SSL & Authorization
fabboco Aug 1, 2007 4:24 AMHi guys,
I really need some directions from you.
I have a test ws:
@Stateless @WebService(name = "wstest", serviceName = "wstest") @WebContext(contextRoot = "/ma", transportGuarantee="NONE", secureWSDLAccess = false) @Remote(WsTest.class) @RemoteBinding @SOAPBinding(style = SOAPBinding.Style.DOCUMENT) public class WsTestBean implements WsTest { Logger log = Logger.getLogger(WsTestBean.class); @WebMethod public String echo(String message) { return message; } }
deployed into Jboss 4.2.0
Using wsconsume I prepared the proxy and my client is able to call the ws:
public class WsTestClient { public static void main(String[] args) { System.out.println("WsTest Client Start"); Wstest_Service ws = new Wstest_Service(); Wstest wsTest = ws.getWstestPort(); System.out.println("Echo message: "+wsTest.echo("Ciao Ciao sono Fabrizio")); System.out.println("WsTest Client End"); } }
What I have to do now (for a real application !) is:
1) use SSL
2) enforce authentication (only authorized user can call the ws)
I have changed the servers as follows:
@WebContext(contextRoot = "/ma", transportGuarantee="CONFIDENTIAL", secureWSDLAccess = false)
and than the SSL should be ok. The ServiceEndpointAddress switch from http://.....?wsdl to https://.....?wsdl
Then I have tried to regenerate the proxy using wsconsume and I get the following error:
failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.jboss.com.sun.tools.ws.processor.modeler.wsdl.WSDLModeler.buildModel(WSDLModeler.java:215) at org.jboss.com.sun.tools.ws.processor.config.ModelInfo.buildModel(ModelInfo.java:88) at org.jboss.com.sun.tools.ws.processor.Processor.runModeler(Processor.java:82) at org.jboss.com.sun.tools.ws.wscompile.CompileTool.run(CompileTool.java:543) at org.jboss.com.sun.tools.ws.util.ToolBase.run(ToolBase.java:57) at org.jboss.ws.tools.jaxws.impl.WSContractConsumerImpl$1.run(WSContractConsumerImpl.java:163) at org.jboss.ws.tools.jaxws.impl.WSContractConsumerImpl.consume(WSContractConsumerImpl.java:166) at org.jboss.ws.tools.jaxws.command.wsconsume.importServices(wsconsume.java:193) at org.jboss.ws.tools.jaxws.command.wsconsume.main(wsconsume.java:76) Caused by: failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.buildDocumentFromWSDL(WSDLParser.java:318) at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.parseDefinitions(WSDLParser.java:222) at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.parse(WSDLParser.java:213) at org.jboss.com.sun.tools.ws.processor.modeler.wsdl.WSDLModeler.buildModel(WSDLModeler.java:166) ... 8 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:938) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source) at org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source) at org.jboss.com.sun.tools.ws.wsdl.parser.WSDLParser.buildDocumentFromWSDL(WSDLParser.java:276) ... 11 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841) ... 30 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 35 more error: failed to parse document at "https://fabocoxp2:8443/ma/WsTestBean?wsdl": javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I think that I have to put a certificate somewhere !
Reading documentation I realized that I have to configure:
boss-wsse-server.xml
and
jboss-wsse-client.xml
but I can't find a step-by-step procedure.
What about authorization ?
Thank you in advance for any help.
Regards
Fabrizio