Java 安全 Web 服务

发布于 2024-08-19 16:17:17 字数 3407 浏览 3 评论 0原文

我正在尝试将 http Web 服务转换为 https。我将标签添加到网络服务中。

@SecurityDomain(value = "jboss-ssl")

但是

@WebContext(contextRoot="/path/one",  // already here
 urlPattern="/X",   // already here
    authMethod = "CLIENT-CERT",  // added
    transportGuarantee = "CONFIDENTIAL") // added

当我的客户端尝试连接到 https://hostname:80/path/to/ws 时，我收到一个异常：

Caused by: java.io.IOException: HTTPS hostname error:应为<主机名>。

（整个事情如下所示）。我怀疑这与正在使用的证书有关。我认为我需要使用 java keytool 来解决这个问题。如果有人可以帮我验证，我将不胜感激。

javax.xml.soap.SOAPException: java.io.IOException: Could not transmit message
        at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:115)
        at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
        at com.alcatel.tpapps.common.utils.SOAPClient.execute(SOAPClient.java:146)
        at com.alcatel.tpapps.common.utils.SOAPClient.main(SOAPClient.java:233)
Caused by: java.io.IOException: Could not transmit message
        at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:192)
        at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
        at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
        ... 3 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker. HTTPS hostname wrong:  should be <hostname>.
        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:368)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:148)
        at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:141)
        at org.jboss.remoting.Client.invoke(Client.java:1858)
        at org.jboss.remoting.Client.invoke(Client.java:718)
        at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:171)
        ... 5 more
Caused by: java.io.IOException: HTTPS hostname wrong:  should be <hostname>
        at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:288)
        ... 10 more

更新 1

我尝试了以下操作，但对异常没有影响：

hostname[username:/path/two/path][525]% keytool -genkey -keystore server.keystore -alias hostname
...
...

更新 2

实际上不确定我在更新 1 中所做的是否正确，因为我不必在那里指定主机名...

更新 3

我将主机名指定为别名名称

和

What is the name of your organizational unit?
  [Unknown]:  hostname

但这仍然没有解决我的问题。有没有具体的方法来添加主机名？

我很确定这篇文章解决了这个问题，但它太神秘了，难以理解。回到这一点。

http://forums.sun.com/thread.jspa?threadID=5315653

原文

I am attempting to convert a http webservice to https. I added the tags to the webservice.

@SecurityDomain(value = "jboss-ssl")

and

@WebContext(contextRoot="/path/one",  // already here
 urlPattern="/X",   // already here
    authMethod = "CLIENT-CERT",  // added
    transportGuarantee = "CONFIDENTIAL") // added

But when my client trys to connect to https://hostname:80/path/to/ws I get an exception:

Caused by: java.io.IOException: HTTPS hostname wrong: should be <hostname>.

( entire thing shown below). I suspect that this has to do with the certificate that is being used. I think that I need to use the java keytool to resolve this. If someone could verify for me it would be greatly appreciated.

javax.xml.soap.SOAPException: java.io.IOException: Could not transmit message
        at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:115)
        at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
        at com.alcatel.tpapps.common.utils.SOAPClient.execute(SOAPClient.java:146)
        at com.alcatel.tpapps.common.utils.SOAPClient.main(SOAPClient.java:233)
Caused by: java.io.IOException: Could not transmit message
        at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:192)
        at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
        at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
        ... 3 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker. HTTPS hostname wrong:  should be <hostname>.
        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:368)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:148)
        at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:141)
        at org.jboss.remoting.Client.invoke(Client.java:1858)
        at org.jboss.remoting.Client.invoke(Client.java:718)
        at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:171)
        ... 5 more
Caused by: java.io.IOException: HTTPS hostname wrong:  should be <hostname>
        at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
        at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:288)
        ... 10 more

Update 1

I tried the following but it had no effect on the exception:

hostname[username:/path/two/path][525]% keytool -genkey -keystore server.keystore -alias hostname
...
...

Update 2

Actually not sure what I did in Update 1 was right because I did not have to specify a host name there...

Update 3

I specified hostname as the Alias name

and

What is the name of your organizational unit?
  [Unknown]:  hostname

But that still did not solve my issue. Is there a specific way to add a host name?

I am pretty sure that this post solves the issue however it is too cryptic to understand. Come back to this.

http://forums.sun.com/thread.jspa?threadID=5315653

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

她说她爱他 2024-08-26 16:17:17

这个解决方案也很有帮助。

带有 IP 地址的 Java keytool 命令

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

HostnameVerifier hv = new HostnameVerifier() {
    public boolean verify(String urlHostName, SSLSession session) {
        System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
        return true;
    }
};

HttpsURLConnection.setDefaultHostnameVerifier(hv);

This solution is helpful as well.

Java's keytool command with IP addresses

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

HostnameVerifier hv = new HostnameVerifier() {
    public boolean verify(String urlHostName, SSLSession session) {
        System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
        return true;
    }
};

HttpsURLConnection.setDefaultHostnameVerifier(hv);

回复收藏 0 原文

终难愈 2024-08-26 16:17:17

这些看起来像是类似的问题：

链接 1

同样的问题。

链接 2

接受所有证书。

private static final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
   public boolean verify(String hostname, SSLSession session) {
      return true;
   }
};
...
HttpsUrlConnection con = (HttpsUrlConnection)new URL("https://foo.bar.com").openConnection();
con.setHostnameVerifier(DO_NOT_VERIFY);
InputStream in = con.getInputStream();

但是我不确定该把它放在哪里。客户端还是服务器端？无论如何，如果可以的话，我宁愿正确设置证书。

链接 3

使用此解决方案：

HostnameVerifier ver = new HostnameVerifier()
{
  public boolean verify(String urlHostname,String certHostname)
  {
    return java.net.InetAddress.getByName(urlHostname).equals(java.net.InetAddress.getByName(certHostname));
  }
};
com.sun.net.ssl.HttpsURLConnection con = ...(obtain connection);
con.setHostnameVerifier(ver);

但是我我不确定该把它放在哪里。客户端还是服务器端？无论如何，如果可以的话，我宁愿正确设置证书。

These seem like similar issues:

Link 1

Same problem.

Link 2

Accepts all certificates.

private static final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
   public boolean verify(String hostname, SSLSession session) {
      return true;
   }
};
...
HttpsUrlConnection con = (HttpsUrlConnection)new URL("https://foo.bar.com").openConnection();
con.setHostnameVerifier(DO_NOT_VERIFY);
InputStream in = con.getInputStream();

However I am not certain where to put this. Client side or server side? Regardless I would rather just set up the certificates properly if that is an option.

Link 3

Uses this solution:

HostnameVerifier ver = new HostnameVerifier()
{
  public boolean verify(String urlHostname,String certHostname)
  {
    return java.net.InetAddress.getByName(urlHostname).equals(java.net.InetAddress.getByName(certHostname));
  }
};
com.sun.net.ssl.HttpsURLConnection con = ...(obtain connection);
con.setHostnameVerifier(ver);

However I am not certain where to put this. Client side or server side? Regardless I would rather just set up the certificates properly if that is an option.

回复收藏 0 原文

~没有更多了~