Yep, true... I got your point.. I added the certificate to my central java
security cacerts file and the issue seems to be resolved now. Thanks so much!
However, now I have one more problem... The server I am trying to connect to is
an .asmx page which requires authentication... I am trying to send the
credentials trhough the conig file by adding
<http:authorization>
<sec:UserName>username</sec:UserName>
<sec:Password>password</sec:Password>
</http:authorization>
However, this is not working and I am getting the
error:"java.net.protocolException: Server redirected too many times (20)"
Does it seem like its an authentication problem or is it an issue of cxf trying
to communicate with .asmx service. If I try from explorer then also this asmx
page redirects to a different page the minute it starts loading?
Thanks a lot!
Taru
Taru Bazaj
Morgan Stanley | Technology
Bldg. 5, Sector 30, Mindspace, Goregaon (West)
Mumbai (Ex Bombay), 400 090
Phone: +91 22 6641-0281
[EMAIL PROTECTED]
-----Original Message-----
From: Balazs Kollar [mailto:[EMAIL PROTECTED]
Sent: 30 September 2008 19:57
To: [email protected]
Subject: Re: FW: Generating apache cxf client for an https connection
Yes I think :-)
The problem is that Java will not establish a connection, because it does not
trust the other party. Java will only trust the HTTP server on the other side
of the connection, if it is able to check the path of the site's certificate,
thus it originates from a trusted source.
Because of this you need to tell java that you trust the issuer of the other
site's certificate.
2008/9/30 Bazaj, Taru (IT) <[EMAIL PROTECTED]>
> Thanks for replying... I am pretty new to this area so don't know much...
> But as far as I know if I have included the certs file location in the
> spring config file of my project there should not be any problem in
> picking it up...
>
> Do you still think I have to configure Java security to be able to
> establish a https connection..?
>
> Thanks!
> Taru
>
> Taru Bazaj
> Morgan Stanley | Technology
> Bldg. 5, Sector 30, Mindspace, Goregaon (West) Mumbai (Ex Bombay), 400
> 090
> Phone: +91 22 6641-0281
> [EMAIL PROTECTED]
>
> -----Original Message-----
> From: Balazs Kollar [mailto:[EMAIL PROTECTED]
> Sent: 30 September 2008 18:24
> To: [email protected]
> Subject: Re: FW: Generating apache cxf client for an https connection
>
> Hi,
> I think that this problem is not CXF related. You have to configure
> Java security, so javax.net.ssl.HttpsURLConnection will be able to
> establish a HTTPS connection.
>
> See this:
> http://forums.sun.com/thread.jspa?threadID=515154&messageID=2453574
>
> Balázs
>
> 2008/9/30 Bazaj, Taru (IT) <[EMAIL PROTECTED]>
>
> > Hi friends,
> >
> > I am working on a project to create java client for a web service
> > that uses https protocol. I have added the certificate required for
> > the connection in my project and provided the path in my spring config file.
> >
> > But, when I run the project I get the exception "unable to find
> > valid certification path to requested target". I am not able to find
> > out what am I doing wrong.
> >
> > I have attached the certificate( ypou have to change it from .abc to
> > .cer), the wsdl exposed by the web service .
> >
> > The cofig file I wrote is as follows:
> >
> >
> > <?
