You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "Bazaj, Taru (IT)" <Ta...@MorganStanley.com> on 2008/09/30 13:08:26 UTC

FW: Generating apache cxf client for an https connection

Hi friends,
 
I am working on a project to create java client for a web service that
uses https protocol. I have added the certificate required for the
connection in my project and provided the path in my spring config file.
 
But, when I run the project I get the exception "unable to find valid
certification path to requested target". I am not able to find out what
am I doing wrong. 
 
I have attached the certificate( ypou have to change it from .abc to
.cer), the wsdl exposed by the web service .
 
The cofig file I wrote is as follows:
 
<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:cxf="http://cxf.apache.org/core"

xmlns:jaxws="http://cxf.apache.org/jaxws"

xmlns:http="http://cxf.apache.org/transports/http/configuration"

xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"

xmlns:sec="http://cxf.apache.org/configuration/security"

xsi:schemaLocation="

http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/

http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd

http://cxf.apache.org/transports/http/configuration

http://cxf.apache.org/schemas/configuration/http-conf.xsd

http://cxf.apache.org/transports/http-jetty/configuration

http://cxf.apache.org/schemas/configuration/http-jetty.xsd

http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd

http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd

http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

<http:conduit
name="{http://schemas.microsoft.com/exchange/services/2006/messages}Exch
angeServicePort-http-conduit">

<http:tlsClientParameters>

<sec:trustManagers>

<sec:keyStore type="JKS" password="123456"

file="C:\Documents and
Settings\bazajta\MSDE\eclipseide\3.2\workspace\default\ews_client\packag
es\com\microsoft\schemas\exchange\services\_2006\certs\keystore" />

</sec:trustManagers>

<sec:cipherSuitesFilter>

<!-- these filters ensure that a ciphersuite with-->

<!-- export-suitable or null encryption is used, but-->

<!-- exclude anonymous Diffie-Hellman key change as this-->

<!-- is vulnerable to man-in-the-middle attacks-->

<sec:include>.*_EXPORT_.*</sec:include>

<sec:include>.*_EXPORT1024_.*</sec:include>

<sec:include>.*_WITH_DES_.*</sec:include>

<sec:include>.*_WITH_NULL_.*</sec:include>

<sec:exclude>.*_DH_anon_.*</sec:exclude>

</sec:cipherSuitesFilter>

</http:tlsClientParameters>

</http:conduit>

<!-- We need a bean named "cxf" -->

<!-- <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />-->

</beans>

  
If anyone has worked on anything similar or could think of anything to
solve the issue please get back to me. I need this working urgently.
 
Any help is much appreciated.
 
Thanks a lot !
 
Taru
 
Taru Bazaj
Morgan Stanley | Technology
Bldg. 5, Sector 30, Mindspace, Goregaon (West)
Mumbai (Ex Bombay), 400 090
Phone: +91 22 6641-0281
Taru.Bazaj@MorganStanley.com
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.

Re: Apache cxf support for NTLM authentication

Posted by Daniel Kulp <dk...@apache.org>.

On Tuesday 30 September 2008, Bazaj, Taru (IT) wrote:
> Hi all,
>
> I read on the apache cxf web site that cxf does not provide support
> for NTLM authentication 'out of box' but there are certain work
> arounds for this. However, none of the ways they have mentioned on the
> site seems plausible.

In what way does it not seem plausible?   

FYI: that information was directly taken from a message on this list from 
someone that got it working.

Dan



> Has anyone done this before or has any ideas/suggestions ?
>
> Thanks!
> Taru
>
> Taru Bazaj
> Morgan Stanley | Technology
> Bldg. 5, Sector 30, Mindspace, Goregaon (West)
> Mumbai (Ex Bombay), 400 090
> Phone: +91 22 6641-0281
> Taru.Bazaj@MorganStanley.com
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender
> does not intend to waive confidentiality or privilege. Use of this
> email is prohibited when received in error.



-- 
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog

Apache cxf support for NTLM authentication

Posted by "Bazaj, Taru (IT)" <Ta...@MorganStanley.com>.

Hi all,

I read on the apache cxf web site that cxf does not provide support for
NTLM authentication 'out of box' but there are certain work arounds for
this. However, none of the ways they have mentioned on the site seems
plausible.

Has anyone done this before or has any ideas/suggestions ?

