1 Reply Latest reply on Apr 15, 2009 8:45 PM by zurchman

SSL Client truststore

zurchman Apr 14, 2009 6:40 PM

Is there any way to way to dynamically define a JBossWS client truststore?

I'm trying to run a standalone secure webservice client that was originally developed using a JAX-WS RI.

Using the RI, it was a simple matter to specify the truststore:

System.setProperty("javax.net.ssl.trustStore", "path_to_my_store");

I've rebuilt the artifacts and application against the jbossesb-server-4.5.GA and do not seem to be able to get the client to connect to a secure endpoint.
http endpoints work fine.

Using JBossWS, I seem to get farther setting the "org.jboss.ws.wsse.trustStore" property.

The client was built from a WSDL file, and the endpoint is changed dynamically:

BindingProvider bp = (BindingProvider) default_webservice;
Map<String, Object> context = bp.getRequestContext();
Object oldAddress = context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
System.out.println("new endpoint: " + endpoint);

The application fails parsing the Web service response, and I question if the request is actually connecting to service provider's SSL port.

2009-04-13 18:33:16,747 DEBUG [org.jboss.ws.core.EndpointInvocation] transformPayloadValue: com.autowares.ipotest.Quote -> com.autowares.ipotest.Quote
2009-04-13 18:33:16,785 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Create a handler executor: []
2009-04-13 18:33:16,785 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Create a handler executor: []
2009-04-13 18:33:16,785 DEBUG [org.jboss.ws.core.jaxws.handler.HandlerChainExecutor] Create a handler executor: []
2009-04-13 18:33:16,836 DEBUG [org.jboss.ws.core.client.HTTPRemotingConnection] Get locator for: [addr=https://service-provider-url/service-name,etc
name={javax.xml.ws.service.endpoint.address=https://service-provider-name/service}]
2009-04-13 18:33:16,933 DEBUG [org.jboss.remoting.security.SSLSocketBuilder] Could not find keystore url. Can not find store file for url because store url is null.
2009-04-13 18:33:16,965 DEBUG [org.jboss.remoting.MicroRemoteClientInvoker] org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker@67f39 connecting
2009-04-13 18:33:16,965 DEBUG [org.jboss.remoting.MicroRemoteClientInvoker] org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker@67f39 connected
2009-04-13 18:33:16,965 DEBUG [org.jboss.ws.core.client.HTTPRemotingConnection] Remoting metadata: {HEADER={SOAPAction="http://qname", Content-Type=text/xml; charset=UTF-8}, NoThrowOnError=true}
2009-04-13 18:33:16,977 DEBUG [org.jboss.ws.core.soap.SOAPContentElement]
-----------------------------------
2009-04-13 18:33:16,977 DEBUG [org.jboss.ws.core.soap.SOAPContentElement] Transitioning from OBJECT_VALID to XML_VALID
2009-04-13 18:33:16,977 DEBUG [org.jboss.ws.core.soap.ObjectContent] getXMLFragment from Object [xmlType={http://qname},javaType=class ]

1. Re: SSL Client truststore

zurchman Apr 15, 2009 8:45 PM (in response to zurchman)
Here's what it took to run a JAX-WS RI SSL client with the JBossWS 3.0.1-native-2.0.4.GA delivered with jbossesb-server-4.5.GA.

The post that made the difference was the one by Alessio at the end of this topic:

http://www.jboss.org/index.html?module=bb&op=viewtopic&t=141843

I don't recommend doing it this way, but all the artifacts were built with the RI. The only class compiled against the JBoss classes was the service mainline.

1) Set the truststore in the javax.net.ssl.trustStore property

2) Include org.jboss.ws.core.StubExt

3) Set the "Config" name to "Standard WSSecurity Client"

System.setProperty("javax.net.ssl.trustStore", "path-to-my-truststore"); BindingProvider bp = (BindingProvider) default_webservice; Map<String, Object> context = bp.getRequestContext(); context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint); System.out.println("new endpoint: " + endpoint); ((StubExt)default_webservice).setConfigName("Standard WSSecurity Client");
Actions