Spring-WS client with certificate
Question
I am new to web services and I need to write simple spring-ws client that will comunicate with server over SSL. The situation is:
- My client works well with http on my localhost ws server on my Glassfish (problem is remote server and https)
- Remote server works correctly. I will work just with data it sends me
- I have server's https address
- I have client certificate from server provider
I thought it'll be easy to find a simple tutorial for such task but I have problem to find something like that. Is it really so unusual or is it problem in me? Do you know some good tutorial/book for create this? It could be some simple quick steps, I really just need to connect to that server and get data from it.
I am using:
- STS 3.0.0.M3
- JDK 1.7
- Client as Java Application (later probably as dynamic web app)
- Generated classes from server's wsdl (JAXB)
- I folowed this tutorial for creating my client http://justcompiled.blogspot.sk/2010/11/web-service-client-with-spring-ws.html
EDIT: More details on the topic
I changed the client from tutorial I mentioned to work with my webservice I created on localhost (No SSL). It worked well, Requests and Responses was correct. Then I changed it to work with remote server. I generated new classes and set new address of the server in ApplicationContext. First error was missing commons-logging libraries. I added it. Then new error appeard (short version of that error):
org.springframework.ws.client.WebServiceIOException: I/O error: java.security.cert.CertificateException: No name matching certificatename found; nested exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching certificatename found
I added my certificate to cacerts in my jdk using keytool. It didn't help. I found something about that error and tried to add code from last post in here:
http://www.coderanch.com/t/557677/sockets/java/CertificateException-No-name-matching-hostname
It shouldn't be very secure but I tried it. The new error was:
Exception in thread "main" org.springframework.ws.client.WebServiceTransportException: Internal Server Error [500]
at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:663)
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:587)
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:537)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:384)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:378)
...
2 answers
solution1
1 ACCPTED 2013-02-05 16:59:16
I resolved the problem. I finally got access to our WS server so I could check the logs. It showed that the certificate wasn't problem at all. The message arrived to the server correctly. The problem started when the server tried to parse my message, this failed and server then returned error 500 with error in the log:
Unable to create envelope from given source
Me and my colleague discovered that the server is running on Java 6 but our application is on Java 7, we tried to move our application on Java 7 private server and everything worked well. After some search we discovered that probably the parsers xalan.jar and xerces.jar are the problem, updating them could also resolve that. Anyway, using same version of Java should be the solution.
Sadly I cannot go down to Java 6 and server cannot go up to Java 7 (details are not important). So I created completely new client using Axis and to be honest, I am very happy I made this decission. It has worked since start and it's much easier to use. If anyone is interested, here is the tutorial I folowed (there is also of how to use generated code in the end which I needed)
solution2
0 2014-08-12 08:51:54
This problem is related to dns name that you have not included in your certificate to solve this problem try remaking your certificate :
keytool ... san=ip:10.1.1.1
or simply try adding a static method that will tell java not to verify the domain :
static{
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier(){
public boolean verify(String dns,
javax.net.ssl.SSLSession sslSession) {
return true;
}
});
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.