Thanks!
Taru

Taru Bazaj
Morgan Stanley | Technology
Bldg. 5, Sector 30, Mindspace, Goregaon (West)
Mumbai (Ex Bombay), 400 090
Phone: +91 22 6641-0281
Taru.Bazaj@MorganStanley.com
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.

RE: FW: Generating apache cxf client for an https connection

Posted by "Bazaj, Taru (IT)" <Ta...@MorganStanley.com>.

Yep, true... I got your point.. I added the certificate to my central java security cacerts file and the issue seems to be resolved now. Thanks so much!

However, now I have one more problem... The server I am trying to connect to is an .asmx page which requires authentication... I am trying to send the credentials trhough the conig file by adding 

		<http:authorization>
			<sec:UserName>username</sec:UserName>
			<sec:Password>password</sec:Password>
		</http:authorization> 

However, this is not working and I am getting the error:"java.net.protocolException: Server redirected too many times (20)"

Does it seem like its an authentication problem or is it an issue of cxf trying to communicate with .asmx service. If I try from explorer then also this asmx page redirects to a different page the minute it starts loading?

Thanks a lot!
Taru

Taru Bazaj
Morgan Stanley | Technology
Bldg. 5, Sector 30, Mindspace, Goregaon (West)
Mumbai (Ex Bombay), 400 090
Phone: +91 22 6641-0281
Taru.Bazaj@MorganStanley.com

-----Original Message-----
From: Balazs Kollar [mailto:balazs.kollar@gmail.com] 
Sent: 30 September 2008 19:57
To: users@cxf.apache.org
Subject: Re: FW: Generating apache cxf client for an https connection

Yes I think :-)
The problem is that Java will not establish a connection, because it does not trust the other party. Java will only trust the HTTP server on the other side of the connection, if it is able to check the path of the site's certificate, thus it originates from a trusted source.

Because of this you need to tell java that you trust the issuer of the other site's certificate.

