用于使用 SOAP Web 服务的 CXF SSL 配置
Posted
技术标签:
【中文标题】用于使用 SOAP Web 服务的 CXF SSL 配置【英文标题】:CXF SSL configuration for consuming SOAP webservice 【发布时间】:2017-01-17 04:06:41 【问题描述】:概述 我将设置 SSL 配置以调用 SOAP Web 服务。
证书信息:
证书文件:sureft.p12 密码:sureftCXF配置文件(cxf.xml):
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws" xmlns:cxf="http://www.springframework.org/schema/c"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<http:conduit name="http://tmr.qld.gov.au/srvc/getregistrationstatus/v2_0GetRegistrationStatusPort.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="sureft">
<sec:keyStore type="pksc12" password="sureft"
file="keystore/sureft.p12"/>
</sec:keyManagers>
</http:tlsClientParameters>
<http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http:conduit>
</beans>
问题
但是,当 web 服务调用时,它会抛出 403:
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 403: Forbidden
我查看了http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html,但无法解决问题。 现在,如果有人可以帮助我找到解决此问题的方法,我将不胜感激。
更新级别 1:
我做了以下更改,但再次引发 403:
。创建信任库:
从sureft.p12 导出名为myCert.cer 的创建cer 文件 运行以下命令创建名称为 myTruststore.jks 的信任库证书:keytool -import -file myCert.cer -alias firstCA -keystore myTrustStore.jks
如下更改 cxf.xml 文件以添加信任库:
...
<http:tlsClientParameters>
<sec:keyManagers keyPassword="sureft">
<sec:keyStore type="pkcs12" password="sureft"
file="keystore/sureft.p12"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="123456"
file="keystore/myTrustStore.jks"/>
</sec:trustManagers>
</http:tlsClientParameters>
...
更新2级
我将代码更改如下,403 解决了,但又出现了另一个问题:
@RequestMapping(method = RequestMethod.GET)
public void getBillInfo2(String plateNumber)
QName qname = new QName("http://testURL/srvc/getregistrationstatus/v2_0/", "GetRegistrationStatusService");
URL wsdl = getClass().getResource("wsdl/test.getregistrationstatus.v2_0.wsdl");
GetRegistrationStatusService service = new GetRegistrationStatusService(wsdl, qname);
GetRegistrationStatus registrationStatus = service.getPort(qname, GetRegistrationStatus.class);
Client client = ClientProxy.getClient(registrationStatus);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
httpClientPolicy.setReceiveTimeout(32000);
httpClientPolicy.setContentType("application/soap+xml; charset=utf-8");
http.setClient(httpClientPolicy);
GetRegistrationStatusRequest request = new GetRegistrationStatusRequest();
request.setPlateNo(plateNumber);
GetRegistrationStatusResponse result = registrationStatus.execute(request);
log.debug(result.toString());
例外情况:
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault code, not set
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:980)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)
at org.springframework.test.web.servlet.TestDispatcherServlet.service(TestDispatcherServlet.java:65)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.springframework.mock.web.MockFilterChain$ServletFilterProxy.doFilter(MockFilterChain.java:167)
at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:134)
at org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(ShallowEtagHeaderFilter.java:87)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:134)
at org.springframework.test.web.servlet.MockMvc.perform(MockMvc.java:155)
at com.blss.trails.registration.RegistrationSearchInvocationTest.test(RegistrationSearchInvocationTest.java:47)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:254)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:89)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:193)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:117)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:42)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:262)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:84)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault code, not set
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy104.execute(Unknown Source)
at com.blss.trails.registration.RegistrationSearchInvocation.getBillInfo2(RegistrationSearchInvocation.java:72)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:817)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:731)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)
... 46 more
Caused by: java.lang.NullPointerException
at org.apache.cxf.transport.http.URLConnectionHTTPConduit.createConnection(URLConnectionHTTPConduit.java:104)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit.setupConnection(URLConnectionHTTPConduit.java:117)
at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:497)
at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
... 61 more
任何帮助将不胜感激。
【问题讨论】:
我认为对于 keyManagers,您在此配置中也需要 trustManagers。可以查一下吗? 我如上所述将信任库添加到 cxf 文件,但再次引发了 403。 您已经从 xml 设置了管道,并且再次在 Java 代码中覆盖了这些管道。您应该从 java 设置管道不要使用 xml。 我知道我在 cxf.xml 文件中的管道配置没有被触及,因此我在我的 java 类中添加了它的配置,但得到了org.springframework.web.util.NestedServletException: Request processing failed; nested exception is javax.xml.ws.soap.SOAPFaultException: Fault string, and possibly fault code, not set 的响应。我还删除了 cxf.xml 文件,但再次引发了同样的异常
【参考方案1】:
我做了以下步骤,问题解决了:
-
从 p12 证书导出公钥证书
将其作为信任库添加到我的 jre cacerts(有关导入信任库的更多信息可以在 How to solve javax.net.ssl.SSLHandshakeException Error? 找到):
.
