为wso2 esb生成存根UsernameToken安全服务
问题描述:
我正在尝试为使用UsernameToken方法进行安全保护的wso2 esb服务编写一个简单的java客户端。我生成java存根困难。为wso2 esb生成存根UsernameToken安全服务
我已经尝试过WSDL2Java,但它不会生成有效的pom.xml文件,并且maven无法解析依赖关系。
所以我决定尝试使用JAX-WS RI。存根生成并且看起来很好,但是当我尝试调用该服务时,出现以下异常。
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
at $Proxy32.getcodelists(Unknown Source)
at com.sirmaitt.esb.codelists.client.Client.main(Client.java:32)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
... 15 more
Caused by: java.security.cert.CertificateException: No name matching xxxxx found
at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 27 more
我知道异常是由wso2服务器拥有的自签名证书引起的。我能做些什么来避免它?
是否有一些更简单的方法来使用UsernameToken安全方法为ssl安全服务生成有效的java存根(stub)?这里是我的服务定义:
<proxy name="bala-ala" transports="https" startOnLoad="true" trace="disable">
<target>
<endpoint>
<address uri="http://xx.xx.xxx.xx:9766/services/list?wsdl"/>
</endpoint>
<outSequence>
<send/>
</outSequence>
</target>
<publishWSDL uri="http://xx.xx.xxx.xx:9766/services/Codelists?wsdl"/>
<policy key="conf:/repository/axis2/service-groups/bala-ala/services/bala-ala/policies/UTOverTransport"/>
<enableSec/>
</proxy>
答
您仍然可以使用http中显示的wsdl。如果你想继续与HTTPS公开的WSDL(服务仅在HTTPS暴露,但的WSDL在HTTP还是暴露)
http://localhost:8280/services/bala-ala?wsdl
,最好的办法是ESB的证书导入到cacerts中。
谢谢你的回答!我试过导入证书,但没有奏效。我猜这是因为CN不同? (ESB未在本地主机上运行)。那么我怎样才能通过存根连接安全?有关于这个的一些教程吗? – Ivo 2012-08-08 10:50:38
要么必须将正确的证书上载到ESB,要么必须在客户端禁用主机名验证。 – SureshAtt 2012-08-08 11:00:54