Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4037

Problem creating dynamic client when WSDL is hosted with secured transport (https)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 2.4.2, 2.4.3, 2.4.5
    • 2.4.6, 2.5.2
    • JAX-WS Runtime
    • None
    • Unknown

    Description

      I am trying to call a create a client dynamically to invoke the WebService(see below). Notice my WSDL URL is https.
      Also, with a minor modification(to add the spring config file to the bus) to the client generated using the wsdl2java utility I am able to call the secured webservice.
      But my requirement is to dynamically generate clients and call the webservice provided the wsdlUrl, method name and method arguments.

      CLIENT CODE
      ------------

      SpringBusFactory bf = new SpringBusFactory();

bus = bf.createBus(securityConfigFile);

BusFactory.setDefaultBus(bus);

 

JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.newInstance(bus);

dcf.setSimpleBindingEnabled(false);

List<String> bindingFiles = new ArrayList<String>();

File bindingFile = generateCustomBindingFile(fileLocationURL);

try {

bindingFiles.add(bindingFile.getCanonicalPath().toString());

} catch (IOException e) {

throw new LVOException(Level.SEVERE, "WSDL_INVALID_BINDINGFILE",

bindingFile.toString());

}

Client client = dcf.createClient(new URL(https://localhost:9999/getAccount?wsdl), bindingFiles);

      EXCEPTION
      ----------

      I get the below Exception while trying to create the client. 

      log4j:WARN No appenders could be found for logger (org.apache.cxf.bus.spring.BusApplicationContext).

log4j:WARN Please initialize the log4j system properly.

Jan 14, 2012 4:44:59 PM org.apache.cxf.bus.spring.BusApplicationContext getConfigResources

INFO: Loaded configuration file ./test/resources/wsdl/WibbleClient.xml.

Exception in thread "main" org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.

at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:80)

at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:261)

at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:235)

at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:170)

at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.generateClient(WSDLDataModelerImpl.java:82)

at com.convergys.lvo.integration.WebServiceDataModeler.getServiceClient(WebServiceDataModeler.java:414)

at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.getEntityData(WSDLDataModelerImpl.java:139)

at com.convergys.lvo.integration.wsdl.WSDLDataModelerImpl.main(WSDLDataModelerImpl.java:302)

Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://localhost:9999/getCustomer?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2111)

at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2303)

at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2335)

at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:239)

at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:186)

at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:78)

... 7 more

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)

at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)

at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)

at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)

at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)

at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)

at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)

at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)

at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)

at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2101)

... 12 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)

at sun.security.validator.Validator.validate(Validator.java:218)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)

... 31 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)

... 37 more

      SPRING CONFIG FILE
      ------------------

      Below is my spring config file for my client.

       

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:sec="http://cxf.apache.org/configuration/security"

xmlns:http="http://cxf.apache.org/transports/http/configuration"

xsi:schemaLocation="

http://cxf.apache.org/configuration/security

http://cxf.apache.org/schemas/configuration/security.xsd

http://cxf.apache.org/transports/http/configuration

http://cxf.apache.org/schemas/configuration/http-conf.xsd

http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans.xsd">


<http:conduit name="{http://www.example.org/AWC/}AWCSOAP.http-conduit">

<http:tlsClientParameters disableCNCheck="true">

<sec:trustManagers>

<sec:keyStore type="JKS" password="password"

file="test/resources/wsdl/truststore.jks"/>

</sec:trustManagers>

<sec:keyManagers keyPassword="password">

<sec:keyStore type="JKS" password="password" 

file="test/resources/wsdl/wibble.jks"/>

</sec:keyManagers>

<sec:cipherSuitesFilter>

<!-- these filters ensure that a ciphersuite with

export-suitable or null encryption is used,

but exclude anonymous Diffie-Hellman key change as

this is vulnerable to man-in-the-middle attacks -->

<sec:include>.*_EXPORT_.*</sec:include>

<sec:include>.*_EXPORT1024_.*</sec:include>

<sec:include>.*_WITH_DES_.*</sec:include>

<sec:include>.*_WITH_NULL_.*</sec:include>

<sec:exclude>.*_DH_anon_.*</sec:exclude>

</sec:cipherSuitesFilter>

</http:tlsClientParameters>

<http:authorization>

<sec:UserName>admin</sec:UserName>

<sec:Password>admin</sec:Password>

</http:authorization>

</http:conduit>

</beans>

      Really appreciate your comments and feedback.

      Attachments

        Activity

          People

            dkulp Daniel Kulp
            hdevireddy Harsha Devireddy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: