Java安全Web服务
[英]Java Secure Webservice
问题描述
I am attempting to convert a http webservice to https. 
我正在尝试将http网络服务转换为https。 I added the tags to the webservice. 我将标签添加到了Web服务。
@SecurityDomain(value = "jboss-ssl")
and 和
@WebContext(contextRoot="/path/one", // already here
urlPattern="/X", // already here
authMethod = "CLIENT-CERT", // added
transportGuarantee = "CONFIDENTIAL") // added
But when my client trys to connect to https://hostname:80/path/to/ws I get an exception: 但是,当我的客户端尝试连接到https://hostname:80/path/to/ws出现异常:
Caused by: java.io.IOException: HTTPS hostname wrong: should be <hostname> . Caused by: java.io.IOException: HTTPS hostname wrong: should be <hostname> 。
( entire thing shown below). (整个内容如下所示)。 I suspect that this has to do with the certificate that is being used. 我怀疑这与正在使用的证书有关。 I think that I need to use the java keytool to resolve this. 我认为我需要使用java keytool来解决此问题。 If someone could verify for me it would be greatly appreciated. 如果有人可以为我验证,将不胜感激。
javax.xml.soap.SOAPException: java.io.IOException: Could not transmit message
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:115)
at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
at com.alcatel.tpapps.common.utils.SOAPClient.execute(SOAPClient.java:146)
at com.alcatel.tpapps.common.utils.SOAPClient.main(SOAPClient.java:233)
Caused by: java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:192)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
... 3 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker. HTTPS hostname wrong: should be <hostname>.
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:368)
at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:148)
at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:141)
at org.jboss.remoting.Client.invoke(Client.java:1858)
at org.jboss.remoting.Client.invoke(Client.java:718)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:171)
... 5 more
Caused by: java.io.IOException: HTTPS hostname wrong: should be <hostname>
at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:857)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:288)
... 10 more
Update 1 更新1
I tried the following but it had no effect on the exception: 我尝试了以下操作,但对异常没有任何影响:
hostname[username:/path/two/path][525]% keytool -genkey -keystore server.keystore -alias hostname
...
...
Update 2 更新2
Actually not sure what I did in Update 1 was right because I did not have to specify a host name there... 其实不确定我在Update 1中所做的事情是正确的,因为我不必在那里指定主机名...
Update 3 更新3
I specified hostname as the Alias name 我将主机名指定为别名
and 和
What is the name of your organizational unit?
[Unknown]: hostname
But that still did not solve my issue. 但这仍然不能解决我的问题。 Is there a specific way to add a host name? 有没有添加主机名的特定方法?
I am pretty sure that this post solves the issue however it is too cryptic to understand. 我很确定这篇文章可以解决这个问题,但是它太晦涩难懂了。 Come back to this. 回到这个。
http://forums.sun.com/thread.jspa?threadID=5315653 http://forums.sun.com/thread.jspa?threadID=5315653
2 个解决方案
解决方案1
3 2010-02-03 16:31:05
This solution is helpful as well. 该解决方案也很有帮助。
Java's keytool command with IP addresses Java的带有IP地址的keytool命令
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
解决方案2
2 2010-02-02 18:53:38
These seem like similar issues: 这些似乎是类似的问题:
Link 1 链接1
Same problem. 同样的问题。
Link 2 连结2
Accepts all certificates. 接受所有证书。
private static final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
...
HttpsUrlConnection con = (HttpsUrlConnection)new URL("https://foo.bar.com").openConnection();
con.setHostnameVerifier(DO_NOT_VERIFY);
InputStream in = con.getInputStream();
However I am not certain where to put this. 但是我不确定该放在哪里。 Client side or server side? 客户端还是服务器端? Regardless I would rather just set up the certificates properly if that is an option. 无论如何,如果可以的话,我宁愿只是正确设置证书。
Link 3 连结3
Uses this solution: 使用此解决方案:
HostnameVerifier ver = new HostnameVerifier()
{
public boolean verify(String urlHostname,String certHostname)
{
return java.net.InetAddress.getByName(urlHostname).equals(java.net.InetAddress.getByName(certHostname));
}
};
com.sun.net.ssl.HttpsURLConnection con = ...(obtain connection);
con.setHostnameVerifier(ver);
However I am not certain where to put this. 但是我不确定该放在哪里。 Client side or server side? 客户端还是服务器端? Regardless I would rather just set up the certificates properly if that is an option. 无论如何,如果可以的话,我宁愿只是正确设置证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.