您的位置: 首页  >  技术问答  >  在java web服务客户端握手异常

在java web服务客户端握手异常

分类: 技术问答 2022-09-22 13:49:18
问题描述:

我想实现一个安全的https连接的webclient。我导入了服务器证书并将其添加到java密钥库。但是当我尝试运行客户端时,我得到以下例外: -在java web服务客户端握手异常

Oct 18, 2013 3:25:25 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for 

{http://tempuri.org/}Service#{http://tempuri.org/}GetUserInformation has thrown exception, 
unwinding now org.apache.cxf.interceptor.Fault: Could not send Message. 
    at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64) 
    at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) 
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) 
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) 
    at $Proxy29.getUserInformation(Unknown Source) 
    at 
org.tempuri.ServiceSoap_ServiceSoap_Client.main(ServiceSoap_ServiceSoap_Client.java:78) 
Caused by: java.io.IOException: IOException invoking 
myurl/**/**/asmx: The https URL hostname does not 
match the Common Name (CN) on the server certificate in the client's truststore. Make sure 
server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true. 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) 
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) 
    at java.lang.reflect.Constructor.newInstance(Unknown Source) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1338) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1322) 
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) 
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627) 
    at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) 
    ... 9 more 
Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) 
on the server certificate in the client's truststore. Make sure server certificate is 
correct, or to disable this check (NOT recommended for production) set the CXF client TLS 
configuration property "disableCNCheck" to true. 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1241) at 
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195) 
    at 
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) 
    at 
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1295) 
    ... 12 more 
Exception in thread "main" javax.xml.ws.WebServiceException: Could not send Message. 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146) 
    at $Proxy29.getUserInformation(Unknown Source) 
    at 
org.tempuri.ServiceSoap_ServiceSoap_Client.main(ServiceSoap_ServiceSoap_Client.java:78) 
Caused by: java.io.IOException: IOException invoking 
myurl/**/**/asmx: The https URL hostname does not 

match the Common Name (CN) on the server certificate in the client's truststore. Make sure 

server certificate is correct, or to disable this check (NOT recommended for production) set 

the CXF client TLS configuration property "disableCNCheck" to true. 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) 
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) 
    at java.lang.reflect.Constructor.newInstance(Unknown Source) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1338) 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1322) 
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) 
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627) 
    at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) 
    at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) 
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:565) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) 
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) 
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) 
    ... 2 more 
Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) 
on the server certificate in the client's truststore. Make sure server certificate is 
correct, or to disable this check (NOT recommended for production) set the CXF client TLS 
configuration property "disableCNCheck" to true. 
    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1241) 
    at 
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195) 
    at 
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) 
    at 
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1295)

有人可以帮助我解决这个问题。在此先感谢...

+1

你需要什么样的帮助?一切似乎都在异常消息中指定:“https URL主机名与客户端信任库中的服务器证书上的通用名称(CN) 不匹配。确保服务器证书是 正确,或者要禁用此检查(不建议用于生产),请将CXF客户端TLS 配置属性“disableCNCheck”设置为true。你在证书中检查了CN吗?或者,也许你不知道如何设置配置属性? –

+0

@DawidPytel:是的,我确实检查了证书中的cn。但我不知道如何设置CXF客户端的TLS配置属性。你能帮我解决吗? –

根据CXF客户端的类型,您必须有选项。如果您有基于Spring的客户端配置,你必须属性添加到您的http:conduit配置:

<http:conduit name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit"> 
    <http:tlsClientParameters disableCNCheck="true"> 
     <!-- other tls configuration parameters, like trustManagers --> 
    </http:tlsClientParameters> 
</http:conduit>

name必须从您的WSDL匹配命名空间和端口名称。

如果你创建你的客户programmaticaly然后使用下面的代码:

HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit(); 

TLSClientParameters tlsCP = new TLSClientParameters(); 
// other TLS/SSL configuration like setting up TrustManagers 
tlsCP.setDisableCNCheck(true); 
httpConduit.setTlsClientParameters(tlsCP);

其中port是你叫的实际客户端代理。

两个选项中可以找到CXF example that I modified here

BTW工作。在生产环境中使用此属性存在真正的威胁,因此请考虑为生产服务器发布带有正确CN的新证书,而不是依赖此黑客行为。

+1

谢谢Dawid。这对我有效。 HTTPConduit httpConduit =(HTTPConduit)ClientProxy.getClient(port).getConduit(); TLSClientParameters tlsCP = new TLSClientParameters(); //其他TLS/SSL配置,如设置TrustManagers tlsCP.setDisableCNCheck(true); httpConduit.setTlsClientParameters(tlsCP); –

相关推荐