用於使用Web服務的SSL連接

Question

我對我的Web服務建立SSL連接有一些疑問。 所以我用CXF的工具「WsdlToJava」生成了一個java web服務項目。現在我不想使用我的Web服務，該服務託管在使用SSL協議訪問的服務器上。

當我嘗試關注此頁面How to configure the HTTPConduit for the SOAP Client時，我收到一些SSL問題。我更換這一部分：

URL wsdl = getClass().getResource("wsdl/greeting.wsdl"); 
SOAPService service = new SOAPService(wsdl, serviceName); 
Greeter greeter = service.getPort(portName, Greeter.class); 

由：

URL WSDL_LOC = new URL("https://myserver.com/ws/myWS?wsdl"); 
MyWS_Service myws_serv = new MyWS_Service(WSDL_LOC); 
MyWS mywebservice = myws_serv.getMyWSSOAP(); 

，但它不能對這個代碼的行Seconde系列，用於SSL的原因。在本教程中，SSL連接在此部分之後建立，並且我認爲他們沒有問題，因爲他們的示例不會嘗試在某個服務器上獲取wsdl文件，但會在本地獲取它。

在獲取WSDL文件之前建立SSL連接需要做些什麼？ 謝謝

錯誤消息：

Exception in thread "main" javax.xml.ws.WebServiceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service. 
    at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:150) 
    at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:91) 
    at javax.xml.ws.Service.<init>(Service.java:92) 
    at com.myserver.MyWS_Service.<init>(MyWS_Service.java:37) 
    at tests.MyWSTest.main(MyWSTest.java:49) 
Caused by: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service. 
    at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:94) 
    at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:204) 
    at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:148) 
    ... 4 more 
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://myserver.com/ws/myWS?wsdl'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source) 
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) 
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) 
    at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:244) 
    at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:191) 
    at org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:92) 
    ... 6 more 
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) 
    at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown Source) 
    at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(Unknown Source) 
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) 
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source) 
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source) 
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown Source) 
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown Source) 
    ... 12 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source) 
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) 
    at sun.security.validator.Validator.validate(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    ... 31 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) 
    at java.security.cert.CertPathBuilder.build(Unknown Source) 
    ... 37 more 

Answer 1

你需要有誰頒發的證書「https://myserver.com/」的簽字權的CA證書。最簡單的方法是通過Web瀏覽器獲取「https://myserver.com/」的證書，然後檢查CA層次結構。獲得父證書後，將其導入JKS信任庫。當您運行Java程序時，將其作爲系統屬性「-Djavax.net.ssl.trustStore = yourtruststore.jks」