Re: CXF and SSL

Tue, 11 Sep 2007 20:29:18 -0700 

Hi Ryan,
Just FYI, you can take the systest's http package [1] as an example when you write a test case for you case. [1] https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http 

We can trace the bug more easily with your test case .

Willem.

Ryan Moquin wrote:

Nope, I'll show you exactly what I change where one gets a handshake error
and the other can't construct the XML message:

I change the URL between these two (depending on whether I was ssl or not
obviously):

https://localhost:8084/webservices/messaging.asmx

http://localhost:8084/webservices/messaging.asmx

The only other change I make is to comment out the SSL contents of cfx.xml:

<beans xmlns="http://www.springframework.org/schema/beans";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xmlns:sec="http://cxf.apache.org/configuration/security";
  xmlns:http="http://cxf.apache.org/transports/http/configuration";
  xsi:schemaLocation="http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
  http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>

  <http:conduit name="{
http://www.sendwordnow.com/notification}SWN_x0020_Messaging_x0020_Web_x0020_ServiceSoap.http-conduit
">

<!--<http:tlsClientParameters secureSocketProtocol="SSL">
      <sec:trustManagers>
          <sec:keyStore type="JKS" password="changeit"
               file="c:\jdk1.5.0_12\jre\lib\security\cacerts"/>
      </sec:trustManagers>
      <sec:keyManagers keyPassword="">
           <sec:keyStore type="JKS" password="changeit"
                file="c:\jdk1.5.0_12\jre\lib\security\cacerts"/>
      </sec:keyManagers>
    </http:tlsClientParameters>-->

  </http:conduit>
</beans>

It's prob hard to see but I commented the http:tlsClientParameters element.
So I use the http url and the commented cfx.xml and then I use the https url
and the uncommented cfx.xml.  When I do, the http one will fail because it
claims the XML can't be created, the other one generates a handshake error.
Nothing else is changed.  This problem also occurs on 2.1.  I can see if I
can get a test case to demonstrate this as well.

On 9/11/07, Willem Jiang <[EMAIL PROTECTED]> wrote:

  

Hi Ryan ,

It is wired because there is only one difference in the the transport
layer between the http and https.
So I am wonder whether you create two different projects (one for http ,
the other for https) or not.

Maybe there are some difference between your two projects setting.

Willem.
Ryan Moquin wrote:

    

So things have only gotten worse in regards to things going haywire with

      

CXF

    

and the webservice I'm trying to communicate with.  I'm able to send a

      

soap

    

request directly to the webservice without an SSL problems, but I always

      

get

    

a handshake error no matter what I try with CXF.  Here is my current
cxf.xmlfile:

<beans xmlns="http://www.springframework.org/schema/beans";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xmlns:sec="http://cxf.apache.org/configuration/security";
  xmlns:http="http://cxf.apache.org/transports/http/configuration";
  xsi:schemaLocation="

      

http://cxf.apache.org/transports/http/configuration

    

http://cxf.apache.org/schemas/configuration/http-conf.xsd
  http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>

  <http:conduit name="{
http://testnotification/notification}NotificationPort.http-conduit";>
    <http:tlsClientParameters secureSocketProtocol="SSL">
      <sec:trustManagers>
          <sec:keyStore type="JKS" password="changeit"
               file="c:\jdk1.5.0_12\jre\lib\security\cacerts"/>
      </sec:trustManagers>
      <sec:keyManagers keyPassword="">
           <sec:keyStore type="JKS" password="changeit"
                file="c:\jdk1.5.0_12\jre\lib\security\cacerts"/>
      </sec:keyManagers>
    </http:tlsClientParameters>
  </http:conduit>
</beans>

this is the same store that my manual connection to the webservice is

      

using,

    

yet with cxf I get:

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(

      

Alerts.java

    

:150)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(

      

Alerts.java

    

:117)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(
SSLSocketImpl.java:1584)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(
SSLSocketImpl.java:866)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(
SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(
SSLSocketImpl.java:1057)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(
SSLSocketImpl.java:1041)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(
HttpsClient.java:402)
        at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
AbstractDelegateHttpsURLConnection.java:
166)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(
HttpURLConnection.java:857)
        at

