rats.
-Fred
Re: Initializing a Proxy with a "secure" URL
Posted by Daniel Kulp <dk...@apache.org>.
Polar,
On Friday 04 May 2007 09:51, Polar Humenn wrote:
> Opps, I'm sorry, I got confused thinking it was a secure way of
> picking up the WSDL file,
> not the actual address of the service itself. Sorry for the confusion.
> I shouldn't answer emails when I'm tired. :)
You weren't confused. (sounds like you are now though. :-) We are
talking about how to get the WSDL document. The URL to the WSDL that
is passed in is just "toString()" and that string is passed around
through much of the code. The actual URL object is not used at all.
Thus, setting stream handlers or whatever on that URL object would be
irrelevant.
That string goes through a bunch of code to figure out how to create the
InputStream for it. One is all the URI resolver code for files,
classpath,etc... The next is the JAXWS catalog stuff. Finally, it
checks the Bus's ResourceManager. At this point, nothing in that path
would allow for a "secure" connection to the wsdl.
Dan
> Cheers,
> -Polar
>
> Daniel Kulp wrote:
> > On Thursday 03 May 2007 22:36, Polar Humenn wrote:
> >> Fred Dushin wrote:
> >>> On May 3, 2007, at 10:16 PM, Fred Dushin wrote:
> >>>> What is the expected behavior of the following code fragment?
> >>>>
> >>>> java.net.URL url = new java.net.URL("https://...");
> >>>> javax.xml.ws.Service svc = new
> >>>> javax.xml.ws.Service.createService(url, qname);
> >>>
> >>> Before too much confusion arises, just let me clarify that this is
> >>> /client-side/ code -- i.e., the "Service" in the above is
> >>> logically associated with a fragment of WSDL, not a remote service
> >>> in the process of being created. It may not have been clear from
> >>> what I initially wrote.
> >>
> >> Fred, in order to do this programatically as above, you would
> >> supply a URLStreamHandler with the URL constructor, or it can be
> >> set after construction. This sets up the URLConnection for the URL.
> >> So, you would supply a HttpsURLConnection for this particular URL
> >> in which you may set the certificates, trust points, by way of the
> >> socket factory, etc.
> >
> > I don't think that will work. We just record the string form of
> > the URL internally and use that.
> >
> > To get this to work, you'd probably need to register a
> > ResorceResolver with the Bus's ResourceManager. Even then, I'm not
> > sure what would happen. I think we check the "default" stuff
> > first.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog
Re: Initializing a Proxy with a "secure" URL
Posted by Daniel Kulp <dk...@apache.org>.
I'll fix the thread safety issue. That's a problem.
Dan
On Friday 04 May 2007 10:26, Fred Dushin wrote:
> It looks like when you add a ResourceResolver, it's added to the
> first in the list, so it should probably work. It doesn't look like
> adding resolvers is thread-safe, so I'll need to exercise caution, by
> maybe doing the add in initialization code, which presumably is
> unithreaded.
>
> On May 4, 2007, at 9:29 AM, Daniel Kulp wrote:
> > To get this to work, you'd probably need to register a
> > ResorceResolver with the Bus's ResourceManager. Even then, I'm not
> > sure what would happen. I think we check the "default" stuff
> > first.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog
Re: Initializing a Proxy with a "secure" URL
Posted by Fred Dushin <fr...@dushin.net>.
It looks like when you add a ResourceResolver, it's added to the
first in the list, so it should probably work. It doesn't look like
adding resolvers is thread-safe, so I'll need to exercise caution, by
maybe doing the add in initialization code, which presumably is
unithreaded.
On May 4, 2007, at 9:29 AM, Daniel Kulp wrote:
> To get this to work, you'd probably need to register a ResorceResolver
> with the Bus's ResourceManager. Even then, I'm not sure what would
> happen. I think we check the "default" stuff first.
Re: Initializing a Proxy with a "secure" URL
Posted by Polar Humenn <ph...@iona.com>.
Opps, I'm sorry, I got confused thinking it was a secure way of picking
up the WSDL file,
not the actual address of the service itself. Sorry for the confusion. I
shouldn't answer emails when I'm tired. :)
Cheers,
-Polar
Daniel Kulp wrote:
> On Thursday 03 May 2007 22:36, Polar Humenn wrote:
>
>> Fred Dushin wrote:
>>
>>> On May 3, 2007, at 10:16 PM, Fred Dushin wrote:
>>>
>>>> What is the expected behavior of the following code fragment?
