XML RPC Service over SSL with Basic Authentication from Spring Application
Question
i have to handle following setup.
i have to call an in php implemented xml-rpc service interface over ssl(basic authentication) from my spring application.
the return type of the function is a simple string.
i tried to make the call with burlap but i am getting a CertificateException . i think that has to do with the self signed serverside certificate. i was not able to disable the certificate validation with burlap.
what whould you use to make this function call and how would the spring configuration look like?
thanx
INTERFACE TO CALL
/**
*
* @param string $colourID
* @return string colorname
* @throws ApiException
*/
public function getColour($colourID)
ENDPOINT (ssl/basic auth)
- hxxps://api.application.com/colour
- User: ExternColour
- PW: xxxxxxxxxx
MY CODE
INTERFACE
public interface IColourService {
/**
*
* @param string $colourID
* @return string colorname
* @throws ApiException
*/
public String getColour(String colourID)
CLIENTCALL
public class RemoteServiceTest {
@Autowired
IColourService colourService;
@Test
public String runRemoteService(){
return colourService.getColour("1");
}
}
CONFIG
autowiring works so i did not mention it here
<bean id="colourService"
class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
<property name="serviceUrl" value="hxxps://api.application.com/colour" />
<property name="serviceInterface"
value="my.package.IColourService " />
<!-- HOW to configure BASIC AUTH and SSL --->
</bean>
1 answers
solution1
1 2011-10-23 19:35:20
So, there is a stacktrace like this:
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No subject alternative DNS name
matching example.com found.
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at com.caucho.burlap.client.BurlapProxy.invoke(BurlapProxy.java:139)
... 24 more
Caused by: java.security.cert.CertificateException: No subject alternative
DNS name matching example.com found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:193)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 36 more
It's an usual exception from HttpURLConnection when the SSL certificate doesn't match to the domain.
I've not created the whole Spring environment but the following test works for me:
@Test
public void test7() throws Exception {
final BurlapProxyFactory factory =
new NoSslCertificateCheckBurlapProxyFactory();
final String url = "https://example.com/service";
final Service service = (Service) factory.create(Service.class, url);
service.getColour("5");
}
NoSslCertificateCheckBurlapProxyFactory.java :
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import com.caucho.burlap.client.BurlapProxyFactory;
public class NoSslCertificateCheckBurlapProxyFactory
extends BurlapProxyFactory {
private final HostnameVerifier hostnameVerifier;
public NoSslCertificateCheckBurlapProxyFactory() {
hostnameVerifier = new NoCheckHostnameVerifier();
}
@Override
protected URLConnection openConnection(final URL url) throws IOException {
final URLConnection connection = super.openConnection(url);
if (connection instanceof HttpsURLConnection) {
final HttpsURLConnection httpsURLConnection =
(HttpsURLConnection) connection;
httpsURLConnection.setHostnameVerifier(hostnameVerifier);
}
return connection;
}
}
NoCheckHostnameVerifier.java :
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
public class NoCheckHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(final String hostname, final SSLSession session) {
return true;
}
}
So, if I'm right you just need to change the bean class from
<bean id="colourService"
class="org.springframework.remoting.caucho.BurlapProxyFactoryBean">
to
<bean id="colourService"
class="your.package.NoSslCertificateCheckBurlapProxyFactory">
Configuring basic authentication should be the following (I haven't tested):
<property name="username" value="user1" />
<property name="password" value="pass1" />
References:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.