6:49 a.m.
Hi All
I need your help in enabling security for my webservice
I have tried to enable SSL and encryption for my service, but i failed in both.
Here i tried to enable SSL security for my service, please find below the steps i have
followed
1.I have created keystore and trust store using following commands
keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456
-keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE,
C=MY"
| keytool -export -alias serverkeys -keystore server.keystore -storepass 123456 -file
server.cer
| keytool -genkey -alias clientkeys -keyalg RSA -keystore client.keystore -storepass
123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, S=MYSTATE,
C=MY"
| keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file
client.cer
| keytool -import -v -keystore client.truststore -storepass 123456 -file server.cer
| keytool -import -v -keystore server.truststore -storepass 123456 -file client.cer
|
2.I have placed my server.keystore, server.truststore at servers home directory
3.I have updated my server.xml as follows
| <Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
| maxThreads="150" scheme="https"
secure="true"
| clientAuth="false"
sslProtocol="TLS"
|
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="password"
|
truststoreFile="${jboss.server.home.dir}/conf/server.truststore"
truststorePass="password"/>
|
4.My web.xml is as follows
anonymous wrote :
|
|
<servlet-name>Hello</servlet-name>
|
<servlet-class>org.jbia.ws.Hello</servlet-class>
|
| <servlet-mapping>
|
<servlet-name>Hello</servlet-name>
|
<url-pattern>/hello</url-pattern>
| </servlet-mapping>
|
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>All resources</web-resource-name>
| <url-pattern>/*</url-pattern>
| </web-resource-collection>
| <user-data-constraint>
|
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
My service class is as follows
anonymous wrote :
| package org.jbia.ws;
| import javax.jws.*;
| import javax.jws.soap.SOAPBinding;
| @SOAPBinding(style=SOAPBinding.Style.RPC)
| @WebService
| public class Hello {
| @WebMethod
| public String sayHello(String name){
| return "Hello " + name;
| }
| }
|
I have deployed my webservice as .war file in my server then I got the wsdl(generated),
using that wsdl I generated my Stub.
My Client is as follows
anonymous wrote :
| package org.jbia.ws;
| public class Client
| {
| public static void main(String args[]) {
| if (args.length != 1) {
|
System.err.println("usage: HelloClient ");
| System.exit(1);
| }
| System
|
.setProperty("org.jboss.wsse.keyStore",
|
"D:\\EclipseWorkspace\\Latest\\WebService\\META-INF\\client.keystore");
|
System.setProperty("org.jboss.wsse.keyStorePassword", "password");
| System
|
.setProperty("org.jboss.wsse.trustStore",
|
"D:\\EclipseWorkspace\\Latest\\WebService\\META-INF\\client.truststore");
|
System.setProperty("org.jboss.wsse.trustStorePassword", "password");
| try {
|
| HelloProxy proxy = new
HelloProxy();
|
proxy.setEndpoint("https://127.0.0.1:8443/JBossWS/hello?wsdl");
|
proxy.sayHello("Venkat");
|
System.out.println("Result = ");
| } catch (Exception ex) {
| ex.printStackTrace();
|
System.out.println("Exception occurs in web services : " + ex);
| }
|
| }
| }
|
Here I am not at all using my certificates i have generated(I am not srue weather this is
the issue or not). Please someone correct me if i am wrong.
When i try to acess my service i am getting the following exception
anonymous wrote :
| AxisFault
| faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
| faultSubcode:
| faultString: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
| faultActor:
| faultNode:
| faultDetail:
| {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
| at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
| at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
| at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
| at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
| at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
| at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
| at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
| at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
| at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
| at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
| at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
| at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
| at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
| at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
| at org.apache.axis.client.Call.invoke(Call.java:2767)
| at org.apache.axis.client.Call.invoke(Call.java:2443)
| at org.apache.axis.client.Call.invoke(Call.java:2366)
| at org.apache.axis.client.Call.invoke(Call.java:1812)
| at org.jbia.ws.HelloBindingStub.sayHello(HelloBindingStub.java:106)
| at org.jbia.ws.HelloProxy.sayHello(HelloProxy.java:50)
| at org.jbia.ws.Client.main(Client.java:24)
| Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
| at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
| at sun.security.validator.Validator.validate(Validator.java:218)
| at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
| at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
| at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
| at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
| ... 23 more
| Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
| at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
| at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
| ... 29 more
|
| {http://xml.apache.org/axis/}hostname:pvenkatesh
|
| javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX
path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
| at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
| at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
| at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
| at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118), SEND TLSv1
ALERT: fatal, description = certificate_unknown
| main, WRITE: TLSv1 Alert, length = 2
| main, called closeSocket()
| main, handling exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
|
| at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
| at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
| at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
| at org.apache.axis.client.Call.invoke(Call.java:2767)
| at org.apache.axis.client.Call.invoke(Call.java:2443)
| at org.apache.axis.client.Call.invoke(Call.java:2366)
| at org.apache.axis.client.Call.invoke(Call.java:1812)
| at org.jbia.ws.HelloBindingStub.sayHello(HelloBindingStub.java:106)
| at org.jbia.ws.HelloProxy.sayHello(HelloProxy.java:50)
| at org.jbia.ws.Client.main(Client.java:24)
| Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
| at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
| at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
| at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
| at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
| at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
| at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
| at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
| at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
| at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
| at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
| ... 12 more
| Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
| at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
| at sun.security.validator.Validator.validate(Validator.java:218)
| at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)Exception
occurs in web services : javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target
| HI2
|
| at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
| at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
| at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
| ... 23 more
| Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
| at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
| at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
| ... 29 more
|
|
your inputs are appriciated
Thanks
With Regards
Venkatesh
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4268280#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...
5528
days inactive
5528
days old
0 comments
1 participants
participants (1)
-
pvenkatesh