http-conduit in cxf client - how to configure ?

Wed, 25 Jan 2012 04:07:55 -0800 

Hi All
I'm trying to write a simple cxf client with trustedCert and I'm almost sure I'm doing it in wrong and stupid way :D 

The result:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

So I'm not sure if my ssl configuration is set properly...

There is my service exposed via https, the cert is imported into my jks.

application-context.xml  :


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; 
        xmlns:sec="http://cxf.apache.org/configuration/security";
       xmlns:http="http://cxf.apache.org/transports/http/configuration";
xsi:schemaLocation="http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> 

<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
</beans>


ssl.xml :

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xmlns:sec="http://cxf.apache.org/configuration/security";
       xmlns:http="http://cxf.apache.org/transports/http/configuration";
xsi:schemaLocation="http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> 

<http:conduit name="{http://my.service}ServiceSoap.http-conduit";>


<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="****" resource="cert.jks"/>
</sec:trustManagers>
<!--<sec:cipherSuitesFilter>-->
<!--<sec:include>.*_EXPORT_.*</sec:include>-->
<!--<sec:include>.*_EXPORT1024_.*</sec:include>-->
<!--<sec:include>.*_WITH_DES_.*</sec:include>-->
<!--<sec:include>.*_WITH_NULL_.*</sec:include>-->
<!--<sec:exclude>.*_DH_anon_.*</sec:exclude>-->
<!--</sec:cipherSuitesFilter>-->
</http:tlsClientParameters>
</http:conduit>


</beans>

and the code is generated with cxf-codegen-plugin.
Should it be imported somewhere? It is on classpath, but I'm not sure if it is working... The Client uses generated Service classes in the same way as without ssl. 


regards


rafal

Reply via email to