HTTPS client configuration using JaxWsProxyFactoryBean

Tue, 18 Oct 2011 08:18:56 -0700 

All:

 

Is it possible to configure the JaxWsProxyFactoryBean to use HTTPS? It
looks as though it should be, but I can't quite figure out how to
connect up the bits. I have added this to the Spring configuration file:

 

  <http:conduit
name="{http://of306.ws.abis.datasourceinc.com/}Of306ServerPort.http-cond
uit">

    <http:tlsClientParameters secureSocketProtocol="SSL">

      <sec:keyManagers>

        <sec:keyStore type="JKS" password="0ftobp8ssw0rd"
file="C:/Java/jks/of306-truststore.jks"/>

      </sec:keyManagers>

      <sec:trustManagers>

        <sec:keyStore type="JKS" password="0ftobp8ssw0rd"
file="C:/Java/jks/of306-truststore.jks"/>

      </sec:trustManagers>

         <sec:cipherSuitesFilter>

        <!-- these filters ensure that a ciphersuite with

             export-suitable or null encryption is used,

             but exclude anonymous Diffie-Hellman key change as

             this is vulnerable to man-in-the-middle attacks -->

        <sec:include>.*_EXPORT_.*</sec:include>

        <sec:include>.*_EXPORT1024_.*</sec:include>

        <sec:include>.*_WITH_DES_.*</sec:include>

        <sec:include>.*_WITH_NULL_.*</sec:include>

        <sec:exclude>.*_DH_anon_.*</sec:exclude>

      </sec:cipherSuitesFilter>

    </http:tlsClientParameters>

    <http:client AutoRedirect="true" Connection="Keep-Alive"/>

  </http:conduit>

 

The name is (appropriately, I think) the namespace + port name +
".http-conduit". (I have also tried using "<sec:certStore
file="C:/Java/jks/of306-truststore.jks"/>" under <sec:trustManagers>)
However, when I try this:

 

                     JaxWsProxyFactoryBean factory = new
JaxWsProxyFactoryBean();

                     LoggingInInterceptor inInterceptor = new
LoggingInInterceptor();

                     inInterceptor.setLimit(-1);

                     factory.getInInterceptors().add(inInterceptor);

                     LoggingOutInterceptor outInterceptor = new
LoggingOutInterceptor();

                     outInterceptor.setLimit(-1);

                     factory.getOutInterceptors().add(outInterceptor);

                     factory.setServiceClass(Of306Service.class);

 
factory.setAddress(applicationConfig.getMessage("of306.service.url"));

******               ConduitSelector conduitSelector =
factory.getConduitSelector();

                     Of306Service client = (Of306Service)
factory.create();

                     PinValidationDataImpl data = new
PinValidationDataImpl();

                     Of306 of306 = (Of306) command;

                     data.setPin(of306.getPin());

                     data.setSsn(of306.getSsn());

 
data.setDateOfBirth(formatter.format(of306.getDateOfBirth().getDate()));

                     ValidationOutcome outcome =
client.validatePin(data);

 

The ConduitSelector is null (which didn't surprise me too much, though
it certainly looks in the HTTPS setup that it should "just work", as so
much in Spring does). Do I need to set the ConduitSelector? Is it even
possible to do so? Which type should be used?

 

This is what the logging looks like - it looks as though it's possible
it is getting the idea, in fact (and yes, the appropriate exported
self-signed certificate is imported into the trust-store, before anyone
asks):

 

2011-10-18 10:53:36,398 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleMessage on
interceptor
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
nterceptor@1a85a3b0

2011-10-18 10:53:36,400 INFO
[org.apache.cxf.interceptor.LoggingOutInterceptor] - Outbound Message

---------------------------

ID: 1

Address: https://dsills-t1500:8300/dsi-services/secure/Of306Service

Encoding: UTF-8

Content-Type: text/xml

Headers: {Accept=[*/*], SOAPAction=[""]}

Messages: (message truncated to -1 bytes)

