javax.xml.ws.Service通過SSL使用SOAP服務

Question

我想通過HTTPS使用SOAP服務。我已經寫了一個客戶來做這件事。我沒有使用自動類生成，因爲目標服務在多個系統上運行，因此服務URL在運行時發生更改。

這是使用JAX-WS實現：

public class SAPClient implements Callable<...> { 

private Service service = null; 
private SOAPMessage response = null; 
private boolean submitted = false; 
private boolean successfull = false; 
private QName serviceName; 
private QName portName; 
private SAPResult result = new SAPResult(); 
private Dispatch<SOAPMessage> dispatch = null; 
private SOAPBody resBody = null; 
private SapConnector connector; 

public SAPClient(EricAgent agent, SapConnector connector) { 
    this.connector = connector; 
    serviceName = new QName(connector.getUrl(), Environment.SAP_CLIENT_SERVICE_NAME); 
    portName = new QName(connector.getUrl(), Environment.SAP_CLIENT_PORT); 
    this.service = Service.create(serviceName); 
    service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, connector.getUrl()); 
    this.successfull = false; 
} 

(...) 

public synchronized void invoke() throws SOAPException { 
    try { 
     dispatch = service.createDispatch(portName, SOAPMessage.class, Service.Mode.MESSAGE); 

     MessageFactory mf = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL); 
     SOAPMessage message = mf.createMessage(); 
     SOAPPart part = message.getSOAPPart(); 
     SOAPEnvelope env = part.getEnvelope(); 
     SOAPBody body = env.getBody(); 

     SOAPElement operation = body.addChildElement(
       Environment.SAP_CLIENT_OPERATION_NAME, 
       Environment.SAP_CLIENT_TARGET_NAMESPACE.getPrefix(), 
       Environment.SAP_CLIENT_TARGET_NAMESPACE.getURI()); 

     // Add ticket 
     SOAPElement ticketValue = operation.addChildElement("ITicket"); 
     ticketValue.addTextNode(...); 

     // Add "Informationsprotokoll" 
     String resultString = buildEricResultString(agent); 
     SOAPElement xmlValue = operation.addChildElement("IXml"); 
     xmlValue.addTextNode(resultString); 
     message.saveChanges(); 

     Response<SOAPMessage> sapResponse = dispatch.invokeAsync(message); 

     long waitingTime = 0; 

     while (true) { 
      if (waitingTime > Environment.SAP_CLIENT_TIME_OUT) { 
       //... handle timeout 
      } 

      if (sapResponse.getContext() != null) { 
       Environment.LOGGER.debug("got response"); 
       response = sapResponse.get(); 
       submitted = true; 
       successfull = result.returnCode.equals("0"); 

       //... 

       break; 
      } 

      wait(1000); 
      waitingTime += 1000; 
     } 
    } catch (Throwable ex) { 
     Environment.LOGGER.error(null, ex); 
     this.submitted = false; 
     this.successfull = false; 
    } 
} 

} 

我想現在消耗通過SSL此服務。你能解釋我如何告訴Service類使用特定的證書嗎？如何通過密鑰庫例如...我搜索並沒有找到滿意的結果。提前致謝！

更新1：

通過添加：

System.setProperty("javax.net.ssl.keyStore", certPath); 
    System.setProperty("javax.net.ssl.keyStorePassword", certPass); 

我能得到SSL的工作 - 感謝zuxqoj！

輸出看上去很喜歡這一點，並連接超時：

keyStore type is : jks 
keyStore provider is : 
init keystore 
init keymanager of type SunX509 
trustStore is: *** 
trustStore type is : jks 
trustStore provider is : 
init truststore 
adding as trusted cert: 
    Subject: CN=***, OU=I0020498236, OU=SAP Web AS, O=SAP Trust Community, C=DE 
    Issuer: CN=***, OU=I0020498236, OU=SAP Web AS, O=SAP Trust Community, C=DE 
    Algorithm: RSA; Serial number: 0x20120718050810 
    Valid from Wed Jul 18 07:08:10 CEST 2012 until Fri Jan 01 01:00:01 CET 2038 

trigger seeding of SecureRandom 
done seeding SecureRandom 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 

要獲得通過超時我有這個屬性傳遞到JVM和HTTP（S）請求經歷：

-Djava.net.preferIPv4Stack=true 

Answer 1

這個SOAP調用之前添加到您的代碼

System.setProperty("javax.net.ssl.keyStore",certificatePath); 
System.setProperty("javax.net.ssl.keyStorePassword", certificatePassword)); 
System.setProperty("javax.net.ssl.keyStoreType", "JKS"); 

你可以d從服務器的URL ownload .cer證書，並使用命令

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias" 

現在你需要對應於每個目標服務器，並在某處你的系統認證你需要維護服務器的URL和證書

之間的映射將其轉換爲JKS