在 SSL CXF SOAP 客户端下访问 Web 服务
这是与我的问题此处相关的问题。当我尝试使用自签名证书添加 SSL 时,出现以下错误。
org.springframework.web.util.NestedServletException: Request processing failed; nested
exception is javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader.
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.jav
a:656)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
root cause
javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader.
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
$Proxy107.getEmployee(Unknown Source)
org.samith.web.controller.FrontController.frontRequestHandler(FrontController.java:27)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
root cause
com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]
com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:682)
com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2090)
com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:1996)
com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1100)
com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1123)
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:122)
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:60)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755)
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2335)
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2193)
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2037)
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:697)
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.h andleMessage(MessageSenderInterceptor.java:62)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
$Proxy107.getEmployee(Unknown Source)
org.samith.web.controller.FrontController.frontRequestHandler(FrontController.java:27)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
我的客户端配置文件有这个 xml 段,
<http-conf:conduit name="*.http-conduit">
<http-conf:tlsClientParameters secureSocketProtocol="SSL">
<sec:keyManagers keyPassword="*****">
<sec:keyStore type="JKS" password="welcome" file="full_path_to_employee_auth.jks" />
</sec:keyManagers>
</http-conf:tlsClientParameters>
<http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http-conf:conduit>
我添加了对 conf/server.xml tomcat 文件的引用,以及employee_auth.jks 文件的正确路径。顺便说一句,服务端的 web xml 文件有这个条目,
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted web services</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
require SSL
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
当服务端未启用 SSL 时,客户端服务器通信会发生得很好。我正在研究这个以掌握 CXF。任何帮助将不胜感激。
This is a question in connection with my question here. When I tried to add SSL with a self-signed certificate, I get the following error.
org.springframework.web.util.NestedServletException: Request processing failed; nested
exception is javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader.
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.jav
a:656)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
root cause
javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader.
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
$Proxy107.getEmployee(Unknown Source)
org.samith.web.controller.FrontController.frontRequestHandler(FrontController.java:27)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
root cause
com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]
com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:682)
com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2090)
com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:1996)
com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1100)
com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1123)
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:122)
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:60)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755)
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2335)
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2193)
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2037)
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:697)
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.h andleMessage(MessageSenderInterceptor.java:62)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
$Proxy107.getEmployee(Unknown Source)
org.samith.web.controller.FrontController.frontRequestHandler(FrontController.java:27)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426)
org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
And my client configuration file has this xml segment,
<http-conf:conduit name="*.http-conduit">
<http-conf:tlsClientParameters secureSocketProtocol="SSL">
<sec:keyManagers keyPassword="*****">
<sec:keyStore type="JKS" password="welcome" file="full_path_to_employee_auth.jks" />
</sec:keyManagers>
</http-conf:tlsClientParameters>
<http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http-conf:conduit>
I added the reference to conf/server.xml tomcat file with the correct path to employee_auth.jks file. By the way web xml file of the service side has this entry
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted web services</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
require SSL
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Client server communication happens very well when SSL is not enabled on the service side.I am researching this to get hang on CXF. Any help will be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是自签名证书导致你的软件消化不良;双方未能进行完整的 SSL 握手,这使得在 SOAP 消息传输之前事情就崩溃了。
您需要告诉客户端信任自签名证书,即,您需要将其添加到
trustManagers,而不是keyManagers(这是您放置身份的地方)供客户用来证明自己是谁到服务器)。您可能还需要禁用对服务器 CN 是否与所需地址匹配的检查,通过:但请注意,这有潜在的危险。
最终,您最好获得一个适当的 CA 签名主机证书,因为这比让每个该死的客户端都使用半途而废的安全性要简单得多。单一主机证书非常便宜(甚至可能对您免费;您的组织(如我的组织)可能已有现有交易)。
It's the self-signed certificate causing your software indigestion; the two sides are failing to do a full SSL handshake and that's making things fall apart before the SOAP message is transferred.
You need to tell the client to trust the self-signed certificate, i.e., you need to add it to the
trustManagers, and not thekeyManagers(that's where you'd put the identity for the client to use to prove who it is to the server). You probably also need to disable the check for whether the server's CN matches the desired address, via:But be aware that this is potentially dangerous.
Ultimately, you're best off getting a proper CA-signed host certificate instead, as that's far less hassle than getting every damn client working with half-assed security. Single host certificates are very cheap (possibly even free to you; your organization – like mine – might have an existing deal in place).