2008/9/30 Bazaj, Taru (IT) <Ta...@morganstanley.com>

> Thanks for replying... I am pretty new to this area so don't know much...
> But as far as I know if I have included the certs file location in the 
> spring config file of my project there should not be any problem in 
> picking it up...
>
> Do you still think I have to configure Java security to be able to 
> establish a https connection..?
>
> Thanks!
> Taru
>
> Taru Bazaj
> Morgan Stanley | Technology
> Bldg. 5, Sector 30, Mindspace, Goregaon (West) Mumbai (Ex Bombay), 400 
> 090
> Phone: +91 22 6641-0281
> Taru.Bazaj@MorganStanley.com
>
> -----Original Message-----
> From: Balazs Kollar [mailto:balazs.kollar@gmail.com]
> Sent: 30 September 2008 18:24
> To: users@cxf.apache.org
> Subject: Re: FW: Generating apache cxf client for an https connection
>
> Hi,
> I think that this problem is not CXF related. You have to configure 
> Java security, so javax.net.ssl.HttpsURLConnection will be able to 
> establish a HTTPS connection.
>
> See this:
> http://forums.sun.com/thread.jspa?threadID=515154&messageID=2453574
>
> Balázs
>
> 2008/9/30 Bazaj, Taru (IT) <Ta...@morganstanley.com>
>
> >  Hi friends,
> >
> > I am working on a project to create java client for a web service 
> > that uses https protocol. I have added the certificate required for 
> > the connection in my project and provided the path in my spring config file.
> >
> > But, when I run the project I get the exception "unable to find 
> > valid certification path to requested target". I am not able to find 
> > out what am I doing wrong.
> >
> > I have attached the certificate( ypou have to change it from .abc to 
> > .cer), the wsdl exposed by the web service .
> >
> > The cofig file I wrote is as follows:
> >
> >
> > <?
> > xml version="1.0" encoding="UTF-8"?>
> >
> > <
> > beans xmlns="http://www.springframework.org/schema/beans"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >
> > xmlns:cxf="http://cxf.apache.org/core"
> >
> > xmlns:jaxws="http://cxf.apache.org/jaxws"
> >
> > xmlns:http="http://cxf.apache.org/transports/http/configuration"
> >
> > xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
> >
> > xmlns:sec="http://cxf.apache.org/configuration/security"
> >
> > xsi:schemaLocation=*"*
> >
> > http:*//schemas.xmlsoap.or*g*/wsdl/*
> > http:*//schemas.xmlsoap.or*g*/wsdl/*
> >
> > http:*//cxf.apache.or*g*/confi*guration*/security*
> > http:*//cxf.apache.or*g
> > */schemas/confi*guration*/security.xsd*
> >
> > http:*//cxf.apache.or*g*/transports/http/confi*guration
> >
> > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-conf.xsd*
> >
> > http:*//cxf.apache.or*g*/transports/http-jetty/confi*guration
> >
> > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-jetty.xsd*
> >
> > http:
> > *//cxf.apache.or*g*/core* http:*//cxf.apache.or*g*/schemas/core.xsd*
> >
> > http:
> > *//www.sprin*gframework.org*/schema/beans* http:*//www.sprin* 
> > gframework.org*/schema/beans/sprin*g-beans-2.0.xsd
> >
> > http:
> > *//cxf.apache.or*g*/jaxws*
> > http:*//cxf.apache.or*g*/schemas/jaxws.xsd"*>
> >
> > <http:conduit name="{
> > http://schemas.microsoft.com/exchange/services/2006/messages}Exchang
> > eS 
> > ervicePort-http-conduit<http://schemas.microsoft.com/exchange/servic
> > es /2006/messages%7DExchangeServicePort-http-conduit>
> > ">
> >
> > <http:tlsClientParameters>
> >
> > <sec:trustManagers>
> >
> > <sec:keyStore type="JKS" password="123456"
> >
> > file="C:\Documents and
> >
> Settings\bazajta\MSDE\eclipseide\3.2\workspace\default\ews_client\packages\com\microsoft\schemas\exchange\services\_2006\certs\keystore"
> > />
> >
> > </sec:trustManagers>
> >
> > <sec:cipherSuitesFilter>
> >
> > <!-- these filters ensure that a ciphersuite with-->
> >
> > <!-- export-suitable or null encryption is used, but-->
> >
> > <!-- exclude anonymous Diffie-Hellman key change as this-->
> >
> > <!-- is vulnerable to man-in-the-middle attacks-->
> >
> > <sec:include>.*_EXPORT_.*</sec:include>
> >
> > <sec:include>.*_EXPORT1024_.*</sec:include>
> >
> > <sec:include>.*_WITH_DES_.*</sec:include>
> >
> > <sec:include>.*_WITH_NULL_.*</sec:include>
> >
> > <sec:exclude>.*_DH_anon_.*</sec:exclude>
> >
> > </sec:cipherSuitesFilter>
> >
> > </http:tlsClientParameters>
> >
> > </http:conduit>
> >
> > <!-- We need a bean named "cxf" -->
> >
> > <!-- <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />-->
> >
> > </
> > beans>
> >
> > If anyone has worked on anything similar or could think of anything 
> > to solve the issue please get back to me. I need this working urgently.
> >
> > Any help is much appreciated.
> >
> > Thanks a lot !
> >
> > Taru
> >
> > Taru Bazaj
> > Morgan Stanley | Technology
> > Bldg. 5, Sector 30, Mindspace, Goregaon (West) Mumbai (Ex Bombay), 
> > 400 090
> > Phone: +91 22 6641-0281
> > Taru.Bazaj@MorganStanley.com
> >
> >  ------------------------------
> >
> > NOTICE: If received in error, please destroy and notify sender. 
> > Sender does not intend to waive confidentiality or privilege. Use of 
> > this email is prohibited when received in error.
> >
>
>
>
> --
> Balázs
>
> "A good indication of when you are really starting to get to grips 
> with a subject, I find, is when you start to know the right questions to ask.
> (Knowing the answers to these questions comes much later. That's
> expertise.) Once you are at this point, you can really start to take 
> off: if only because once at this point, Google can usually help you out."
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender 
> does not intend to waive confidentiality or privilege. Use of this 
> email is prohibited when received in error.
>



--
Balázs

"A good indication of when you are really starting to get to grips with a subject, I find, is when you start to know the right questions to ask.
(Knowing the answers to these questions comes much later. That's expertise.) Once you are at this point, you can really start to take off: if only because once at this point, Google can usually help you out."
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.

Re: FW: Generating apache cxf client for an https connection

Posted by Balazs Kollar <ba...@gmail.com>.