keytool -import -file <the cert file> -alias <some meaningful name> keystore <path to cacerts file>
.
-
修改代码如下:
...
@RequestMapping(method = RequestMethod.GET, path = "/billinfo")
public void getBillInfo(String plateNumber)
QName qname = new QName("http://tmr.qld.gov.au/srvc/getregistrationstatus/v2_0/", "GetRegistrationStatusService");
URL wsdl = getClass().getResource("wsdl/myWSDL.wsdl");
GetRegistrationStatusService service = new GetRegistrationStatusService(wsdl, qname);
service.addPort(qname, SOAPBinding.SOAP12HTTP_BINDING, "https://myurl/getregistrationstatus_v2_0/");
GetRegistrationStatus registrationStatus = service.getPort(qname, GetRegistrationStatus.class);
Client cxfClient = ClientProxy.getClient(registrationStatus);
cxfClient.getInInterceptors().add(new LoggingInInterceptor());
cxfClient.getOutInterceptors().add(new LoggingOutInterceptor());
cxfClient.getOutFaultInterceptors().add(new FaultOutInterceptor());
HTTPConduit httpConduit = (HTTPConduit) cxfClient.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
httpClientPolicy.setReceiveTimeout(32000);
httpClientPolicy.setContentType("application/soap+xml;charset=utf-8");
httpConduit.setClient(httpClientPolicy);
//Keystore setting
try
final TLSClientParameters tlsCP = new TLSClientParameters();
File p12File = new File("sureft.p12");
KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS12", null, p12File, new KeyStore.PasswordProtection("sureft".toCharArray()));
KeyStore keyStore = builder.getKeyStore();
String keyPassword = "sureft";
final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
httpConduit.setTlsClientParameters(tlsCP);
catch (Exception e)
e.printStackTrace();
GetRegistrationStatusRequest request = new GetRegistrationStatusRequest();
request.setPlateNo(plateNumber);
GetRegistrationStatusResponse result = registrationStatus.execute(request);
log.debug("Result: " + result.toString());
private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword) throws GeneralSecurityException, IOException
String alg = KeyManagerFactory.getDefaultAlgorithm();
char[] keyPass = keyPassword != null ? keyPassword.toCharArray() : null;
KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
fac.init(keyStore, keyPass);
return fac.getKeyManagers();
...
这是我的解决方案,但如果有人能在这里分享他们的解决方案,我将不胜感激。
【讨论】:
这就是我的建议。很高兴听到你解决了它。以上是关于用于使用 SOAP Web 服务的 CXF SSL 配置的主要内容,如果未能解决你的问题,请参考以下文章
如何使用带有 SSL 的 httpclient 调用 SOAP Web 服务
Java 使用 SSL 握手失败连接到 SOAP Web 服务
javax.xml.ws.soap.SOAPFaultException:解组错误:从AXIS迁移到CXF后出现意外元素(uri:“”,local:“fault”)