(I hesitate to utter "secure" and "https" in the same breath, but
here we go...)
What is the expected behavior of the following code fragment?
java.net.URL url = new java.net.URL("https://...";);
javax.xml.ws.Service svc = new javax.xml.ws.Service.createService
(url, qname);
(where qname is a QName appropriate for the occasion) ?
I'm finding that our WSDLManagerImpl is eventually trying to load the
WSDL behind the URL through a javax.wsdl.xml.WSDLReader, which it
gets off a WSDLFactory, another javax object (WSDLManagerImpl.java:
177). (Eclipse tells me that this implementation is provided
courtesy of IBM, but that's about all I get get out of the debugger).
In any event, there is really no provision for the specification of
key and certificate material for the call out to acquire the WSDL off
the "secure" https URL, in which case the SSL handshake is doomed to
failure, as it clearly does in my debugger.
Looks like a gaping hole in the spec, if not the javax implementation
we are using. I suppose it could be an "implementation specific"
detail -- how to configure said key and certificate material, but no
provision seems to be made by the underlying implementation of these
javax classes, unless anyone here knows any differently. And there's
clearly no way to specify this material programmatically, which is
pretty much the kiss o' death, anyway. Unless there is some kind of
contextual API outside of the creation of the Service I
Rats.
-Fred