Yes I think :-)
The problem is that Java will not establish a connection, because it does
not trust the other party. Java will only trust the HTTP server on the other
side of the connection, if it is able to check the path of the site's
certificate, thus it originates from a trusted source.

Because of this you need to tell java that you trust the issuer of the other
site's certificate.

2008/9/30 Bazaj, Taru (IT) <Ta...@morganstanley.com>

> Thanks for replying... I am pretty new to this area so don't know much...
> But as far as I know if I have included the certs file location in the
> spring config file of my project there should not be any problem in picking
> it up...
>
> Do you still think I have to configure Java security to be able to
> establish a https connection..?
>
> Thanks!
> Taru
>
> Taru Bazaj
> Morgan Stanley | Technology
> Bldg. 5, Sector 30, Mindspace, Goregaon (West)
> Mumbai (Ex Bombay), 400 090
> Phone: +91 22 6641-0281
> Taru.Bazaj@MorganStanley.com
>
> -----Original Message-----
> From: Balazs Kollar [mailto:balazs.kollar@gmail.com]
> Sent: 30 September 2008 18:24
> To: users@cxf.apache.org
> Subject: Re: FW: Generating apache cxf client for an https connection
>
> Hi,
> I think that this problem is not CXF related. You have to configure Java
> security, so javax.net.ssl.HttpsURLConnection will be able to establish a
> HTTPS connection.
>
> See this:
> http://forums.sun.com/thread.jspa?threadID=515154&messageID=2453574
>
> Balázs
>
> 2008/9/30 Bazaj, Taru (IT) <Ta...@morganstanley.com>
>
> >  Hi friends,
> >
> > I am working on a project to create java client for a web service that
> > uses https protocol. I have added the certificate required for the
> > connection in my project and provided the path in my spring config file.
> >
> > But, when I run the project I get the exception "unable to find valid
> > certification path to requested target". I am not able to find out
> > what am I doing wrong.
> >
> > I have attached the certificate( ypou have to change it from .abc to
> > .cer), the wsdl exposed by the web service .
> >
> > The cofig file I wrote is as follows:
> >
> >
> > <?
> > xml version="1.0" encoding="UTF-8"?>
> >
> > <
> > beans xmlns="http://www.springframework.org/schema/beans"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >
> > xmlns:cxf="http://cxf.apache.org/core"
> >
> > xmlns:jaxws="http://cxf.apache.org/jaxws"
> >
> > xmlns:http="http://cxf.apache.org/transports/http/configuration"
> >
> > xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
> >
> > xmlns:sec="http://cxf.apache.org/configuration/security"
> >
> > xsi:schemaLocation=*"*
> >
> > http:*//schemas.xmlsoap.or*g*/wsdl/*
> > http:*//schemas.xmlsoap.or*g*/wsdl/*
> >
> > http:*//cxf.apache.or*g*/confi*guration*/security*
> > http:*//cxf.apache.or*g
> > */schemas/confi*guration*/security.xsd*
> >
> > http:*//cxf.apache.or*g*/transports/http/confi*guration
> >
> > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-conf.xsd*
> >
> > http:*//cxf.apache.or*g*/transports/http-jetty/confi*guration
> >
> > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-jetty.xsd*
> >
> > http:
> > *//cxf.apache.or*g*/core* http:*//cxf.apache.or*g*/schemas/core.xsd*
> >
> > http:
> > *//www.sprin*gframework.org*/schema/beans* http:*//www.sprin*
> > gframework.org*/schema/beans/sprin*g-beans-2.0.xsd
> >
> > http:
> > *//cxf.apache.or*g*/jaxws*
> > http:*//cxf.apache.or*g*/schemas/jaxws.xsd"*>
> >
> > <http:conduit name="{
> > http://schemas.microsoft.com/exchange/services/2006/messages}ExchangeS
> > ervicePort-http-conduit<http://schemas.microsoft.com/exchange/services
> > /2006/messages%7DExchangeServicePort-http-conduit>
> > ">
> >
> > <http:tlsClientParameters>
> >
> > <sec:trustManagers>
> >
> > <sec:keyStore type="JKS" password="123456"
> >
> > file="C:\Documents and
> >
> Settings\bazajta\MSDE\eclipseide\3.2\workspace\default\ews_client\packages\com\microsoft\schemas\exchange\services\_2006\certs\keystore"
> > />
> >
> > </sec:trustManagers>
> >
> > <sec:cipherSuitesFilter>
> >
> > <!-- these filters ensure that a ciphersuite with-->
> >
> > <!-- export-suitable or null encryption is used, but-->
> >
> > <!-- exclude anonymous Diffie-Hellman key change as this-->
> >
> > <!-- is vulnerable to man-in-the-middle attacks-->
> >
> > <sec:include>.*_EXPORT_.*</sec:include>
> >
> > <sec:include>.*_EXPORT1024_.*</sec:include>
> >
> > <sec:include>.*_WITH_DES_.*</sec:include>
> >
> > <sec:include>.*_WITH_NULL_.*</sec:include>
> >
> > <sec:exclude>.*_DH_anon_.*</sec:exclude>
> >
> > </sec:cipherSuitesFilter>
> >
> > </http:tlsClientParameters>
> >
> > </http:conduit>
> >
> > <!-- We need a bean named "cxf" -->
> >
> > <!-- <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />-->
> >
> > </
> > beans>
> >
> > If anyone has worked on anything similar or could think of anything to
> > solve the issue please get back to me. I need this working urgently.
> >
> > Any help is much appreciated.
> >
> > Thanks a lot !
> >
> > Taru
> >
> > Taru Bazaj
> > Morgan Stanley | Technology
> > Bldg. 5, Sector 30, Mindspace, Goregaon (West) Mumbai (Ex Bombay), 400
> > 090
> > Phone: +91 22 6641-0281
> > Taru.Bazaj@MorganStanley.com
> >
> >  ------------------------------
> >
> > NOTICE: If received in error, please destroy and notify sender. Sender
> > does not intend to waive confidentiality or privilege. Use of this
> > email is prohibited when received in error.
> >
>
>
>
> --
> Balázs
>
> "A good indication of when you are really starting to get to grips with a
> subject, I find, is when you start to know the right questions to ask.
> (Knowing the answers to these questions comes much later. That's
> expertise.) Once you are at this point, you can really start to take off: if
> only because once at this point, Google can usually help you out."
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender does
> not intend to waive confidentiality or privilege. Use of this email is
> prohibited when received in error.
>