      

sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream

    

(HttpsURLConnectionImpl.java:230)
        at


      

org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching

    

(HTTPConduit.java:1787)

        at


      

org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite
(

    

HTTPConduit.java:1755)
        at org.apache.cxf.io.AbstractWrappedOutputStream.write(
AbstractWrappedOutputStream.java:42)
        at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
        at com.ctc.wstx.sw.BufferingXmlWriter.flush(

      

BufferingXmlWriter.java

    

:214)
        at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java

      

:311)

    

Any ideas?  I'm about at the end of my rope... I cannot for the life of

      

me

    

get this to work.  I did try to send a request without SSL just so I

      

could

    

see what it's sending, if I simply comment out the SSL config in my

      

cxf.xml,

    

then CXF will start complaining that it can't serialize my jaxb objects
because of a missing XMLRoot which makes no sense because with SSL

      

turned

    

on, it magically has no problem serializing my JAXB objects.  Also, with

      

SSL

    

off, all I get in TCPMon is just some headers sent to the webservice

      

with no

    

soap in the body.  Does anyone know why this is so screwy?  I'm using

      

2.0.1:

    

Caused by: javax.xml.bind.MarshalException
 - with linked exception:
[com.sun.istack.SAXException2: unable to marshal type "
testnotification.NotificationInfo" as an element b
ecause it is missing an @XmlRootElement annotation]
        at com.sun.xml.bind.v2.runtime.MarshallerImpl.write(
MarshallerImpl.java:295)
        at com.sun.xml.bind.v2.runtime.MarshallerImpl.marshal(
MarshallerImpl.java:221)
        at javax.xml.bind.helpers.AbstractMarshallerImpl.marshal(
AbstractMarshallerImpl.java:70)
        at org.apache.cxf.jaxb.JAXBEncoderDecoder.writeObject(
JAXBEncoderDecoder.java:187)
        at org.apache.cxf.jaxb.JAXBEncoderDecoder.marshall(
JAXBEncoderDecoder.java:156)
        ... 54 more
Caused by: com.sun.istack.SAXException2: unable to marshal type "
testnotification.NotificationInfo" as an
 element because it is missing an @XmlRootElement annotation
        at com.sun.xml.bind.v2.runtime.XMLSerializer.reportError(
XMLSerializer.java:225)
        at com.sun.xml.bind.v2.runtime.ClassBeanInfoImpl.serializeRoot(
ClassBeanInfoImpl.java:267)
        at


      

com.sun.xml.bind.v2.runtime.property.SingleReferenceNodeProperty.serializeBody

    

(SingleReferenceNodeProperty.jav
a:74)
        at com.sun.xml.bind.v2.runtime.ClassBeanInfoImpl.serializeBody(
ClassBeanInfoImpl.java:286)
        at com.sun.xml.bind.v2.runtime.XMLSerializer.childAsXsiType(
XMLSerializer.java:619)
        at


      

com.sun.xml.bind.v2.runtime.property.SingleElementNodeProperty.serializeBody

    

(SingleElementNodeProperty.java:11
3)
        at com.sun.xml.bind.v2.runtime.ClassBeanInfoImpl.serializeBody(
ClassBeanInfoImpl.java:286)
        at com.sun.xml.bind.v2.runtime.XMLSerializer.childAsXsiType(
XMLSerializer.java:619)
        at

      

com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(

    

ElementBeanInfoImpl.java:93)
        at

      

com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl$1.serializeBody(

    

ElementBeanInfoImpl.java:127)
        at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeBody

      

(

    

ElementBeanInfoImpl.java:244)
        at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot

      

(

    

ElementBeanInfoImpl.java:251)
        at com.sun.xml.bind.v2.runtime.ElementBeanInfoImpl.serializeRoot

      

(

    

ElementBeanInfoImpl.java:33)
        at com.sun.xml.bind.v2.runtime.XMLSerializer.childAsRoot(
XMLSerializer.java:461)
        at com.sun.xml.bind.v2.runtime.MarshallerImpl.write(
MarshallerImpl.java:292)



      



  






















					Reply via email to