[jboss-user] [JBoss Web Services] - JBoss WS and setting own trustmanager

Tomasz Dźwigaj do-not-reply at jboss.com
Tue Jun 8 12:08:04 EDT 2010


Tomasz Dźwigaj [http://community.jboss.org/people/zlytomek] created the discussion

"JBoss WS and setting own trustmanager"

To view the discussion, visit: http://community.jboss.org/message/546832#546832

--------------------------------------------------------------
Hi.
My main goal is to have a trustmanager filled with certificates retrieved from a database for a secure WebService client connections with JBoss Ws.
I've created my own implementation of trustmanager which implements javax.net.ssl.X509TrustManager, and it's basically getting certs from a database and loads them into keystore. I'm setting it for my HTTPSConnections like this:

...
TrustManager[] myTMs = new TrustManager [] {
                myTrustManager };
final SSLContext sslContext = SSLContext.getInstance( "TLS" );

sslContext.init( null, myTMs, null );

HttpsURLConnection.setDefaultSSLSocketFactory( sslContext.getSocketFactory() );

Althought it works fine (the webservice is call is made properly) at every connection it messes with my head with:

java.io.IOException: Error initializing socket factory SSL context: Can not find truststore url.
        at org.jboss.remoting.security.SSLSocketBuilder.initializeSocketFactorySSLContext(SSLSocketBuilder.java:1340)
        at org.jboss.remoting.security.SSLSocketBuilder.createCustomSocketFactory(SSLSocketBuilder.java:451)
        at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:431)
        at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:381)
        at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.createSocketFactory(HTTPSClientInvoker.java:140)
        at org.jboss.remoting.RemoteClientInvoker.<init>(RemoteClientInvoker.java:46)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.<init>(HTTPClientInvoker.java:105)
        at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.<init>(HTTPSClientInvoker.java:63)
        at org.jboss.remoting.transport.https.TransportClientFactory.createClientInvoker(TransportClientFactory.java:39)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.jboss.remoting.InvokerRegistry.loadClientInvoker(InvokerRegistry.java:419)
        at org.jboss.remoting.InvokerRegistry.createClientInvoker(InvokerRegistry.java:320)
        at org.jboss.remoting.Client.connect(Client.java:459)
        at org.jboss.ws.core.client.RemotingConnectionImpl.createRemotingClient(RemotingConnectionImpl.java:247)
        at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:165)
        at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
        at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
        at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
        at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)

So i've tried to set a java system property javax.net.ssl.trustStore to an empty keystore and althought it worked fine on a windows server (the annoying exception was gone) on a linux server, after setting this property this empty keystore was used as a truststore which only gave me another nightmane - what if in other part of code of large application i'm dealing with - somebody is setting this property for his reasons?

Maybe anyone found some solution for this problem?

I'm using I'm using Jboss 4.2.2

Regards
zlytomek

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/546832#546832]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100608/c50d255c/attachment.html 


More information about the jboss-user mailing list