-- 
Balázs

"A good indication of when you are really starting to get to grips with a
subject, I find, is when you start to know the right questions to ask.
(Knowing the answers to these questions comes much later. That's expertise.)
Once you are at this point, you can really start to take off: if only
because once at this point, Google can usually help you out."

RE: FW: Generating apache cxf client for an https connection

Posted by "Bazaj, Taru (IT)" <Ta...@MorganStanley.com>.

Thanks for replying... I am pretty new to this area so don't know much... But as far as I know if I have included the certs file location in the spring config file of my project there should not be any problem in picking it up... 

Do you still think I have to configure Java security to be able to establish a https connection..?

Thanks!
Taru

Taru Bazaj
Morgan Stanley | Technology
Bldg. 5, Sector 30, Mindspace, Goregaon (West)
Mumbai (Ex Bombay), 400 090
Phone: +91 22 6641-0281
Taru.Bazaj@MorganStanley.com

-----Original Message-----
From: Balazs Kollar [mailto:balazs.kollar@gmail.com] 
Sent: 30 September 2008 18:24
To: users@cxf.apache.org
Subject: Re: FW: Generating apache cxf client for an https connection

Hi,
I think that this problem is not CXF related. You have to configure Java security, so javax.net.ssl.HttpsURLConnection will be able to establish a HTTPS connection.

