调用 EJB 的 Web 服务创建 SSL 异常
我有一个 JAX-WS Web 服务,它可以调用同一服务器上的远程 EJB。一切都在 Glassfish 3.1.1 上运行,应用程序部署在 EAR 中——一个用于 Web 服务,另一个用于 EJB。这在本地工作得很好,但是当部署到测试服务器时,我遇到了有关不受信任(自签名)SSL 证书的典型异常。以下是相关摘录:
Caused by: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:132)
异常恰好发生在进行 EJB 调用的 Web 服务中的线路上。这让我很困惑,因为那时我不希望与 HTTPS 有任何关系。
到目前为止,最有希望的角度是,这与事务协调有关,如 这里,默认情况下应该使用HTTPS。但是,设置 com.sun.xml.ws.tx.preferredScheme=http 对问题没有任何影响。
任何建议都非常感激。
I have a JAX-WS webservice which makes calls to a remote EJB on the same server. Everything runs on Glassfish 3.1.1, and the apps are deployed EARs – one for the webservice, another for the EJB. This works fine locally, but when deploying to a test server, I get typical exceptions about untrusted (self-signed) SSL certificates. Here's a relevant excerpt:
Caused by: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:132)
The exception occurs exactly on the line in the webservice where the EJB call is being made. It puzzles me because I wouldn't expect anything to do with HTTPS at that point.
The most promising angle so far is that this has to do with transaction coordination, as described here, which is supposed to use HTTPS by default. However, setting com.sun.xml.ws.tx.preferredScheme=http has no effect on the problem.
Any suggestion is much appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是因为客户端不知道应该使用哪个信任库 - 因此它不信任该服务并且 SSL 握手失败。使用以下 VMargs 运行“客户端”:
如果您使用 NetBeans,则可以在项目属性中进行设置。
This is because the client does not know which truststore it should use - so therefore it does not trust the service and the SSL handshake fails. Run the 'client' with the following VMargs:
If you use NetBeans it can be set at project properties.