未能创建服务异常 javax.xml.ws.WebServiceException: [英] Failed to create service exception javax.xml.ws.WebServiceException:

问题描述

我迫切需要帮助弄清楚为什么我的应用程序没有创建网络服务.

I need desperate help to figure out why my application is not creating a webservice.

这是我的网络服务 Java 类:

Here's my webservice Java class:

  @WebService
  @Component
  public class LoginWs extends AbstractWs
{
private static final Logger logger=MiscUtils.getLogger();

@Autowired
private PersonDao personDao = null;

/**
 * Returns PersonTransfer on valid login
 * @throws NotAuthorisedException if password is incorrect
 */
public PersonTransfer login(String userNameOrEmailAddress, String password) throws NotAuthorisedException
{
    Person person=personDao.findByUserNameOrEmailAddress(userNameOrEmailAddress, true);

    if (person != null && person.checkPassword(password))
    {
        PersonTransfer personTransfer = PersonTransfer.getTransfer(person);

        personDao.setLastLogin(person.getId(), new GregorianCalendar());

        EventLogDao.logEvent(ActionType.READ_DATA.name(), "LoginWs.login()", "personId=" + person.getId());         

        return(personTransfer);
    }

    logger.debug("Login failed : u/p="+userNameOrEmailAddress+"/"+password);

    throw(new NotAuthorisedException("Invalid Username/Password"));
}
}

调用这个服务的代码是:

The code that is calling this service is:

  public static LoginWs getLoginWs()
{

    LoginWsService service = new LoginWsService(buildURL("LoginService"));

    LoginWs port = service.getLoginWsPort();

    CxfClientUtils.configureClientConnection(port);

    return(port);
}

异常被抛出:

   LoginWsService service = new LoginWsService(buildURL("LoginService"));

这里是完整的例外:

    Error
    javax.xml.ws.WebServiceException:  org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:149)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:65)
at javax.xml.ws.Service.<init>(Service.java:56)
at org.websr.my_server.ws.LoginWsService.<init>(Unknown Source)

    Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://192.168.2.184:8443/my_server/ws/LoginService?wsdl'.: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

谁能告诉我为什么它无法创建服务本身.在 LoginWs 方法中，这一行

Can someone tell me why it is failing at creating Service itself. In LoginWs method, this line

   CxfClientUtils.configureClientConnection(port);

配置了 SSL 连接，但我的代码甚至没有到达那里.它正在尝试连接LoginWsService 服务 = new LoginWsService(buildURL("LoginService"));并且失败了.

configures the SSL connection but my code is not even getting there. It's trying to connect at LoginWsService service = new LoginWsService(buildURL("LoginService")); and failing.

谁能告诉我这里发生了什么?谢谢！

Can someone please tell me what's going on here? Thanks!

cert.pem:

        MIID1DCCArygAwIBAgIJAPAlC2JvlPsZMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
VQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzERMA8G
A1UEChMISW5kaXZpY2ExETAPBgNVBAsTCEluZGl2aWNhMRYwFAYDVQQDEw0xOTIu
MTY4LjIuMTg0MSEwHwYJKoZIhvcNAQkBFhJkaXZ5YUBpbmRpdmljYS5jb20wHhcN
MTIwMTA2MTYxMTQwWhcNMTMwMTA1MTYxMTQwWjCBkjELMAkGA1UEBhMCQ0ExEDAO
BgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xETAPBgNVBAoTCEluZGl2
aWNhMREwDwYDVQQLEwhJbmRpdmljYTEWMBQGA1UEAxMNMTkyLjE2OC4yLjE4NDEh
MB8GCSqGSIb3DQEJARYSZGl2eWFAaW5kaXZpY2EuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxY8+fsw2pP4ToHN6XFNli4vOGbt+O/ANsr1A8iJh
nCb6cpQ58xF4pvYmETHrAUpv4zpi31SzZvWYI1tMaCEv9IpcX6Kc1B8NB9sLUnhR
gyblF37rZ7eMmSAXXeDS0CTtDEJoHOkGxoUdCN6N+vZjJ5+ZONiiuLqZ4x4HwBFr
ucIlwl2FkMMSxylg90tttSIyUHGz/p2DvNA2goYih4d89c/FLNpqwku+G3/gnL7U
l0OmNuFwJa/qMjy/V1orfpT8egxxh8DMp+fLAv1gjbeoizUs2bHo9kQSbUSp9Cwb
VDCol9jGI14cBuuEpWSANx2gTekN1ktoxztFPCh7H3OK/wIDAQABoyswKTAPBgNV
HREECDAGhwTAqAK4MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEB
BQUAA4IBAQALvpU0/5gQedlET2+r2MV0oksTmM2hV677yVsrOnGCOnTcgMZHp5i4
A0B24Ed2iDesX60OAViIocQkOiwYTRnubg5SoWyL1nhmaa/98U6M/re8R/bvq6OK
qrzEO6hHOtunJg1HcZDiJZop7R/pM52yRhRoXU6upZEhbPr6Eh+zfysA0TD6uMs7
9k2VeJo++XUvbG3dkVJ9kYhqfx2vC0HiMI4H2eomzl2ymS+R9Kg/9o29K8oCYjDI
jWPbl2hmf2cQuC4gG8GUDZi7zJkFsBuJpD6XgpIVK9zNhg1e89eP0nABupIFqBOI
iz0C+tRB4z4TezPL6yC7BDMY2nJ/Cg5e

