[JBossWS] - SSL & Authorization
by FabBoco
Hi guys,
I really need some directions from you.
I have a test ws:
| @Stateless
| @WebService(name = "wstest", serviceName = "wstest")
| @WebContext(contextRoot = "/ma", transportGuarantee="NONE", secureWSDLAccess = false)
| @Remote(WsTest.class)
| @RemoteBinding
| @SOAPBinding(style = SOAPBinding.Style.DOCUMENT)
| public class WsTestBean implements WsTest
| {
| Logger log = Logger.getLogger(WsTestBean.class);
|
| @WebMethod
| public String echo(String message)
| {
| return message;
| }
| }
|
deployed into Jboss 4.2.0
Using wsconsume I prepared the proxy and my client is able to call the ws:
| public class WsTestClient
| {
|
| public static void main(String[] args)
| {
| System.out.println("WsTest Client Start");
|
|
| Wstest_Service ws = new Wstest_Service();
|
| Wstest wsTest = ws.getWstestPort();
|
| System.out.println("Echo message: "+wsTest.echo("Ciao Ciao sono Fabrizio"));
|
| System.out.println("WsTest Client End");
| }
|
| }
|
What I have to do now (for a real application !) is:
1) use SSL
2) enforce authentication (only authorized user can call the ws)
I have changed the servers as follows:
|
| @WebContext(contextRoot = "/ma", transportGuarantee="CONFIDENTIAL", secureWSDLAccess = false)
|
|
and than the SSL should be ok. The ServiceEndpointAddress switch from http://.....?wsdl to https://.....?wsdl
Then I have tried to regenerate the proxy using wsconsume and I get the following error:
| failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at org.jboss.com.sun.tools.ws.processor.modeler.wsdl.WSDLModeler.buildModel(WSDLModeler.java:215)
| at org.jboss.com.sun.tools.ws.processor.config.ModelInfo.buildModel(ModelInfo.java:88)
| at org.jboss.com.sun.tools.ws.processor.Processor.runModeler(Processor.java:82)
| at org.jboss.com.sun.tools.ws.wscompile.CompileTool.run(CompileTool.java:543)
| at org.jboss.com.sun.tools.ws.util.ToolBase.run(ToolBase.java:57)
| at org.jboss.ws.tools.jaxws.impl.WSContractConsumerImpl$1.run(WSContractConsumerImpl.java:163)
| at org.jboss.ws.tools.jaxws.impl.WSContractConsumerImpl.consume(WSContractConsumerImpl.java:166)
| at org.jboss.ws.tools.jaxws.command.wsconsume.importServices(wsconsume.java:193)
| at org.jboss.ws.tools.jaxws.command.wsconsume.main(wsconsume.java:76)
| Caused by: failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.buildDocumentFromWSDL(WSDLParser.java:318)
| at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.parseDefinitions(WSDLParser.java:222)
| at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.parse(WSDLParser.java:213)
| at org.jboss.com.sun.tools.ws.processor.modeler.wsdl.WSDLModeler.buildModel(WSDLModeler.java:166)
| ... 8 more
| Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
| at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
| at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
| at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
| at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
| at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:938)
| at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
| at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
| at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
| at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
| at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
| at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
| at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
| at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
| at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.buildDocumentFromWSDL(WSDLParser.java:276)
| ... 11 more
| Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
| at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
| at sun.security.validator.Validator.validate(Validator.java:203)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
| at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
| ... 30 more
| Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
| at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
| ... 35 more
| error: failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
|
I think that I have to put a certificate somewhere !
Reading documentation I realized that I have to configure:
boss-wsse-server.xml
and
jboss-wsse-client.xml
but I can't find a step-by-step procedure.
What about authorization ?
Thank you in advance for any help.
Regards
Fabrizio
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069518#4069518
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069518
17 years, 4 months