2 Replies Latest reply on Dec 12, 2011 6:34 AM by tao_dl

    cxf.xml doesn't work under JBoss 6.1

    tao_dl
    tao_dl Nov 22, 2011 5:58 AM

      Dear Forum,

       

      Currently under JBoss 6.1, I have a problem by calling web service over https (SSL), which has a self-signed certificate. By using a dummy (certificate)TrustManager, I got one step further with following errors:

       

      Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate.  To

      disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.

       

      I googled and found that I need to set a cxf client configuration file with the project. Then I created a cxf.xml with following content and left it in the folder: myProject-ejb\src\main\resources\ :

       

       

      <beans xmlns="http://www.springframework.org/schema/beans"

            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

            xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"     

            xsi:schemaLocation="

                http://cxf.apache.org/configuration/security

                http://cxf.apache.org/schemas/configuration/security.xsd

                http://cxf.apache.org/transports/http/configuration

                http://cxf.apache.org/schemas/configuration/http-conf.xsd

                http://www.springframework.org/schema/beans

                http://www.springframework.org/schema/beans/spring-beans.xsd">

       

      <http-conf:conduit name="{https://server.company.com:8443/}WebService.http-conduit">

          <http-conf:tlsClientParameters  secureSocketProtocol="SSL" disableCNCheck="true"/>

      </http-conf:conduit>

       

      <http-conf:conduit name="*.http-conduit">

          <http-conf:tlsClientParameters  disableCNCheck="true" secureSocketProtocol="SSL"/>

      </http-conf:conduit>

      </beans>

       

      However, I always get the above errors. Did I do something wrong? I saw that the cxf.xml file has been copied into the root folder of the myProject-ejb.jar file, but I don't know if the cxf.file really works. How can I check if the cxf.xml is working?

       

      Thanks in advance!

       

      Tao

        • 1. Re: cxf.xml doesn't work under JBoss 6.1
          asoldano
          asoldano Dec 12, 2011 5:02 AM (in response to tao_dl)

          In the JBossWS-CXF integration, you can also turn on the disableCNCheck flag by setting the org.jboss.security.ignoreHttpsHost sys property (-Dorg.jboss.security.ignoreHttpsHost=true)

          1 of 1 people found this helpful
            • Actions
          • 2. Re: cxf.xml doesn't work under JBoss 6.1
            tao_dl
            tao_dl Dec 12, 2011 6:34 AM (in response to asoldano)

            Hello Soldano, thanks a lot for your tipp! I solved the problem with the following line:

             

            System.setProperty("org.jboss.security.ignoreHttpsHost", "true");

             

            Another way to solve the problem is to use the JaxWsProxyFactoryBean method:

             

             

             

            ---------------------------------------------------------------------------------------------------------------------------------------

            import javax.net.ssl.HttpsURLConnection;

            import javax.net.ssl.SSLContext;

            import javax.net.ssl.TrustManager;

            import javax.net.ssl.X509TrustManager;

            import java.security.cert.X509Certificate;

             

            import org.apache.cxf.configuration.jsse.TLSClientParameters;

            import org.apache.cxf.configuration.security.AuthorizationPolicy;

            import org.apache.cxf.endpoint.Client;

            import org.apache.cxf.frontend.ClientProxy;

            import org.apache.cxf.transport.http.HTTPConduit;

            import org.apache.cxf.interceptor.*;

            import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;

             

            MyWebServiceEndpoint port = null;

             

            JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();

            factory.setServiceClass(MyWebServiceEndpoint.class);

            factory.setAddress(MyWebServiceURL());

            port = (MyWebServiceEndpoint) factory.create();

            configHttpConduit(port);

             

            BindingProvider bp = (BindingProvider)port;

            bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, username);

            bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);

            ...

             

             

            private void configHttpConduit(Object service) {

                    Client clientProxy = ClientProxy.getClient(service);

             

                    HTTPConduit conduit = (HTTPConduit) clientProxy.getConduit();

                    String targetAddr = conduit.getTarget().getAddress().getValue();

                    if (targetAddr.toLowerCase().startsWith("https:")) {

                        TrustManager[] simpleTrustManager = new TrustManager[] { new X509TrustManager() {

                            public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                                return null;

                            }

             

                            public void checkClientTrusted(

                                    java.security.cert.X509Certificate[] certs, String authType) {

                            }

             

                            public void checkServerTrusted(

                                    java.security.cert.X509Certificate[] certs, String authType) {

                            }

                        } };

                        TLSClientParameters tlsParams = new TLSClientParameters();

                        tlsParams.setTrustManagers(simpleTrustManager);

                        tlsParams.setDisableCNCheck(true);

                        tlsParams.setSecureSocketProtocol("SSL"); // This line is not very necessary.

                        conduit.setTlsClientParameters(tlsParams);

             

                    }

                }

              • Actions