用于使用 Web 服务的 SSL 连接 [英] SSL Connection for consuming web services

问题描述

我有一些关于为我的网络服务建立 SSL 连接的问题.所以我用 CXF 的工具WsdlToJava"生成了一个 java web 服务项目.现在我不想使用我的网络服务，它托管在我的服务器上，具有 SSL 协议访问权限.

I've some questions about establishing SSL connection for my web service. So I generated a java web service project with CXF's tool "WsdlToJava". Now I wan't to consume my web service, which is hosted on my server with SSL protocol access.

当我尝试关注此页面时 如何为 SOAP 客户端配置 HTTPConduit 我遇到了一些 SSL 问题.我替换了这部分:

When I try to follow this page How to configure the HTTPConduit for the SOAP Client I get some SSL issues. I replaced this part:

URL wsdl = getClass().getResource("wsdl/greeting.wsdl");
SOAPService service = new SOAPService(wsdl, serviceName);
Greeter greeter = service.getPort(portName, Greeter.class);

作者:

URL WSDL_LOC = new URL("https://myserver.com/ws/myWS?wsdl");
MyWS_Service myws_serv = new MyWS_Service(WSDL_LOC);
MyWS mywebservice = myws_serv.getMyWSSOAP();

但由于 SSL 原因，它在此代码的第二行失败.在教程中，SSL连接是在这部分之后建立的，我认为他们没有问题，因为他们的示例没有尝试在某些服务器上获取wsdl文件，而是在本地获取.

but it fails on the seconde line of this code, for SSL reasons. In the tutorial, the SSL connection is established after this part, and I think they don't have problems because their example doesn't try to get the wsdl file on some server, but it get it locally.

在获取 WSDL 文件之前，我需要做什么来建立 SSL 连接?谢谢

What do I have to do to establish SSL connection before getting the WSDL file? thank you

错误信息:

Exception in thread "main" javax.xml.ws.WebServiceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
    at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:150)
    at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:91)
    at javax.xml.ws.Service.<init>(Service.java:92)
    at com.myserver.MyWS_Service.<init>(MyWS_Service.java:37)
    at tests.MyWSTest.main(MyWSTest.java:49)
Caused by: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
    at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:94)
    at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:204)
    at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:148)
    ... 4 more
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://myserver.com/ws/myWS?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source)
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
    at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:244)
    at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:191)
    at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:92)
    ... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown Source)
    ... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 37 more

推荐答案

您需要拥有为https://myserver.com/"颁发证书的签名机构的 CA 证书.最简单的方法是通过 Web 浏览器获取https://myserver.com/"的证书，然后检查 CA 层次结构.获得父证书后，将其导入 JKS 信任库.当您运行 java 程序时，将其作为系统属性传递-Djavax.net.ssl.trustStore=yourtruststore.jks"

You will need to have the CA certificate of the signing authority who issued the certificate for "https://myserver.com/". Easiest way is to get the certificate of "https://myserver.com/" through web browser and then check the CA hierarchy. After you get the parent certificate, import it into a JKS trust store. When you run the java program pass it as system property "-Djavax.net.ssl.trustStore=yourtruststore.jks"

这篇关于用于使用 Web 服务的 SSL 连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！