See this:
http://forums.sun.com/thread.jspa?threadID=515154&messageID=2453574

Balázs

2008/9/30 Bazaj, Taru (IT) <Ta...@morganstanley.com>

>  Hi friends,
>
> I am working on a project to create java client for a web service that 
> uses https protocol. I have added the certificate required for the 
> connection in my project and provided the path in my spring config file.
>
> But, when I run the project I get the exception "unable to find valid 
> certification path to requested target". I am not able to find out 
> what am I doing wrong.
>
> I have attached the certificate( ypou have to change it from .abc to 
> .cer), the wsdl exposed by the web service .
>
> The cofig file I wrote is as follows:
>
>
> <?
> xml version="1.0" encoding="UTF-8"?>
>
> <
> beans xmlns="http://www.springframework.org/schema/beans"
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
> xmlns:cxf="http://cxf.apache.org/core"
>
> xmlns:jaxws="http://cxf.apache.org/jaxws"
>
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>
> xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
>
> xmlns:sec="http://cxf.apache.org/configuration/security"
>
> xsi:schemaLocation=*"*
>
> http:*//schemas.xmlsoap.or*g*/wsdl/* 
> http:*//schemas.xmlsoap.or*g*/wsdl/*
>
> http:*//cxf.apache.or*g*/confi*guration*/security* 
> http:*//cxf.apache.or*g
> */schemas/confi*guration*/security.xsd*
>
> http:*//cxf.apache.or*g*/transports/http/confi*guration
>
> http:*//cxf.apache.or*g*/schemas/confi*guration*/http-conf.xsd*
>
> http:*//cxf.apache.or*g*/transports/http-jetty/confi*guration
>
> http:*//cxf.apache.or*g*/schemas/confi*guration*/http-jetty.xsd*
>
> http:
> *//cxf.apache.or*g*/core* http:*//cxf.apache.or*g*/schemas/core.xsd*
>
> http:
> *//www.sprin*gframework.org*/schema/beans* http:*//www.sprin* 
> gframework.org*/schema/beans/sprin*g-beans-2.0.xsd
>
> http:
> *//cxf.apache.or*g*/jaxws* 
> http:*//cxf.apache.or*g*/schemas/jaxws.xsd"*>
>
> <http:conduit name="{
> http://schemas.microsoft.com/exchange/services/2006/messages}ExchangeS
> ervicePort-http-conduit<http://schemas.microsoft.com/exchange/services
> /2006/messages%7DExchangeServicePort-http-conduit>
> ">
>
> <http:tlsClientParameters>
>
> <sec:trustManagers>
>
> <sec:keyStore type="JKS" password="123456"
>
> file="C:\Documents and
> Settings\bazajta\MSDE\eclipseide\3.2\workspace\default\ews_client\packages\com\microsoft\schemas\exchange\services\_2006\certs\keystore"
> />
>
> </sec:trustManagers>
>
> <sec:cipherSuitesFilter>
>
> <!-- these filters ensure that a ciphersuite with-->
>
> <!-- export-suitable or null encryption is used, but-->
>
> <!-- exclude anonymous Diffie-Hellman key change as this-->
>
> <!-- is vulnerable to man-in-the-middle attacks-->
>
> <sec:include>.*_EXPORT_.*</sec:include>
>
> <sec:include>.*_EXPORT1024_.*</sec:include>
>
> <sec:include>.*_WITH_DES_.*</sec:include>
>
> <sec:include>.*_WITH_NULL_.*</sec:include>
>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>
> </sec:cipherSuitesFilter>
>
> </http:tlsClientParameters>
>
> </http:conduit>
>
> <!-- We need a bean named "cxf" -->
>
> <!-- <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />-->
>
> </
> beans>
>
> If anyone has worked on anything similar or could think of anything to 
> solve the issue please get back to me. I need this working urgently.
>
> Any help is much appreciated.
>
> Thanks a lot !
>
> Taru
>
> Taru Bazaj
> Morgan Stanley | Technology
> Bldg. 5, Sector 30, Mindspace, Goregaon (West) Mumbai (Ex Bombay), 400 
> 090
> Phone: +91 22 6641-0281
> Taru.Bazaj@MorganStanley.com
>
>  ------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender 
> does not intend to waive confidentiality or privilege. Use of this 
> email is prohibited when received in error.
>



--
Balázs

"A good indication of when you are really starting to get to grips with a subject, I find, is when you start to know the right questions to ask.
(Knowing the answers to these questions comes much later. That's expertise.) Once you are at this point, you can really start to take off: if only because once at this point, Google can usually help you out."
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.

Re: FW: Generating apache cxf client for an https connection

Posted by Balazs Kollar <ba...@gmail.com>.

Hi,
I think that this problem is not CXF related. You have to configure Java
security, so javax.net.ssl.HttpsURLConnection will be able to establish a
HTTPS connection.

