无法创建服务异常javax.xml.ws.WebServiceException:
[英]Failed to create service exception javax.xml.ws.WebServiceException:
问题描述
I need desperate help to figure out why my application is not creating a webservice. 
我需要拼命的帮助来弄清楚为什么我的应用程序没有创建Web服务。
Here's my webservice Java class: 这是我的Web服务Java类:
@WebService
@Component
public class LoginWs extends AbstractWs
{
private static final Logger logger=MiscUtils.getLogger();
@Autowired
private PersonDao personDao = null;
/**
* Returns PersonTransfer on valid login
* @throws NotAuthorisedException if password is incorrect
*/
public PersonTransfer login(String userNameOrEmailAddress, String password) throws NotAuthorisedException
{
Person person=personDao.findByUserNameOrEmailAddress(userNameOrEmailAddress, true);
if (person != null && person.checkPassword(password))
{
PersonTransfer personTransfer = PersonTransfer.getTransfer(person);
personDao.setLastLogin(person.getId(), new GregorianCalendar());
EventLogDao.logEvent(ActionType.READ_DATA.name(), "LoginWs.login()", "personId=" + person.getId());
return(personTransfer);
}
logger.debug("Login failed : u/p="+userNameOrEmailAddress+"/"+password);
throw(new NotAuthorisedException("Invalid Username/Password"));
}
}
The code that is calling this service is: 调用此服务的代码是:
public static LoginWs getLoginWs()
{
LoginWsService service = new LoginWsService(buildURL("LoginService"));
LoginWs port = service.getLoginWsPort();
CxfClientUtils.configureClientConnection(port);
return(port);
}
The exception is thrown at : 引发异常:
LoginWsService service = new LoginWsService(buildURL("LoginService"));
Here is the full exception: 这是完整的例外:
Error
javax.xml.ws.WebServiceException: org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service.
at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:149)
at org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:65)
at javax.xml.ws.Service.<init>(Service.java:56)
at org.websr.my_server.ws.LoginWsService.<init>(Unknown Source)
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing 'https://192.168.2.184:8443/my_server/ws/LoginService?wsdl'.: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
Can someone tell me why it is failing at creating Service itself. 有人可以告诉我为什么它无法创建Service本身。 In LoginWs method, this line 在LoginWs方法中,此行
CxfClientUtils.configureClientConnection(port);
configures the SSL connection but my code is not even getting there. 配置SSL连接,但是我的代码甚至没有到达那里。 It's trying to connect at LoginWsService service = new LoginWsService(buildURL("LoginService")); 它正在尝试通过LoginWsService服务进行连接= new LoginWsService(buildURL(“ LoginService”)); and failing. 和失败。
Can someone please tell me what's going on here? 有人可以告诉我这是怎么回事吗? Thanks! 谢谢!
cert.pem: cert.pem:
MIID1DCCArygAwIBAgIJAPAlC2JvlPsZMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
VQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzERMA8G
A1UEChMISW5kaXZpY2ExETAPBgNVBAsTCEluZGl2aWNhMRYwFAYDVQQDEw0xOTIu
MTY4LjIuMTg0MSEwHwYJKoZIhvcNAQkBFhJkaXZ5YUBpbmRpdmljYS5jb20wHhcN
MTIwMTA2MTYxMTQwWhcNMTMwMTA1MTYxMTQwWjCBkjELMAkGA1UEBhMCQ0ExEDAO
BgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xETAPBgNVBAoTCEluZGl2
aWNhMREwDwYDVQQLEwhJbmRpdmljYTEWMBQGA1UEAxMNMTkyLjE2OC4yLjE4NDEh
