Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
java 1.6.0_45 and 1.7.0_45 on Windows 8, CXF version 2.7.6
-
Unknown
Description
Hi,
I'm facing issue with CXF client. I have a Java client generated from WSDL. The WSDL contains RequireClientCertificate="true" in the Policy. I'm calling a web service over HTTPS with client certificate authentication. Although HTTPS connection is established and with client certificate authentication (ensured with -Djavax.net.debug=all), calling a WS method throws exception.
The strange thing is, that the first call succeeded and the second and all other calls, fail with this exception . The other calls can be done with the same client object or can create new, no matter. The client object is created as follows:
// our custom ssl settings, with client cert auth in this case. SSLSocketFactory sslSockF = createSSLSocketFactoryFromProperties(_properties); ProductionService service = new ProductionService( new URL(myURL), new QName("http://mycompany.com/api/productionService", "ProductionService")); port = service.getBasicHttpBindingIProductionService(); Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setDisableCNCheck(true); tlsParams.setSSLSocketFactory(sslSockF); http.setTlsClientParameters(tlsParams); return port;
The exception:
----------------------------- etc... Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: UntrustedURLConnectionIOException invoking https://192.168.101.14/myApplication/services/ProductionService.svc: RequireClientCertificate is set, but no local certificates were negotiated. Is the server set to ask for client authorization? at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1334) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) ... 14 more Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: RequireClientCertificate is set, but no local certificates were negotiated. Is the server set to ask for client authorization? at org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1680) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1264) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234) at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195) at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291) ... 24 more -----------------------------