1. 首頁
  2. 問答
  3. 在java web服務客戶端握手異常

在java web服務客戶端握手異常

2013-10-18 62 views
7

我想實現一個安全的https連接的webclient。我導入了服務器證書並將其添加到java密鑰庫。但是當我嘗試運行客戶端時,我得到以下例外: -在java web服務客戶端握手異常

Oct 18, 2013 3:25:25 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for 

{http://tempuri.org/}Service#{http://tempuri.org/}GetUserInformation has thrown exception, 
unwinding now org.apache.cxf.interceptor.Fault: Could not send Message. 
    at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64) 
    at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) 
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) 
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) 
    at $Proxy29.getUserInformation(Unknown Source) 
    at 
org.tempuri.ServiceSoap_ServiceSoap_Client.main(ServiceSoap_ServiceSoap_Client.java:78) 
Caused by: java.io.IOException: IOException invoking 
myurl/**/**/asmx: The https URL hostname does not 
match the Common Name (CN) on the server certificate in the client's truststore. Make sure 
server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true. 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) 
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) 
    at java.lang.reflect.Constructor.newInstance(Unknown Source) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1338) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1322) 
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) 
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627) 
    at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) 
    ... 9 more 
Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) 
on the server certificate in the client's truststore. Make sure server certificate is 
correct, or to disable this check (NOT recommended for production) set the CXF client TLS 
configuration property "disableCNCheck" to true. 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1241) at 
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195) 
    at 
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) 
    at 
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1295) 
    ... 12 more 
Exception in thread "main" javax.xml.ws.WebServiceException: Could not send Message. 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146) 
    at $Proxy29.getUserInformation(Unknown Source) 
    at 
org.tempuri.ServiceSoap_ServiceSoap_Client.main(ServiceSoap_ServiceSoap_Client.java:78) 
Caused by: java.io.IOException: IOException invoking 
myurl/**/**/asmx: The https URL hostname does not 

match the Common Name (CN) on the server certificate in the client's truststore. Make sure 

server certificate is correct, or to disable this check (NOT recommended for production) set 

the CXF client TLS configuration property "disableCNCheck" to true. 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) 
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) 
    at java.lang.reflect.Constructor.newInstance(Unknown Source) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1338) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1322) 
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) 
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627) 
    at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) 
    at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) 
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) 
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) 
    ... 2 more 
Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) 
on the server certificate in the client's truststore. Make sure server certificate is 
correct, or to disable this check (NOT recommended for production) set the CXF client TLS 
configuration property "disableCNCheck" to true. 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1241) 
    at 
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195) 
    at 
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) 
    at 
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1295)

有人可以幫助我解決這個問題。在此先感謝...

來源

2013-10-18 antony.ouseph.k

+1

你需要什麼樣的幫助?一切似乎都在異常消息中指定:「https URL主機名與客戶端信任庫中的服務器證書上的通用名稱(CN) 不匹配。確保服務器證書是 正確,或者要禁用此檢查(不建議用於生產),請將CXF客戶端TLS 配置屬性「disableCNCheck」設置爲true。你在證書中檢查了CN嗎?或者,也許你不知道如何設置配置屬性? –

+0

@DawidPytel:是的,我確實檢查了證書中的cn。但我不知道如何設置CXF客戶端的TLS配置屬性。你能幫我解決嗎? –

回答

13

根據CXF客戶端的類型,您必須有選項。如果您有基於Spring的客戶端配置,你必須屬性添加到您的http:conduit配置:

<http:conduit name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit"> 
    <http:tlsClientParameters disableCNCheck="true"> 
     <!-- other tls configuration parameters, like trustManagers --> 
    </http:tlsClientParameters> 
</http:conduit>

name必須從您的WSDL匹配命名空間和端口名稱。

如果你創建你的客戶programmaticaly然後使用下面的代碼:

HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit(); 

TLSClientParameters tlsCP = new TLSClientParameters(); 
// other TLS/SSL configuration like setting up TrustManagers 
tlsCP.setDisableCNCheck(true); 
httpConduit.setTlsClientParameters(tlsCP);

其中port是你叫的實際客戶端代理。

兩個選項中可以找到CXF example that I modified here

BTW工作。在生產環境中使用此屬性存在真正的威脅,因此請考慮爲生產服務器發佈帶有正確CN的新證書,而不是依賴此黑客行爲。

來源

2013-10-19 06:14:20

+1

謝謝Dawid。這對我有效。 HTTPConduit httpConduit =(HTTPConduit)ClientProxy.getClient(port).getConduit(); TLSClientParameters tlsCP = new TLSClientParameters(); //其他TLS/SSL配置,如設置TrustManagers tlsCP.setDisableCNCheck(true); httpConduit.setTlsClientParameters(tlsCP); –

相關問題

 相關問題