I am getting following exception when i am trying to access SSl enabled web
service with cxf java client.
main, handling exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Client code
public static void main(String[] args) {
System.setProperty("javax.net.debug", "all");
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.getOutInterceptors().add(new
WSS4JOutInterceptor(getAuthValues()));
factory.setServiceClass(AuthService.class);
factory.setAddress("
https://share.dsi.com/DSIExternalWS/services/cxfAuth";);
AuthService client = (AuthService) factory.create();
User user = client.getUser("022");
System.out.println("Server said: " + user.getLastName() + ", " +
user.getFirstName());
System.exit(0);
}
private static Map<String, Object> getAuthValues() {
// TODO Auto-generated method stub
Map props = new HashMap<String, Object>();
props.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT + "
" + WSHandlerConstants.USERNAME_TOKEN);
props.put(WSHandlerConstants.USER, "gusingh");
props.put("passwordCallbackClass",
"com.dsi.service.client.ClientPasswordCallback");
return props;
}
On Sun, May 10, 2009 at 12:49 PM, Marc Logemann <[email protected]> wrote:
> Hi,
>
> on testing the my client with HTTPS i am getting this in the console many
> times:
>
> 10.05.2009 18:42:20 org.apache.cxf.transport.https.SSLUtils getCiphersuites
> INFO: The cipher suites have not been configured, falling back to cipher
> suite filters.
> 10.05.2009 18:42:20 org.apache.cxf.transport.https.SSLUtils getCiphersuites
> INFO: The cipher suite filters have not been configured, falling back to
> default filters.
> 10.05.2009 18:42:20 org.apache.cxf.transport.https.SSLUtils
> getCiphersFromList
> INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
> SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA,
> TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
> TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
>
> This problem is also described in this "old" thread:
> http://markmail.org/thread/kkcp6lbx26al2fo6
>
> Of course i also tried the
>
> <http:conduit name="*.http-conduit">
> <http:tlsClientParameters secureSocketProtocol="SSL">
> <sec:cipherSuitesFilter> <!-- these filters ensure that a
> ciphersuite with export-suitable or null encryption is used, but exclude
> anonymous Diffie-Hellman key change as this is vulnerable to
> man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> </http:conduit>
>
> config without luck. But my cxf.xml gets read in my Test client (the
> generated client of WSDL2Java).
>
> In general the client call works with the JAX-WS-style supplied username
> and password but i really dont like the logging and i wonder if its too slow
> then as mentioned in the thread above.
>
> Thx for info on this.
>
> ---
> regards
> Marc Logemann
> http://www.logemann.org
> http://www.logentis.de
>
>
>
>
>