 

Payload: <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><ns1:v
alidatePin
xmlns:ns1="http://of306.ws.abis.datasourceinc.com/";><validationData><pin
>333333</pin><ssn>555827444</ssn><dateOfBirth>11/01/1953</dateOfBirth></
validationData></ns1:validatePin></soap:Body></soap:Envelope>

--------------------------------------

2011-10-18 10:53:36,402 DEBUG [org.apache.cxf.transport.http.Headers] -
Accept: */*

2011-10-18 10:53:36,402 DEBUG [org.apache.cxf.transport.http.Headers] -
SOAPAction: ""

2011-10-18 10:53:36,404 DEBUG
[org.apache.cxf.transport.http.TrustDecisionUtil] - No Trust Decider for
Conduit
'{http://of306.ws.abis.datasourceinc.com/}Of306ServicePort.http-conduit'
. An afirmative Trust Decision is assumed.

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
nterceptor@1a85a3b0

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.interceptor.StaxOutEndingInterceptor@553d26fd

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEnding
Interceptor@63d587bf

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.interceptor.WrappedOutInterceptor$WrappedOutEndingInterce
ptor@c2ccccf

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.interceptor.BareOutInterceptor@607e334

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.interceptor.WrappedOutInterceptor@19451392

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@2529c051

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.interceptor.StaxOutInterceptor@6234a1ed

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@4323c852

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@341b8757

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@7b527b7a

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@6f
d56e03

2011-10-18 10:53:36,430 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@6
d7300f9

2011-10-18 10:53:36,431 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@30d497f9

2011-10-18 10:53:36,431 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@6428c5d6

2011-10-18 10:53:36,431 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor
org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@5545757a

2011-10-18 10:53:36,431 DEBUG
[org.apache.cxf.phase.PhaseInterceptorChain] - Invoking handleFault on
interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@60abe06e

2011-10-18 10:53:36,434 WARN
[org.apache.cxf.phase.PhaseInterceptorChain] - Interceptor for
{http://of306.ws.abis.datasourceinc.com/}Of306ServiceService#{http://of3
06.ws.abis.datasourceinc.com/}validatePin has thrown exception,
unwinding now

org.apache.cxf.interceptor.Fault: Could not send Message.

            at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
nterceptor.handleMessage(MessageSenderInterceptor.java:64)

            at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:263)

            at
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519)

            at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449)

            at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352)

            at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304)

            at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)

            at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)

            at $Proxy84.validatePin(Unknown Source)

            at
com.datasourceinc.of306.controller.Of306Controller.validatePin(Of306Cont
roller.java:187)

            at
com.datasourceinc.of306.controller.Of306Controller.onBindAndValidate(Of3
06Controller.java:147)

            at
org.springframework.web.servlet.mvc.AbstractWizardFormController.onBindA
ndValidate(AbstractWizardFormController.java:231)

            at
org.springframework.web.servlet.mvc.BaseCommandController.bindAndValidat
e(BaseCommandController.java:401)

            at
org.springframework.web.servlet.mvc.AbstractFormController.handleRequest
Internal(AbstractFormController.java:266)

            at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs
tractController.java:153)

            at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl
e(SimpleControllerHandlerAdapter.java:48)

            at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS
ervlet.java:788)

            at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe
rvlet.java:717)

            at
org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
kServlet.java:644)

            at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet
.java:560)

            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:641)

            at
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

            at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:304)

            at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:210)

            at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:240)

            at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:164)

            at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:498)

            at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:164)

            at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:100)

            at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562
)

            at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:118)

            at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:3
94)

            at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:24
3)

            at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:188)

            at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.j
ava:302)

            at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:886)

            at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:908)

            at java.lang.Thread.run(Thread.java:662)

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
invoking https://dsills-t1500:8300/dsi-services/secure/Of306Service:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

Reply via email to