开发者

Why do I get a bad_certificate error when using spring and CXF

I am using CXF generated code to connect to a remote web service over SSL and through a corporate proxy. The code works fine when the connection is established through the Java API and all SSL settings are set as system properties as follows.

System.setProperties("https.proxyHost", "myproxy.com");
System.setProperties("https.proxyPort", "8001");
System.setProperties("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperties("javax.net.ssl.keyStore", "C:/keystore.p12");
System.setProperties("javax.net.ssl.keyStorePassword", "keypassword");
System.setProperties("javax.net.ssl.trustStore", "C:/cacerts");
System.setProperties("javax.net.ssl.trustStorePassword", "capassword");

MyWebService_Service ss = new MyWebService_Service(wsdlUrl, SERVICE_NAME);
MyWebService service = ss.getMyWebServicePort();

Using this code I can now call the service methods and everything works as expected. My problems occur when I try to set up the same configuration with Spring, which is our preferred approach since we are already using Spring extensively.

My Spring config:

<!-- relevant snippet from spring context -->

<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />

<jaxws:client id="webservice" serviceName="myns:MyWebService" endpointName="myns:MyWebServicePort"
     address="https://bigserver.com:5012/blah/TheWebService"
   开发者_运维百科  serviceClass="com.mycomp.MyWebService" />

<http:conduit name="{myns}MyWebServicePort.http-conduit">
   <http:tlsClientParamenters disableCNCheck="true" secureSocketProtocol="TLS">
      <sec:trustManagers>
         <sec:keyStore type="JKS" password="capassword" file="c:/cacerts" />
      </sec:trustmanagers>
      <sec:keyManagers>
         <sec:keyStore type="pkcs12" password="keypassword" file="c:/keystore.p12" />
      </sec:keyManagers>
   </http:tlsClientParamenters>
   <http:client ProxyServer="myproxy.com" ProxyServerPort="8001" />
</http:conduit>

In both cases, the web service client is deployed within a web application. In the second case, access to the web service results in a

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

Edit: I am using CXF version 2.2.


Have you tried adding the next property to your client parameters?

**useHttpsURLConnectionDefaultHostnameVerifier="false"**

Looks like this:

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