See this:
http://forums.sun.com/thread.jspa?threadID=515154&messageID=2453574

Balázs

2008/9/30 Bazaj, Taru (IT) <Ta...@morganstanley.com>

>  Hi friends,
>
> I am working on a project to create java client for a web service that uses
> https protocol. I have added the certificate required for the connection in
> my project and provided the path in my spring config file.
>
> But, when I run the project I get the exception "unable to find valid
> certification path to requested target". I am not able to find out what am I
> doing wrong.
>
> I have attached the certificate( ypou have to change it from .abc to .cer),
> the wsdl exposed by the web service .
>
> The cofig file I wrote is as follows:
>
>
> <?
> xml version="1.0" encoding="UTF-8"?>
>
> <
> beans xmlns="http://www.springframework.org/schema/beans"
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
> xmlns:cxf="http://cxf.apache.org/core"
>
> xmlns:jaxws="http://cxf.apache.org/jaxws"
>
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>
> xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
>
> xmlns:sec="http://cxf.apache.org/configuration/security"
>
> xsi:schemaLocation=*"*
>
> http:*//schemas.xmlsoap.or*g*/wsdl/* http:*//schemas.xmlsoap.or*g*/wsdl/*
>
> http:*//cxf.apache.or*g*/confi*guration*/security* http:*//cxf.apache.or*g
> */schemas/confi*guration*/security.xsd*
>
> http:*//cxf.apache.or*g*/transports/http/confi*guration
>
> http:*//cxf.apache.or*g*/schemas/confi*guration*/http-conf.xsd*
>
> http:*//cxf.apache.or*g*/transports/http-jetty/confi*guration
>
> http:*//cxf.apache.or*g*/schemas/confi*guration*/http-jetty.xsd*
>
> http:
> *//cxf.apache.or*g*/core* http:*//cxf.apache.or*g*/schemas/core.xsd*
>
> http:
> *//www.sprin*gframework.org*/schema/beans* http:*//www.sprin*
> gframework.org*/schema/beans/sprin*g-beans-2.0.xsd
>
> http:
> *//cxf.apache.or*g*/jaxws* http:*//cxf.apache.or*g*/schemas/jaxws.xsd"*>
>
> <http:conduit name="{
> http://schemas.microsoft.com/exchange/services/2006/messages}ExchangeServicePort-http-conduit<http://schemas.microsoft.com/exchange/services/2006/messages%7DExchangeServicePort-http-conduit>
> ">
>
> <http:tlsClientParameters>
>
> <sec:trustManagers>
>
> <sec:keyStore type="JKS" password="123456"
>
> file="C:\Documents and
> Settings\bazajta\MSDE\eclipseide\3.2\workspace\default\ews_client\packages\com\microsoft\schemas\exchange\services\_2006\certs\keystore"
> />
>
> </sec:trustManagers>
>
> <sec:cipherSuitesFilter>
>
> <!-- these filters ensure that a ciphersuite with-->
>
> <!-- export-suitable or null encryption is used, but-->
>
> <!-- exclude anonymous Diffie-Hellman key change as this-->
>
> <!-- is vulnerable to man-in-the-middle attacks-->
>
> <sec:include>.*_EXPORT_.*</sec:include>
>
> <sec:include>.*_EXPORT1024_.*</sec:include>
>
> <sec:include>.*_WITH_DES_.*</sec:include>
>
> <sec:include>.*_WITH_NULL_.*</sec:include>
>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>
> </sec:cipherSuitesFilter>
>
> </http:tlsClientParameters>
>
> </http:conduit>
>
> <!-- We need a bean named "cxf" -->
>
> <!-- <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />-->
>
> </
> beans>
>
> If anyone has worked on anything similar or could think of anything to
> solve the issue please get back to me. I need this working urgently.
>
> Any help is much appreciated.
>
> Thanks a lot !
>
> Taru
>
> Taru Bazaj
> Morgan Stanley | Technology
> Bldg. 5, Sector 30, Mindspace, Goregaon (West)
> Mumbai (Ex Bombay), 400 090
> Phone: +91 22 6641-0281
> Taru.Bazaj@MorganStanley.com
>
>  ------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender does
> not intend to waive confidentiality or privilege. Use of this email is
> prohibited when received in error.
>



-- 
Balázs

"A good indication of when you are really starting to get to grips with a
subject, I find, is when you start to know the right questions to ask.
(Knowing the answers to these questions comes much later. That's expertise.)
Once you are at this point, you can really start to take off: if only
because once at this point, Google can usually help you out."