2
我正在嘗試爲使用UsernameToken方法進行安全保護的wso2 esb服務編寫一個簡單的java客戶端。我生成java存根困難。爲wso2 esb生成存根UsernameToken安全服務
我已經嘗試過WSDL2Java,但它不會生成有效的pom.xml文件,並且maven無法解析依賴關係。
所以我決定嘗試使用JAX-WS RI。存根生成並且看起來很好,但是當我嘗試調用該服務時,出現以下異常。
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
at $Proxy32.getcodelists(Unknown Source)
at com.sirmaitt.esb.codelists.client.Client.main(Client.java:32)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
... 15 more
Caused by: java.security.cert.CertificateException: No name matching xxxxx found
at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 27 more
我知道異常是由wso2服務器擁有的自簽名證書引起的。我能做些什麼來避免它?
是否有一些更簡單的方法來使用UsernameToken安全方法爲ssl安全服務生成有效的java存根(stub)?這裏是我的服務定義:
<proxy name="bala-ala" transports="https" startOnLoad="true" trace="disable">
<target>
<endpoint>
<address uri="http://xx.xx.xxx.xx:9766/services/list?wsdl"/>
</endpoint>
<outSequence>
<send/>
</outSequence>
</target>
<publishWSDL uri="http://xx.xx.xxx.xx:9766/services/Codelists?wsdl"/>
<policy key="conf:/repository/axis2/service-groups/bala-ala/services/bala-ala/policies/UTOverTransport"/>
<enableSec/>
</proxy>
謝謝你的回答!我試過導入證書,但沒有奏效。我猜這是因爲CN不同? (ESB未在本地主機上運行)。那麼我怎樣才能通過存根連接安全?有關於這個的一些教程嗎? – Ivo 2012-08-08 10:50:38
要麼必須將正確的證書上載到ESB,要麼必須在客戶端禁用主機名驗證。 – SureshAtt 2012-08-08 11:00:54