MB8GCSqGSIb3DQEJARYSZGl2eWFAaW5kaXZpY2EuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxY8+fsw2pP4ToHN6XFNli4vOGbt+O/ANsr1A8iJh
nCb6cpQ58xF4pvYmETHrAUpv4zpi31SzZvWYI1tMaCEv9IpcX6Kc1B8NB9sLUnhR
gyblF37rZ7eMmSAXXeDS0CTtDEJoHOkGxoUdCN6N+vZjJ5+ZONiiuLqZ4x4HwBFr
ucIlwl2FkMMSxylg90tttSIyUHGz/p2DvNA2goYih4d89c/FLNpqwku+G3/gnL7U
l0OmNuFwJa/qMjy/V1orfpT8egxxh8DMp+fLAv1gjbeoizUs2bHo9kQSbUSp9Cwb
VDCol9jGI14cBuuEpWSANx2gTekN1ktoxztFPCh7H3OK/wIDAQABoyswKTAPBgNV
HREECDAGhwTAqAK4MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEB
BQUAA4IBAQALvpU0/5gQedlET2+r2MV0oksTmM2hV677yVsrOnGCOnTcgMZHp5i4
A0B24Ed2iDesX60OAViIocQkOiwYTRnubg5SoWyL1nhmaa/98U6M/re8R/bvq6OK
qrzEO6hHOtunJg1HcZDiJZop7R/pM52yRhRoXU6upZEhbPr6Eh+zfysA0TD6uMs7
9k2VeJo++XUvbG3dkVJ9kYhqfx2vC0HiMI4H2eomzl2ymS+R9Kg/9o29K8oCYjDI
jWPbl2hmf2cQuC4gG8GUDZi7zJkFsBuJpD6XgpIVK9zNhg1e89eP0nABupIFqBOI
iz0C+tRB4z4TezPL6yC7BDMY2nJ/Cg5e
vs what the server is actually using: 与服务器实际使用的内容:
MIICVTCCAb6gAwIBAgIETr3AxTANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJD
QTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzERMA8GA1UEChMI
SW5kaXZpY2ExETAPBgNVBAsTCEluZGl2aWNhMRYwFAYDVQQDEw0xOTIuMTY4LjIu
MTg0MB4XDTExMTExMjAwNDE0MVoXDTIxMTEwOTAwNDE0MVowbzELMAkGA1UEBhMC
Q0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xETAPBgNVBAoT
CEluZGl2aWNhMREwDwYDVQQLEwhJbmRpdmljYTEWMBQGA1UEAxMNMTkyLjE2OC4y
LjE4NDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzvnBMOM2YpM4Ch0MkesA
ryqX3YD8O22kJJrpRuOMyqgt6fKEDxkcGjiEZ7qLfWbzv3eX9DE0nVeS4m65Ucr2
LLZN6iZoqP8J+AmkSXKapIQpX7tZM5UuTDy82vUdOiYJELB3NSJc/4nkZkTaN8Uj
h3Ph366kRUP+QWiq2y97KKMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBFeOQOKq9u
4nq/IUgNpILrhcpiAP5LB49bCXeTCi8Ls51qUCaezceUQKrWM60a6w8FxQF+yopB
PSqGMrUBHnvewkThgZbS12t5vOEoXnWjOwiXhMhRsk5i9YUh1QCYfOFF23aXNfRu
NLL5svksUHm1IzBJJANnL/YdJHRrR0IEQg==
2 个解决方案
解决方案1
5 已采纳 2012-01-06 15:23:49
java.security.cert.CertificateException: No subject alternative names present
It sounds like you're connecting using an IP address directly (and not a host name) to a certificate that doesn't have a Subject Alternative Name entry. 听起来您好像是直接使用IP地址(而不是主机名)连接到没有“使用者备用名称”条目的证书。
This is of course related to this question: 这当然与以下问题有关:
If you've chosen not to use a SAN entry but to rely an a host name in the CN (which you've also configured to resolve to the correct IP address in your client), you must also use it to specify the connection. 如果您选择不使用SAN条目而是使用CN中的主机名(还配置为在客户端中解析为正确的IP地址),则还必须使用它来指定连接。 Your URL builder is probably building a URL that still relies on the IP address. 您的URL构建器可能正在构建仍依赖IP地址的URL。
EDIT: (Following comments) 编辑:(以下评论)
As I was saying in the answer to the other question linked above, there are (at least) two ways of creating a self-signed cert with a Subject Alt Name for Java: 就像我在上面链接的另一个问题的答案中所说的那样,(至少)有两种方法来创建带有Java主题名称的自签名证书:
- Using Java 7's
keytool使用Java 7的keytool - Using OpenSSL, as described here: http://www.crsr.net/Notes/SSL.html 使用OpenSSL,如此处所述: http : //www.crsr.net/Notes/SSL.html
