Re: [JBoss][Spring][Apache CXF] Problems occuring when dynamic creation of client with wsdl in https

Tue, 30 Aug 2011 01:44:43 -0700 

Hi,
Looks like the error occurs when you try to download remote wsdl, which also need authentication. However the "{WSDL Namespace}portName" would never work for downloading the wsdl as the portName is unknown at that point. 
You need change your http:conduit like
<http-conf:conduit name="https://10.33.30.138:8443/.*";>
 the "https" prefix here is important.

You can take a look at [1] to get more details there.
[1]https://issues.apache.org/jira/browse/CXF-3421

Freeman
On 2011-8-30, at 下午4:18, Guillaume Jouanjan wrote:


Hello ,

First of all , sorry for my english , i'm a french developer.
My goal is to call dynamically web services method using a WSDL (the only 
information i have + name of methods)

I've got a problem with the following code :

String urlWsdl = "
https://10.33.30.138:8443/eLBG-Server/WS/LogbookWS.LogbookWSHttpSoap12Endpoint?wsdl
";
JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory.
newInstance();
Client clientWS = factory.createClient(urlWsdl);

I've got the following error :
10:04:22,562 ERROR [[rmm-ata]] "Servlet.service()" pour la servlet rmm-ata a 
g´┐¢n´┐¢r´┐¢ une exception
java.security.cert.CertificateException: No subject alternative names
present
       at sun.security.util.HostnameChecker.matchIP(Unknown Source)
       at sun.security.util.HostnameChecker.match(Unknown Source)
       at
com .sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown 
Source)
       at
com .sun .net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown 
Source)
       at
com .sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown 
Source)
       at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) 
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown 
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown 
Source)
       at
com .sun .net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown 
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown 
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown 
Source)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
       at
sun .net .www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
Source)
       at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
       at
sun .net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown 
Source)
       at
org.apache.cxf.resource.URIResolver.tryFileSystem(URIResolver.java: 167) at org.apache.cxf.resource.URIResolver.<init>(URIResolver.java:90) 
       at
org .apache .cxf .endpoint .dynamic.DynamicClientFactory.composeUrl(DynamicClientFactory.java: 561) 
       at
org .apache .cxf .endpoint .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 259) 
       at
org .apache .cxf .endpoint .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 204) 
       at
org .apache .cxf .endpoint .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 197) 
       at
org .apache .cxf .endpoint .dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java: 152) 
       at
com .airbus.rmm.controller.ManualController.send(ManualController.java: 174)
I have specified a http conduit in spring configuration file but it seems that information inside is not managed and the disableCNCheck=false is still 
active

my http-conduit conf :

<http:conduit name="*.http-conduit">

       <http:tlsClientParameters secureSocketProtocol="TLS"
disableCNCheck="true">
         <sec:keyManagers keyPassword="password">
              <sec:keyStore type="JKS" password="password"
                   file="../classes/server.jks"/>
         </sec:keyManagers>
         <sec:trustManagers>
             <sec:keyStore type="JKS" password="password"
                  file="../classes/server.jks"/>
         </sec:trustManagers>
         <sec:cipherSuitesFilter>
           <!-- these filters ensure that a ciphersuite with
             export-suitable or null encryption is used,
             but exclude anonymous Diffie-Hellman key change as
             this is vulnerable to man-in-the-middle attacks -->
           <sec:include>.*_EXPORT_.*</sec:include>
           <sec:include>.*_EXPORT1024_.*</sec:include>
           <sec:include>.*_WITH_DES_.*</sec:include>
           <sec:include>.*_WITH_NULL_.*</sec:include>
           <sec:exclude>.*_DH_anon_.*</sec:exclude>
         </sec:cipherSuitesFilter>
     </http:tlsClientParameters>
     <http:authorization>
        <sec:UserName>nandana</sec:UserName>
        <sec:Password>password</sec:Password>
     </http:authorization>
     <http:client AutoRedirect="true" Connection="Keep-Alive"/>

  </http:conduit>


Thanks for your help

Guillaume


--

* *

* *

*Guillaume JOUANJAN
*

*Chef de Projet Technique
*

*Email:*       gjouan...@sqli.com   * <gjouan...@sqli.com>*
*Bureau:*   +33 (0)5 62 47 33 66

*
*

*
*

*
*

*www.sqli.com*

* *

*
*

*SQLI Toulouse*

7 avenue Didier DAURAT
BP 70118
31 704 BLAGNAC CEDEX

*Standard:* +33 (0)5 62 47 70 70
*Fax:*       +33 (0)5 62 47 70 71

**


---------------------------------------------
Freeman Fang

FuseSource
Email:ff...@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com

Reply via email to