>>>>
>>>> java.net.URL url = new java.net.URL("https://...");
>>>> javax.xml.ws.Service svc = new
>>>> javax.xml.ws.Service.createService(url, qname);
>>>>
>>> Before too much confusion arises, just let me clarify that this is
>>> /client-side/ code -- i.e., the "Service" in the above is logically
>>> associated with a fragment of WSDL, not a remote service in the
>>> process of being created. It may not have been clear from what I
>>> initially wrote.
>>>
>> Fred, in order to do this programatically as above, you would supply a
>> URLStreamHandler with the URL constructor, or it can be set after
>> construction. This sets up the URLConnection for the URL. So, you
>> would supply a HttpsURLConnection for this particular URL in which you
>> may set the certificates, trust points, by way of the socket factory,
>> etc.
>>
>>
>
> I don't think that will work. We just record the string form of the URL
> internally and use that.
>
> To get this to work, you'd probably need to register a ResorceResolver
> with the Bus's ResourceManager. Even then, I'm not sure what would
> happen. I think we check the "default" stuff first.
>
>
>
>
Re: Initializing a Proxy with a "secure" URL
Posted by Daniel Kulp <dk...@apache.org>.
On Thursday 03 May 2007 22:36, Polar Humenn wrote:
> Fred Dushin wrote:
> > On May 3, 2007, at 10:16 PM, Fred Dushin wrote:
> >> What is the expected behavior of the following code fragment?
> >>
> >> java.net.URL url = new java.net.URL("https://...");
> >> javax.xml.ws.Service svc = new
> >> javax.xml.ws.Service.createService(url, qname);
> >
> > Before too much confusion arises, just let me clarify that this is
> > /client-side/ code -- i.e., the "Service" in the above is logically
> > associated with a fragment of WSDL, not a remote service in the
> > process of being created. It may not have been clear from what I
> > initially wrote.
>
> Fred, in order to do this programatically as above, you would supply a
> URLStreamHandler with the URL constructor, or it can be set after
> construction. This sets up the URLConnection for the URL. So, you
> would supply a HttpsURLConnection for this particular URL in which you
> may set the certificates, trust points, by way of the socket factory,
> etc.
>
I don't think that will work. We just record the string form of the URL
internally and use that.
To get this to work, you'd probably need to register a ResorceResolver
with the Bus's ResourceManager. Even then, I'm not sure what would
happen. I think we check the "default" stuff first.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog
Re: Initializing a Proxy with a "secure" URL
Posted by Polar Humenn <ph...@iona.com>.
Fred Dushin wrote:
>
> On May 3, 2007, at 10:16 PM, Fred Dushin wrote:
>
>> What is the expected behavior of the following code fragment?
>>
>> java.net.URL url = new java.net.URL("https://...");
>> javax.xml.ws.Service svc = new
>> javax.xml.ws.Service.createService(url, qname);
>
> Before too much confusion arises, just let me clarify that this is
> /client-side/ code -- i.e., the "Service" in the above is logically
> associated with a fragment of WSDL, not a remote service in the
> process of being created. It may not have been clear from what I
> initially wrote.
>
Fred, in order to do this programatically as above, you would supply a
URLStreamHandler with the URL constructor, or it can be set after
construction. This sets up the URLConnection for the URL. So, you would
supply a HttpsURLConnection for this particular URL in which you may set
the certificates, trust points, by way of the socket factory, etc.
Cheers,
-Polar
> -Fred
Re: Initializing a Proxy with a "secure" URL
Posted by Fred Dushin <fr...@dushin.net>.
On May 3, 2007, at 10:16 PM, Fred Dushin wrote:
> What is the expected behavior of the following code fragment?
>
> java.net.URL url = new java.net.URL("https://...");
> javax.xml.ws.Service svc = new javax.xml.ws.Service.createService
> (url, qname);
Before too much confusion arises, just let me clarify that this is /
client-side/ code -- i.e., the "Service" in the above is logically
associated with a fragment of WSDL, not a remote service in the
process of being created. It may not have been clear from what I
initially wrote.
-Fred