Sorry, this got replied to the wrong address.
-----Original Message-----
From: David Sills
Sent: Wednesday, October 19, 2011 7:06 AM
To: 'Daniel Kulp'
Subject: RE: HTTPS client configuration using JaxWsProxyFactoryBean
Daniel:
Many thanks for the suggestions. I have tried using
factory.setEndpointName(new
QName("http://of306.ws.abis.datasourceinc.com/";, "Of306ServerPort"));
Given the configuration below, does that seem right? It did not work
correctly.
I also tried several variations on your idea of calling the setAddress
method and naming conventions, none of which have yet worked.
Further ideas? I have probably missed something....
David
-----Original Message-----
From: Daniel Kulp [mailto:dk...@apache.org]
Sent: Tuesday, October 18, 2011 1:35 PM
To: users@cxf.apache.org
Cc: David Sills
Subject: Re: HTTPS client configuration using JaxWsProxyFactoryBean
I think if you add a "factory.setEndpointName(....)" call to the
appropriate
qname used in the http:conduit, it should work.
Alternatively, if you setup the address on the factory prior to calling
create
(factory.setAddress(...)), you can configure the http conduit via
something
like:
<http:conduit name="https://blah.com:9000/.*";>
(note the .* at the end to match all tails)
Dan
On Tuesday, October 18, 2011 11:18:24 AM David Sills wrote:
> All:
>
>
>
> Is it possible to configure the JaxWsProxyFactoryBean to use HTTPS? It
> looks as though it should be, but I can't quite figure out how to
> connect up the bits. I have added this to the Spring configuration
file:
>
>
>
> <http:conduit
>
name="{http://of306.ws.abis.datasourceinc.com/}Of306ServerPort.http-cond
> uit">
>
> <http:tlsClientParameters secureSocketProtocol="SSL">
>
> <sec:keyManagers>
>
> <sec:keyStore type="JKS" password="0ftobp8ssw0rd"
> file="C:/Java/jks/of306-truststore.jks"/>
>
> </sec:keyManagers>
>
> <sec:trustManagers>
>
> <sec:keyStore type="JKS" password="0ftobp8ssw0rd"
> file="C:/Java/jks/of306-truststore.jks"/>
>
> </sec:trustManagers>
>
> <sec:cipherSuitesFilter>
>
> <!-- these filters ensure that a ciphersuite with
>
> export-suitable or null encryption is used,
>
> but exclude anonymous Diffie-Hellman key change as
>
> this is vulnerable to man-in-the-middle attacks -->
>
> <sec:include>.*_EXPORT_.*</sec:include>
>
> <sec:include>.*_EXPORT1024_.*</sec:include>
>
> <sec:include>.*_WITH_DES_.*</sec:include>
>
> <sec:include>.*_WITH_NULL_.*</sec:include>
>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>
> </sec:cipherSuitesFilter>
>
> </http:tlsClientParameters>
>
> <http:client AutoRedirect="true" Connection="Keep-Alive"/>
>
> </http:conduit>
>
>
>
> The name is (appropriately, I think) the namespace + port name +
> ".http-conduit". (I have also tried using "<sec:certStore
> file="C:/Java/jks/of306-truststore.jks"/>" under <sec:trustManagers>)
> However, when I try this:
>
>
>
> JaxWsProxyFactoryBean factory = new
> JaxWsProxyFactoryBean();
>
> LoggingInInterceptor inInterceptor = new
> LoggingInInterceptor();
>
> inInterceptor.setLimit(-1);
>
> factory.getInInterceptors().add(inInterceptor);
>
> LoggingOutInterceptor outInterceptor = new
> LoggingOutInterceptor();
>
> outInterceptor.setLimit(-1);
>
> factory.getOutInterceptors().add(outInterceptor);
>
> factory.setServiceClass(Of306Service.class);
>
>
> factory.setAddress(applicationConfig.getMessage("of306.service.url"));
>
> ****** ConduitSelector conduitSelector =
> factory.getConduitSelector();
>
> Of306Service client = (Of306Service)
> factory.create();
>
> PinValidationDataImpl data = new
> PinValidationDataImpl();
>
> Of306 of306 = (Of306) command;
>
> data.setPin(of306.getPin());
>
> data.setSsn(of306.getSsn());
>
>
>
data.setDateOfBirth(formatter.format(of306.getDateOfBirth().getDate()));
>
> ValidationOutcome outcome =
> client.validatePin(data);
>
>
>
> The ConduitSelector is null (which didn't surprise me too much, though
> it certainly looks in the HTTPS setup that it should "just work", as
so
> much in Spring does). Do I need to set the ConduitSelector? Is it even
> possible to do so? Which type should be used?
