SSL exception during consuming web service in weblogic 12c with CXF generated client
Question
I've got a CXF 2.7.18-enabled SOAP WebService client in Weblogic 12.1.3.0.3. There is an SSL check during WebService Proxy Client creation and it passes. But during an actual method call I get an SSL exception (below).
If I add properties with Weblogic trustStore path explicitly/programmatically or into cxf.xml trustManager tag, everything works, so it looks like CXF service does not use some Weblogic's API with filled certificates during the actual call.
set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.net.ssl.trustStore=C:\<...>\wlserver\server\lib\DemoTrust.jks -Djavax.net.ssl.trustStorePassword=DemoTrustKeyStorePassPhrase
@Rem -Djavax.net.ssl.keyStore=C:\<...>\wlserver\server\lib\DemoTrust.jks -Djavax.net.ssl.keyStorePassword=DemoTrustKeyStorePassPhrase
This is my cxf.xml file. When I uncomment custom trust manager pointing at my weblogic DemoTrust.jks messages get sent, otherwise I get an exception.
<http-conf:conduit name="*.http-conduit">
<http-conf:client Connection="Keep-Alive"
ConnectionTimeout="300000"
ReceiveTimeout="10800000"
CacheControl="no-cache"/>
<http-conf:tlsClientParameters disableCNCheck="true" >
<!--<sec:trustManagers >
<sec:keyStore type="JKS" password="DemoTrustKeyStorePassPhrase"
file="C:\...\wlserver\server\lib\DemoTrust.jks"/>
</sec:trustManagers>-->
</http-conf:tlsClientParameters>
</http-conf:conduit>
I've also tried with useHttpsURLConnectionDefaultSslSocketFactory="true" but to no avail.
I've also tried to play with Weblogic server SSL options.
Also I've looked at things like this, I was unable to figure out how to use it in Weblogic: How to set up Apache CXF client to use WebSphere truststore? (Receiving "No trusted certificate found" exception.)
This is my weblogic-application.xml:
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-application
xmlns="http://www.bea.com/ns/weblogic/weblogic-application" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application http://www.bea.com/ns/weblogic/weblogic-application/1.0/weblogic-application.xsd">
<prefer-application-packages>
<package-name>org.apache.log4j.*</package-name>
<package-name>org.apache.commons.lang.*</package-name>
</prefer-application-packages>
<!--<prefer-application-packages>
<package-name>org.apache.log4j.*</package-name>
<package-name>org.apache.commons.lang.*</package-name>
<package-name>org.apache.cxf.common.jaxb.*</package-name>
<package-name>com.ctc.wstx.*</package-name>
<package-name>javax.wsdl.*</package-name>
<package-name>org.apache.cxf.*</package-name>
</prefer-application-packages>-->
</weblogic-application>
And this is an exception itself:
Nov 18, 2015 3:37:24 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for <Service Method Contract> has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:136)
at com.sun.proxy.$Proxy293.getTaxonomyBasicInformation(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
<Business methods calls>
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:561)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:265)
at com.db.fdw.common.gxt.web.server.DefaultRemoteServiceServlet.processCall(DefaultRemoteServiceServlet.java:71)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:305)
at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:751)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:346)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.db.fdw.dbent.api.FdwAuthFilter.doFilter(FdwAuthFilter.java:35)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3436)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3402)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2285)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2201)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1572)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:255)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https:<Service URL> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.c
ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1346)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
... 56 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to
requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:568)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:539)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:248)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:636)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:1444)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.getResponseCode(URLConnectionHTTPConduit.java:266)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1550)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1579)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1520)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1317)
... 59 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 77 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 83 more
Please provide any ideas/help, would be much appreciated.
1 answers
solution1
0 2015-11-18 16:05:39
You need to import the certificate in JDK security. Follow below 2 step and get done.
- Step-1 Goto Below java security directory
/path/to/java/jdk/jre/lib/security
- Step-2 Run below command
keytool -import -keystore cacerts -file /path/to/your/cert.cer
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Weblogic 12c Web Service NullPointerException
Weblogic 12c web service generates null pointer exception on deployment
Error while deploying soap web service to WebLogic 12c
Why does an Apache CXF 2.7.8 in WebLogic Application Server 12c client ignore FIN from the server?
Unable to deploy CXF3.x JAX-RS service in Weblogic 12c (12.2.1)
WebLogic 12c - Destination unreachable exception
Class case exception in weblogic 12c
Generated wsdl missing types definition weblogic 12c
S3 client is not being built on WebLogic 12c
How to run application client container of weblogic 12c server
Related Tags