Hi!
we use apache cxf 2.3.3 (was actual at that time...) with Spring to call some
web services over HTTPS.
In config we have:
<jaxws:client id="problemClient" serviceClass="com.example.FooWS"
address="https://localhost:8080/fake/"; />
<jaxws:client id="workingClient" serviceClass="com.example.BarWs"
address="https://bar.example.com:443/barws/BarWs"; />
<http-conf:conduit name=".*">
<http-conf:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="keyPassOne">
<sec:keyStore type="PKCS12"
password="keyPassOne" file="our.pfx"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore password="passTwo"
file="/trustKeystore/file"/>
</sec:trustManagers>
</http-conf:tlsClientParameters>
<http-conf:client AutoRedirect="true" Connection="Keep-Alive"
ConnectionTimeout="120000" ReceiveTimeout="600000" />
</http-conf:conduit>
The problem is that one ("workingClient") works, the other ("problemClient")
does not. The only difference in calling code is that the problemClient has an
extra line to set the actual server address:
@Autowired
@Qualifier("problemClient")
private FooWS m_fooClient;
...
if(m_fooClient instanceof BindingProvider) {
provider = (BindingProvider) m_fooClient;
provider.getRequestContext().put("thread.local.request.context", "true");
// extra line to set service address:
provider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"https://some.working.address/x/yWS";);
}
m_fooClient.theCall("fooooo"); // the actuall call
The error is a certificate trust error. The certificate is added to the
configured truststore, but is seems to be ignored. If it is added to the system
truststore, then it works.
Is there something simple that we overlooked?
The application server running the app is WebLogic.
Regards,
David Balažic