>
>
>
> This is what the logging looks like - it looks as though it's possible
> it is getting the idea, in fact (and yes, the appropriate exported
> self-signed certificate is imported into the trust-store, before
anyone
> asks):
>
>
>
> 2011-10-18 10:53:36,398 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleMessage
on
> interceptor
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> nterceptor@1a85a3b0
>
> 2011-10-18 10:53:36,400 INFO
> [org.apache.cxf.interceptor.LoggingOutInterceptor] - Outbound Message
>
> ---------------------------
>
> ID: 1
>
> Address: https://dsills-t1500:8300/dsi-services/secure/Of306Service
>
> Encoding: UTF-8
>
> Content-Type: text/xml
>
> Headers: {Accept=[*/*], SOAPAction=[""]}
>
> Messages: (message truncated to -1 bytes)
>
>
>
> Payload: <soap:Envelope
>
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><ns1:v
> alidatePin
>
xmlns:ns1="http://of306.ws.abis.datasourceinc.com/";><validationData><pin
>
>
>333333</pin><ssn>555827444</ssn><dateOfBirth>11/01/1953</dateOfBirth></
>
> validationData></ns1:validatePin></soap:Body></soap:Envelope>
>
> --------------------------------------
>
> 2011-10-18 10:53:36,402 DEBUG [org.apache.cxf.transport.http.Headers]
-
> Accept: */*
>
> 2011-10-18 10:53:36,402 DEBUG [org.apache.cxf.transport.http.Headers]
-
> SOAPAction: ""
>
> 2011-10-18 10:53:36,404 DEBUG
> [org.apache.cxf.transport.http.TrustDecisionUtil] - No Trust Decider
for
> Conduit
>
'{http://of306.ws.abis.datasourceinc.com/}Of306ServicePort.http-conduit'
> . An afirmative Trust Decision is assumed.
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> nterceptor@1a85a3b0
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
org.apache.cxf.interceptor.StaxOutEndingInterceptor@553d26fd
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
>
org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEnding
> Interceptor@63d587bf
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
>
org.apache.cxf.interceptor.WrappedOutInterceptor$WrappedOutEndingInterce
> ptor@c2ccccf
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor org.apache.cxf.interceptor.BareOutInterceptor@607e334
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor org.apache.cxf.interceptor.WrappedOutInterceptor@19451392
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
> org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@2529c051
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor org.apache.cxf.interceptor.StaxOutInterceptor@6234a1ed
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
org.apache.cxf.interceptor.AttachmentOutInterceptor@4323c852
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@341b8757
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
org.apache.cxf.interceptor.MessageSenderInterceptor@7b527b7a
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
>
org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@6f
> d56e03
>
> 2011-10-18 10:53:36,430 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
>
org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@6
> d7300f9
>
> 2011-10-18 10:53:36,431 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
> org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@30d497f9
>
> 2011-10-18 10:53:36,431 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@6428c5d6
>
> 2011-10-18 10:53:36,431 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor
> org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@5545757a
>
> 2011-10-18 10:53:36,431 DEBUG
> [org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
> interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@60abe06e
>
> 2011-10-18 10:53:36,434 WARN
> [org.apache.cxf.phase.PhaseInterceptorChain] - Interceptor for
>
{http://of306.ws.abis.datasourceinc.com/}Of306ServiceService#{http://of3
> 06.ws.abis.datasourceinc.com/}validatePin has thrown exception,
> unwinding now
>
> org.apache.cxf.interceptor.Fault: Could not send Message.
>
> at
>
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
> nterceptor.handleMessage(MessageSenderInterceptor.java:64)
>
> at
>
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> hain.java:263)
>
> at
> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519)
>
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449)
>
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352)
>
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304)
>
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
>
> at
>
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>
> at $Proxy84.validatePin(Unknown Source)
>
> at
>
com.datasourceinc.of306.controller.Of306Controller.validatePin(Of306Cont
> roller.java:187)
>
> at
>
com.datasourceinc.of306.controller.Of306Controller.onBindAndValidate(Of3
> 06Controller.java:147)
>
> at
>
org.springframework.web.servlet.mvc.AbstractWizardFormController.onBindA
> ndValidate(AbstractWizardFormController.java:231)
>
> at
>
org.springframework.web.servlet.mvc.BaseCommandController.bindAndValidat
> e(BaseCommandController.java:401)
>
> at
>
org.springframework.web.servlet.mvc.AbstractFormController.handleRequest
> Internal(AbstractFormController.java:266)
>
> at
>
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs
> tractController.java:153)
>
> at
>
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl
> e(SimpleControllerHandlerAdapter.java:48)
>
> at
>
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS
> ervlet.java:788)
>
> at
>
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe
> rvlet.java:717)
>
> at
>
org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
> kServlet.java:644)
>
> at
>
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet
> .java:560)
>
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
>
> at
>
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
> tionFilterChain.java:304)
>
> at
>
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
> erChain.java:210)
>
> at
>
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
> e.java:240)
>
> at
>
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
> e.java:164)
>
> at
>
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
> Base.java:498)
>
> at
>
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
>
> :164)
>
> at
>
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
>
> :100)
>
> at
>
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562
> )
>
> at
>
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
> java:118)
>
> at
>
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:3
> 94)
>
> at
>
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:24
> 3)
>
> at
>
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
> Http11Protocol.java:188)
>
> at
>
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.j
> ava:302)
>
> at
>
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
> r.java:886)
>
> at
>
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
> va:908)
>
> at java.lang.Thread.run(Thread.java:662)
>
> Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
> invoking https://dsills-t1500:8300/dsi-services/secure/Of306Service:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
--
Daniel Kulp
dk...@apache.org
http://dankulp.com/blog
Talend - http://www.talend.com