与服务器实际使用的对比:

vs what the server is actually using:

MIICVTCCAb6gAwIBAgIETr3AxTANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJD
QTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzERMA8GA1UEChMI
SW5kaXZpY2ExETAPBgNVBAsTCEluZGl2aWNhMRYwFAYDVQQDEw0xOTIuMTY4LjIu
MTg0MB4XDTExMTExMjAwNDE0MVoXDTIxMTEwOTAwNDE0MVowbzELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xETAPBgNVBAoT
CEluZGl2aWNhMREwDwYDVQQLEwhJbmRpdmljYTEWMBQGA1UEAxMNMTkyLjE2OC4y
LjE4NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzvnBMOM2YpM4Ch0MkesA
ryqX3YD8O22kJJrpRuOMyqgt6fKEDxkcGjiEZ7qLfWbzv3eX9DE0nVeS4m65Ucr2
LLZN6iZoqP8J+AmkSXKapIQpX7tZM5UuTDy82vUdOiYJELB3NSJc/4nkZkTaN8Uj
h3Ph366kRUP+QWiq2y97KKMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBFeOQOKq9u
4nq/IUgNpILrhcpiAP5LB49bCXeTCi8Ls51qUCaezceUQKrWM60a6w8FxQF+yopB
PSqGMrUBHnvewkThgZbS12t5vOEoXnWjOwiXhMhRsk5i9YUh1QCYfOFF23aXNfRu
NLL5svksUHm1IzBJJANnL/YdJHRrR0IEQg==

推荐答案

java.security.cert.CertificateException: No subject alternative names present

听起来您正在使用 IP 地址(而不是主机名)直接连接到没有主题备用名称条目的证书.

It sounds like you're connecting using an IP address directly (and not a host name) to a certificate that doesn't have a Subject Alternative Name entry.

这当然与这个问题有关:

This is of course related to this question:

• 如何将主题替代名称添加到ssl 证书?

如果您选择不使用 SAN 条目而是依赖 CN 中的主机名(您也已将其配置为解析为客户端中的正确 IP 地址)，则还必须使用它来指定连接.您的 URL 构建器可能正在构建一个仍依赖于 IP 地址的 URL.

If you've chosen not to use a SAN entry but to rely an a host name in the CN (which you've also configured to resolve to the correct IP address in your client), you must also use it to specify the connection. Your URL builder is probably building a URL that still relies on the IP address.

(以下评论)

正如我在上面链接的另一个问题的回答中所说的那样，(至少)有两种方法可以创建带有 Java 主题替代名称的自签名证书:

As I was saying in the answer to the other question linked above, there are (at least) two ways of creating a self-signed cert with a Subject Alt Name for Java:

• 使用 Java 7 的 keytool
• 使用 OpenSSL，如下所述:http://www.crsr.net/Notes/SSL.html

您选择了第二个选项(可能有点困难?).OpenSSL 能够生成 PKCS#12 文件 (.p12)，默认 Java 安全提供程序应该能够直接将其用作密钥库(尽管 Java 6 中的 keytool及以上能够通过 -importkeystore 将它们转换为 JKS 存储).要直接使用它们，请使用 "PKCS12" 存储类型.

You've chosen the second option (possibly a bit more difficult?). OpenSSL is capable of producing a PKCS#12 file (.p12), which the default Java security providers should be able to use as a keystore directly (although keytool in Java 6 and above is capable of converting them to a JKS store via -importkeystore). To use them directly, use the "PKCS12" store type.

要使用 OpenSSL 构建 PKCS#12 文件，使用自签名证书生成的结果(假设文件名为 cert.pem 用于证书和 key.pem 为私钥):

To build a PKCS#12 file, with OpenSSL, using the result of the self-signed certificate generation (assuming the files are called cert.pem for the cert and key.pem for the private key):

openssl pkcs12 -export -in cert.pem -inkey key.pem -out store.p12

然后，在 Apache Tomcat 中使用(并重启 Tomcat)进行配置:

Then, configure it in Apache Tomcat using (and restart Tomcat):

<Connector port="8443" ... scheme="https" secure="true" 
     keystoreFile="/path/to/store.p12"  
     keystorePass="..." keystoreType="PKCS12" sslProtocol="TLS" />

在 PKCS#12 文件中提取证书的内容:

To extract the content of the cert in the PKCS#12 file:

openssl pkcs12 -in store.p12 -nokeys -clcerts | openssl x509 -text -noout

要检查服务器实际使用的证书:

To check the certificate the server is actually using:

echo "" | openssl s_client -showcerts -connect hostname_or_ip_address:port

这篇关于未能创建服务异常 javax.xml.ws.WebServiceException:的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！