[jboss-user] [JBossWS] - https jboss ws client

Tue, 28 Oct 2008 01:07:16 -0700 

Hi,

Trying to use https endpoint address in client proxy (Jboss-4.2.3.GA) from java 
swing client with endorsed liraries and WS-Security UsernameToken enabled.
Solution goes thru a Portwise security server like:
swingclient->https->portwise->http->jboss-in-dmz.

Code from Swing client:

  |     System.setProperty("javax.net.ssl.keyStore", "C:/k.jks");
  |     System.setProperty("javax.net.ssl.trustStore", 
"C:/Program/Java/jdk1.6.0_06/jre/lib/security/cacerts");
  |     System.setProperty("javax.net.ssl.keyStorePassword", "123456");
  |     System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
  |     System.setProperty("javax.net.ssl.keyStoreType", "jks");
  |     System.setProperty("javax.net.ssl.trustStoreType", "jks");
  |     System.setProperty("org.jboss.security.ignoreHttpsHost","true");
  | 
  |            String wsdlURLFileName = Resources.getProperty("wsdlURL");
  |            URL wsdlURL = Resources.findFileAsURL(wsdlURLFileName);
  |            String namespaceURI = Resources.getProperty("namespaceURI");
  |            String localpart = Resources.getProperty("localpart");
  |            service = new KService(wsdlURL, new QName(namespaceURI, 
localpart));
  |        
  |            port = service.getKPort();  
  |         ((StubExt)port).setConfigName("Standard WSSecurity Client");        
  |         
  |         Map<String, Object> reqContext = ((BindingProvider) 
port).getRequestContext();
  |         
  |         reqContext.put(StubExt.PROPERTY_AUTH_TYPE, 
StubExt.PROPERTY_AUTH_TYPE_WSSE);
  |         
  |        String kEnpointAddress = "https://portwise.k.se/KService";;
  |         ((BindingProvider) port).getRequestContext().put(
  |                 BindingProvider.ENDPOINT_ADDRESS_PROPERTY, 
  |                         kEnpointAddress);       
  | 
When invoking web service methods the call does not bring a valid certificate. 
Portwise says 'not a valid certificate' and the call does not reach to jboss in 
dmz.

Did some debugging on Jboss Remoting code and can see truststore and keystore 
being loaded correctly. Monitoring TLS protocol from client to portwise server 
seems ok with handshake.

Also trying to access Jboss in DMZ with plain Java code:

  | try {
  |     System.setProperty("javax.net.ssl.keyStore", "C:/k.jks");
  |     System.setProperty("javax.net.ssl.trustStore", 
"C:/Program/Java/jdk1.6.0_06/jre/lib/security/cacerts");
  |     System.setProperty("javax.net.ssl.keyStorePassword", "123456");
  |     System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
  |     System.setProperty("javax.net.ssl.keyStoreType", "jks");
  |     System.setProperty("javax.net.ssl.trustStoreType", "jks");
  |     
  |     String  keyStorePath   = "C:/k.jks";
  |             String  trustStorePath = 
"C:/Program/Java/jdk1.6.0_06/jre/lib/security/cacerts";
  |             String  password       = "123456";
  |     
  |             String host = "https://portwise.k.se/KService?wsdl";;
  |             KeyStore ks = KeyStore.getInstance("JKS");            
  |             FileInputStream keyStoreInput = new 
FileInputStream(keyStorePath);
  |             try {
  |                 ks.load(keyStoreInput, password.toCharArray());
  |             } finally { keyStoreInput.close(); }  
  |             
  |             KeyStore ts = KeyStore.getInstance("JKS");
  |             FileInputStream trustStoreInput = new 
FileInputStream(trustStorePath);
  |             try {
  |                 ts.load(trustStoreInput, "changeit".toCharArray());
  |             } finally { trustStoreInput.close(); } 
  |                
  |             TrustManagerFactory trustManagerFactory =
  |             
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  |             KeyManagerFactory keyManagerFactory =
  |             
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  |             trustManagerFactory.init(ts);
  |             keyManagerFactory.init(ks,password.toCharArray());
  |             
  |             SSLContext sslContext = SSLContext.getInstance("TLS");          
  
  |             sslContext.init(keyManagerFactory.getKeyManagers(), 
  |                     trustManagerFactory.getTrustManagers(), null);          
  
  |             SSLContext.setDefault(sslContext);
  | 
  |            
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
  |             HttpsURLConnection.setDefaultHostnameVerifier(new 
HostnameVerifier(){
  |                 public boolean verify(String arg0, SSLSession arg1) {
  |                     return true;
  |                 }
  |             });
  |             javax.net.ssl.HttpsURLConnection connection = 
  |                     (javax.net.ssl.HttpsURLConnection)url.openConnection();
  |             connection.setDoOutput(true);
  |             connection.setDoInput(true);
  |             connection.connect();
  |                     
  |             BufferedReader in = new BufferedReader(new InputStreamReader(
  |                     connection.getInputStream()));
  |             int c;
  |             while ((c = in.read()) != -1) {
  |                 System.out.write(c);
  |             }
  |             in.close();
  |         } catch (Exception ex) {
  |             ex.printStackTrace();
  |             return false;
  |         }
  | 
This code retrieve wsdl OK from jboss in DMZ thru Portwise.

Any ideas ?

tia
johan

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4185021#4185021

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4185021
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to