You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Rafal Janik <ra...@softwaremind.pl> on 2012/01/25 11:55:24 UTC
http-conduit in cxf client - how to configure ?
Hi All
I'm trying to write a simple cxf client with trustedCert and I'm almost
sure I'm doing it in wrong and stupid way :D
The result:
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
So I'm not sure if my ssl configuration is set properly...
There is my service exposed via https, the cert is imported into my jks.
application-context.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
</beans>
ssl.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<http:conduit name="{http://my.service}ServiceSoap.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="****" resource="cert.jks"/>
</sec:trustManagers>
<!--<sec:cipherSuitesFilter>-->
<!--<sec:include>.*_EXPORT_.*</sec:include>-->
<!--<sec:include>.*_EXPORT1024_.*</sec:include>-->
<!--<sec:include>.*_WITH_DES_.*</sec:include>-->
<!--<sec:include>.*_WITH_NULL_.*</sec:include>-->
<!--<sec:exclude>.*_DH_anon_.*</sec:exclude>-->
<!--</sec:cipherSuitesFilter>-->
</http:tlsClientParameters>
</http:conduit>
</beans>
and the code is generated with cxf-codegen-plugin.
Should it be imported somewhere? It is on classpath, but I'm not sure if
it is working... The Client uses generated Service classes in the same
way as without ssl.
regards
rafal
Re: http-conduit in cxf client - how to configure ?
Posted by Glen Mazza <gm...@talend.com>.
Could it be that your SOAP client is reading your JRE's cacerts file and
not the one you actually configured with the trusted cert?
Here's what I have on the topic:
http://www.jroller.com/gmazza/entry/ssl_for_web_services
HTH,
Glen
On 01/25/2012 05:55 AM, Rafal Janik wrote:
> Hi All
>
>
> I'm trying to write a simple cxf client with trustedCert and I'm
> almost sure I'm doing it in wrong and stupid way :D
>
> The result:
>
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
>
> So I'm not sure if my ssl configuration is set properly...
>
> There is my service exposed via https, the cert is imported into my jks.
>
> application-context.xml :
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:jaxws="http://cxf.apache.org/jaxws"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
>
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
> </beans>
>
>
> ssl.xml :
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>
>
> xsi:schemaLocation="http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
>
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
>
> <http:conduit name="{http://my.service}ServiceSoap.http-conduit">
>
>
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="****" resource="cert.jks"/>
> </sec:trustManagers>
> <!--<sec:cipherSuitesFilter>-->
> <!--<sec:include>.*_EXPORT_.*</sec:include>-->
> <!--<sec:include>.*_EXPORT1024_.*</sec:include>-->
> <!--<sec:include>.*_WITH_DES_.*</sec:include>-->
> <!--<sec:include>.*_WITH_NULL_.*</sec:include>-->
> <!--<sec:exclude>.*_DH_anon_.*</sec:exclude>-->
> <!--</sec:cipherSuitesFilter>-->
> </http:tlsClientParameters>
> </http:conduit>
>
>
> </beans>
>
> and the code is generated with cxf-codegen-plugin.
>
> Should it be imported somewhere? It is on classpath, but I'm not sure
> if it is working... The Client uses generated Service classes in the
> same way as without ssl.
>
>
> regards
>
>
> rafal
>
>
>
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
Re: http-conduit in cxf client - how to configure ?
Posted by Daniel Kulp <dk...@apache.org>.
There are 3 ways to get this config in place:
1) Name it "cxf.xml" and throw it on the classpath.
2) Set the system property: "cxf.config.file" to the location of the file.
3) Create the Bus manually in your code via;
Bus bus = new SpringBusFactory().createBus(pathToFile);
BusFactory.setDefaultBus(bus);
Dan
On Wednesday, January 25, 2012 11:55:24 AM Rafal Janik wrote:
> I'm trying to write a simple cxf client with trustedCert and I'm almost
> sure I'm doing it in wrong and stupid way :D
>
> The result:
>
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
>
> So I'm not sure if my ssl configuration is set properly...
>
> There is my service exposed via https, the cert is imported into my jks.
>
> application-context.xml :
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:jaxws="http://cxf.apache.org/jaxws"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xsi:schemaLocation="http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
>
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
> </beans>
>
>
> ssl.xml :
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>
> xsi:schemaLocation="http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
>
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
>
> <http:conduit name="{http://my.service}ServiceSoap.http-conduit">
>
>
> <http:tlsClientParameters disableCNCheck="true">
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="****" resource="cert.jks"/>
> </sec:trustManagers>
> <!--<sec:cipherSuitesFilter>-->
> <!--<sec:include>.*_EXPORT_.*</sec:include>-->
> <!--<sec:include>.*_EXPORT1024_.*</sec:include>-->
> <!--<sec:include>.*_WITH_DES_.*</sec:include>-->
> <!--<sec:include>.*_WITH_NULL_.*</sec:include>-->
> <!--<sec:exclude>.*_DH_anon_.*</sec:exclude>-->
> <!--</sec:cipherSuitesFilter>-->
> </http:tlsClientParameters>
> </http:conduit>
>
>
> </beans>
>
> and the code is generated with cxf-codegen-plugin.
>
> Should it be imported somewhere? It is on classpath, but I'm not sure if
> it is working... The Client uses generated Service classes in the same
> way as without ssl.
>
>
> regards
>
>
> rafal
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com