Hi CXF contributors, I have experienced similar error when I try to invoke a logon operation on a Web service provider. I have attached the logs which has all the SSL handshake logs and soap messages. I went through the ssl handshake logs and it appears to me that my client has succesfully established the handshake with server (web service provider), then invoked the logon service operation. After logon operation I have received Fobidden access error. I am unclear here whether it is an issue with my CXF config or our proxy server rejecting the operation or webservice provider is rejecting the operation. Do you think you can help me with reviewing the logs and confirm to me that my CXF config is not the issue? If i can confirm this then i could determine if I need to chase our infrastructure team that manage proxy server or web service provider. Please note, I am using camel-cxf, so you will see some camel logs..
http://cxf.547215.n5.nabble.com/file/n4398942/ssl-cxf.txt ssl-cxf.txt <jaxws:client address="https://156.48.255.126/axis/services/BclearApi16"; wsdlLocation="classpath:META-INF/wsdl/bclear/bclearapi-1.6.wsdl" serviceClass="com.cinnober.trademanager.bclearapi_1_6.BclearApi16" serviceName="BclearApi16" id="bclearClient" createdFromAPI="true"> <jaxws:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/> </jaxws:inInterceptors> <jaxws:outInterceptors> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> </jaxws:outInterceptors> <jaxws:properties> <entry key="schema-validation-enabled" value="true" /> </jaxws:properties> </jaxws:client> <http:conduit name="{http://trademanager.cinnober.com/bclearapi-1.6}BclearApi16.http-conduit"; id="macProxy"> <http:tlsClientParameters secureSocketProtocol="SSLv3" disableCNCheck="true" > <sec:keyManagers keyPassword="3hbpass"> <sec:keyStore type="PKCS12" file="C:\BEL\src\test\resources\META-INF\wsdl\bclear\certs\3HB.p12"/> </sec:keyManagers> <sec:trustManagers> <sec:certStore file="C:\BEL\src\test\resources\META-INF\wsdl\bclear\certs\3HB.cer"/> </sec:trustManagers> </http:tlsClientParameters> <http:authorization> <sec:UserName>test</sec:UserName> <sec:Password>test</sec:Password> <sec:AuthorizationType>BASIC</sec:AuthorizationType> </http:authorization> <http:proxyAuthorization> <sec:UserName>test</sec:UserName> <sec:Password>test</sec:Password> <sec:AuthorizationType>BASIC</sec:AuthorizationType> </http:proxyAuthorization> <http:client AutoRedirect="true" Connection="Keep-Alive" ProxyServer="proxy-dev2" ProxyServerPort="8080" ConnectionTimeout="0" ReceiveTimeout="0" ContentType="text/xml" Host="https://156.48.255.126/axis/services/BclearApi16"; AcceptLanguage="English" AllowChunking="false" /> </http:conduit> Kind regards, -Vid- -- View this message in context: http://cxf.547215.n5.nabble.com/Proxy-server-configuration-at-web-services-client-side-tp569342p4398942.html Sent from the cxf-dev mailing list archive at Nabble.com.