> > xml version="1.0" encoding="UTF-8"?>
> >
> > <
> > beans xmlns="http://www.springframework.org/schema/beans";
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> >
> > xmlns:cxf="http://cxf.apache.org/core";
> >
> > xmlns:jaxws="http://cxf.apache.org/jaxws";
> >
> > xmlns:http="http://cxf.apache.org/transports/http/configuration";
> >
> > xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
> >
> > xmlns:sec="http://cxf.apache.org/configuration/security";
> >
> > xsi:schemaLocation=*"*
> >
> > http:*//schemas.xmlsoap.or*g*/wsdl/*
> > http:*//schemas.xmlsoap.or*g*/wsdl/*
> >
> > http:*//cxf.apache.or*g*/confi*guration*/security*
> > http:*//cxf.apache.or*g
> > */schemas/confi*guration*/security.xsd*
> >
> > http:*//cxf.apache.or*g*/transports/http/confi*guration
> >
> > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-conf.xsd*
> >
> > http:*//cxf.apache.or*g*/transports/http-jetty/confi*guration
> >
> > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-jetty.xsd*
> >
> > http:
> > *//cxf.apache.or*g*/core* http:*//cxf.apache.or*g*/schemas/core.xsd*
> >
> > http:
> > *//www.sprin*gframework.org*/schema/beans* http:*//www.sprin*
> > gframework.org*/schema/beans/sprin*g-beans-2.0.xsd
> >
> > http:
> > *//cxf.apache.or*g*/jaxws*
> > http:*//cxf.apache.or*g*/schemas/jaxws.xsd"*>
> >
> > <http:conduit name="{
> > http://schemas.microsoft.com/exchange/services/2006/messages}Exchang
> > eS
> > ervicePort-http-conduit<http://schemas.microsoft.com/exchange/servic
> > es /2006/messages%7DExchangeServicePort-http-conduit>
> > ">
> >
> > <http:tlsClientParameters>
> >
> > <sec:trustManagers>
> >
> > <sec:keyStore type="JKS" password="123456"
> >
> > file="C:\Documents and
> >
> Settings\bazajta\MSDE\eclipseide\3.2\workspace\default\ews_client\packages\com\microsoft\schemas\exchange\services\_2006\certs\keystore"
> > />
> >
> > </sec:trustManagers>
> >
> > <sec:cipherSuitesFilter>
> >
> > <!-- these filters ensure that a ciphersuite with-->
> >
> > <!-- export-suitable or null encryption is used, but-->
> >
> > <!-- exclude anonymous Diffie-Hellman key change as this-->
> >
> > <!-- is vulnerable to man-in-the-middle attacks-->
> >
> > <sec:include>.*_EXPORT_.*</sec:include>
> >
> > <sec:include>.*_EXPORT1024_.*</sec:include>
> >
> > <sec:include>.*_WITH_DES_.*</sec:include>
> >
> > <sec:include>.*_WITH_NULL_.*</sec:include>
> >
> > <sec:exclude>.*_DH_anon_.*</sec:exclude>
> >
> > </sec:cipherSuitesFilter>
> >
> > </http:tlsClientParameters>
> >
> > </http:conduit>
> >
> > <!-- We need a bean named "cxf" -->
> >
> > <!-- <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />-->
> >
> > </
> > beans>
> >
> > If anyone has worked on anything similar or could think of anything
> > to solve the issue please get back to me. I need this working urgently.
> >
> > Any help is much appreciated.
> >
> > Thanks a lot !
> >
> > Taru
> >
> > Taru Bazaj
> > Morgan Stanley | Technology
> > Bldg. 5, Sector 30, Mindspace, Goregaon (West) Mumbai (Ex Bombay),
> > 400 090
> > Phone: +91 22 6641-0281
> > [EMAIL PROTECTED]
> >
> > ------------------------------
> >
> > NOTICE: If received in error, please destroy and notify sender.
> > Sender does not intend to waive confidentiality or privilege. Use of
> > this email is prohibited when received in error.
> >
>
>
>
> --
> Balázs
>
> "A good indication of when you are really starting to get to grips
> with a subject, I find, is when you start to know the right questions to ask.
> (Knowing the answers to these questions comes much later. That's
> expertise.) Once you are at this point, you can really start to take
> off: if only because once at this point, Google can usually help you out."
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify sender. Sender
> does not intend to waive confidentiality or privilege. Use of this
> email is prohibited when received in error.
>
--
Balázs
"A good indication of when you are really starting to get to grips with a
subject, I find, is when you start to know the right questions to ask.
(Knowing the answers to these questions comes much later. That's expertise.)
Once you are at this point, you can really start to take off: if only because
once at this point, Google can usually help you out."
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not
intend to waive confidentiality or privilege. Use of this email is prohibited
when received in error.
