The CXF part of the communication looks completely correct. On the sending side, the proper Authorization and Proxy-Authorization headers are there. Thus, it looks like there should be an error or something on the server side that you would need to look at. Maybe an invalid username/password or something. I'm not really sure.
Dan On Sunday, May 15, 2011 9:03:12 PM vidMacquarie wrote: > Hi CXF contributors, > > I have experienced similar error when I try to invoke a logon operation on > a Web service provider. I have attached the logs which has all the SSL > handshake logs and soap messages. I went through the ssl handshake logs > and it appears to me that my client has succesfully established the > handshake with server (web service provider), then invoked the logon > service operation. After logon operation I have received Fobidden access > error. I am unclear here whether it is an issue with my CXF config or our > proxy server rejecting the operation or webservice provider is rejecting > the operation. Do you think you can help me with reviewing the logs and > confirm to me that my CXF config is not the issue? If i can confirm this > then i could determine if I need to chase our infrastructure team that > manage proxy server or web service provider. Please note, I am using > camel-cxf, so you will see some camel logs.. > > http://cxf.547215.n5.nabble.com/file/n4398942/ssl-cxf.txt ssl-cxf.txt > > > <jaxws:client address="https://156.48.255.126/axis/services/BclearApi16"; > wsdlLocation="classpath:META- INF/wsdl/bclear/bclearapi-1.6.wsdl" > serviceClass="com.cinnober.trademanager.bclearapi_1_6.BclearApi16" > serviceName="BclearApi16" > id="bclearClient" > createdFromAPI="true"> > <jaxws:inInterceptors> > <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/> > </jaxws:inInterceptors> > <jaxws:outInterceptors> > <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> > </jaxws:outInterceptors> > <jaxws:properties> > <entry key="schema-validation-enabled" > value="true" /> > </jaxws:properties> > > </jaxws:client> > <http:conduit > name="{http://trademanager.cinnober.com/bclearapi-1.6}BclearApi16.http-cond > uit" id="macProxy"> > > <http:tlsClientParameters secureSocketProtocol="SSLv3" > disableCNCheck="true" > > <sec:keyManagers > keyPassword="3hbpass"> > <sec:keyStore > type="PKCS12" > > file="C:\BEL\src\test\resources\META-INF\wsdl\bclear\certs\3HB.p12"/> > </sec:keyManagers> > <sec:trustManagers> > <sec:certStore > file="C:\BEL\src\test\resources\META-INF\wsdl\bclear\certs\3HB.cer"/> > </sec:trustManagers> > > </http:tlsClientParameters> > <http:authorization> > > <sec:UserName>test</sec:UserName> > > <sec:Password>test</sec:Password> > <sec:AuthorizationType>BASIC</sec:AuthorizationType> > </http:authorization> > > <http:proxyAuthorization> > > <sec:UserName>test</sec:UserName> > > <sec:Password>test</sec:Password> > <sec:AuthorizationType>BASIC</sec:AuthorizationType> > > </http:proxyAuthorization> > <http:client > AutoRedirect="true" > > Connection="Keep-Alive" > > ProxyServer="proxy-dev2" > > ProxyServerPort="8080" > > ConnectionTimeout="0" > > ReceiveTimeout="0" > > ContentType="text/xml" > Host="https://156.48.255.126/axis/services/BclearApi16"; > > AcceptLanguage="English" > > AllowChunking="false" > > /> > </http:conduit> > > > > > > > > > Kind regards, > -Vid- > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Proxy-server-configuration-at-web-services > -client-side-tp569342p4398942.html Sent from the cxf-dev mailing list > archive at Nabble.com. -- Daniel Kulp dk...@apache.org http://dankulp.com/blog Talend - http://www.talend.com