You've chosen the second option (possibly a bit more difficult?). 您选择了第二个选项(可能会更困难吗?)。 OpenSSL is capable of producing a PKCS#12 file ( .p12 ), which the default Java security providers should be able to use as a keystore directly (although keytool in Java 6 and above is capable of converting them to a JKS store via -importkeystore ). OpenSSL能够生成PKCS#12文件( .p12 ),默认的Java安全提供程序应可以将其直接用作密钥库(尽管Java 6及更高版本中的keytool可以通过-importkeystore将其转换为JKS存储) )。 To use them directly, use the "PKCS12" store type. 要直接使用它们,请使用"PKCS12"存储类型。
To build a PKCS#12 file, with OpenSSL, using the result of the self-signed certificate generation (assuming the files are called cert.pem for the cert and key.pem for the private key): 要使用OpenSSL使用自签名证书生成的结果来构建PKCS#12文件(假设文件被称为cert.pem用于cert)和key.pem用于私钥)):
openssl pkcs12 -export -in cert.pem -inkey key.pem -out store.p12
Then, configure it in Apache Tomcat using (and restart Tomcat): 然后,使用(并重新启动Tomcat)在Apache Tomcat中对其进行配置:
<Connector port="8443" ... scheme="https" secure="true"
keystoreFile="/path/to/store.p12"
keystorePass="..." keystoreType="PKCS12" sslProtocol="TLS" />
To extract the content of the cert in the PKCS#12 file: 要提取PKCS#12文件中的证书内容:
openssl pkcs12 -in store.p12 -nokeys -clcerts | openssl x509 -text -noout
To check the certificate the server is actually using: 要检查服务器实际使用的证书:
echo "" | openssl s_client -showcerts -connect hostname_or_ip_address:port
解决方案2
1 2012-01-06 20:40:42
The certificate you have posted has an issue. 您发布的证书有问题。
I can open it directly via Windows and I bet if you open Internet Explorer and type the web service URL and view the certificate via IE you should not have any issue. 我可以直接通过Windows打开它,我敢打赌,如果您打开Internet Explorer并键入Web服务URL并通过IE查看证书,则应该没有任何问题。
BUT for some reason Java can not parse it. 但是由于某种原因Java无法解析它。
For example if I try to read the certificate via default java libraries: 例如,如果我尝试通过默认的Java库读取证书:
public static void main(String[] args) throws Exception{
CertificateFactory f = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) f.generateCertificate(new FileInputStream("C:\\certificate.pem"));
System.out.println(certificate);
}
I get parsing exception: 我解析异常:
Exception in thread "main" java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Unsupported encoding
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
at test.Test.main(Test.java:15)
Caused by: java.io.IOException: Unsupported encoding
at sun.security.provider.X509Factory.base64_to_binary(Unknown Source)
... 3 more
There is a problem in the decoding from base64. 从base64解码时出现问题。
Trying Bouncy Castle it failed to read it as well. 尝试充气城堡时,它也无法阅读。
I have seen before this discrepancy between security libraries and Windows being able to decode certificates while Java's libraries can not. 在此之前,我已经看到安全库和Windows之间的差异能够解码证书,而Java的库则无法。
In your case, your certificate can not be parsed by your web service client that uses java and the exception thrown up from CXF wrappers has the missleading message about subject alternative names. 在您的情况下,使用Java的Web服务客户端无法解析您的证书,并且从CXF包装器抛出的异常具有关于主题备用名称的误导性消息。
I can not tell what is the problem with your certificate because I am not very familiar with open ssl. 我不知道您的证书出了什么问题,因为我对open ssl不太熟悉。
But if you create (just to verify what I am saying) a new keystore using java tools you should have no problem. 但是,如果您使用Java工具创建(只是为了验证我的意思)新的密钥库,则应该没有问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.