i have to handle following setup.
i have to call an in php implemented xml-rpc service interface over ssl(basic authentication) from my spring application.
the return type of the function is a simple string.
i tried to make the call with burlap but i am getting a CertificateException
. i think that has to do with the self signed serverside certificate. i was not able to disable the certificate validation with burlap.
what whould you use to make this function call and how would the spring configuration look like?
thanx
/**
*
* @param string $colourID
* @return string colorname
* @throws ApiException
*/
public function getColour($colourID)
INTERFACE
public interface IColourService {
/**
*
* @param string $colourID
* @return string colorname
* @throws ApiException
*/
public String getColour(String colourID)
CLIENTCALL
public class RemoteServiceTest {
@Autowired
IColourService colourService;
@Test
public String runRemoteService(){
return colourService.getColour("1");
}
}
CONFIG
autowiring works so i did not mention it here
<bean id="colourService"
class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
<property name="serviceUrl" value="hxxps://api.application.com/colour" />
<property name="serviceInterface"
value="my.package.IColourService " />
<!-- HOW to configure BASIC AUTH and SSL --->
</bean>
So, there is a stacktrace like this:
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative DNS name
matching example.com found.
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.caucho.burlap.client.BurlapProxy.invoke(BurlapProxy.java:139)
... 24 more
Caused by: java.security.cert.CertificateException: No subject alternative
DNS name matching example.com found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 36 more
It's an usual exception from HttpURLConnection
when the SSL certificate doesn't match to the domain.
I've not created the whole Spring environment but the following test works for me:
@Test
public void test7() throws Exception {
final BurlapProxyFactory factory =
new NoSslCertificateCheckBurlapProxyFactory();
final String url = "https://example.com/service";
final Service service = (Service) factory.create(Service.class, url);
service.getColour("5");
}
NoSslCertificateCheckBurlapProxyFactory.java
:
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import com.caucho.burlap.client.BurlapProxyFactory;
public class NoSslCertificateCheckBurlapProxyFactory
extends BurlapProxyFactory {
private final HostnameVerifier hostnameVerifier;
public NoSslCertificateCheckBurlapProxyFactory() {
hostnameVerifier = new NoCheckHostnameVerifier();
}
@Override
protected URLConnection openConnection(final URL url) throws IOException {
final URLConnection connection = super.openConnection(url);
if (connection instanceof HttpsURLConnection) {
final HttpsURLConnection httpsURLConnection =
(HttpsURLConnection) connection;
httpsURLConnection.setHostnameVerifier(hostnameVerifier);
}
return connection;
}
}
NoCheckHostnameVerifier.java
:
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
public class NoCheckHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(final String hostname, final SSLSession session) {
return true;
}
}
So, if I'm right you just need to change the bean class from
<bean id="colourService"
class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
to
<bean id="colourService"
class="your.package.NoSslCertificateCheckBurlapProxyFactory">
Configuring basic authentication should be the following (I haven't tested):
<property name="username" value="user1" />
<property name="password" value="pass1" />
References:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.