5 Replies Latest reply on Jul 1, 2015 1:09 PM by guru.1306

Disable hostname verification in WildFly JAX WS

guru.1306 Jun 29, 2015 7:36 AM

My application is communicating to a soap service. The host name in the certificate is not a actual host name. So , I need to disable the host name verification during the communication.

I had written a code to test but it fails exactly with the below stack trace.

Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore. Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1271)

at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:210)

at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47) [cxf-core-3.0.5.jar:3.0.5]

at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) [cxf-core-3.0.5.jar:3.0.5]

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1321)

Here is the code I have added in my environment.

https://erikwramner.wordpress.com/2013/03/27/trust-self-signed-ssl-certificates-and-skip-host-name-verification-with-jax-ws/

The JAXWSProperties.HOSTNAME_VERIFIER is an implementation specific property. Where can I find JAXWSproperties class in Jboss-jaxws implementation. Looks like the weblogic has one at weblogic.wsee.jaxws.JAXWSProperties.HOSTNAME_VERIFIER (Got to know from this blog: svasanta: Disable host name verification in webservices) Instead of JAXWSProperties, if I use the HttpsURLconnection.setDefaultHostNameVerifier() then also it throws the same exception.

Thanks

Guru

1. Re: Disable hostname verification in WildFly JAX WS

jewellgm Jun 29, 2015 8:45 AM (in response to guru.1306)

The only way that I know to disable hostname verification in JBoss AS/WildFly is to set the following system property:

-Dorg.jboss.security.ignoreHttpsHost=true

Obviously, this is a global setting. If you only want to disable verification for this particular service, this would not be the way to do that.
Actions
2. Re: Disable hostname verification in WildFly JAX WS

guru.1306 Jun 30, 2015 5:38 AM (in response to jewellgm)

Hi

This JAVA argument is not working in WildFly 9.0.2. I am still getting the same exception.

Thanks
Guru
Actions
3. Re: Disable hostname verification in WildFly JAX WS

jewellgm Jun 30, 2015 5:47 AM (in response to guru.1306)

Add the property by modifying your standalone.xml (or standalone-*.xml). Put this immediately after the extensions:

<extensions>
....
</extensions>

<system-properties>
<property name="org.jboss.security.ignoreHttpsHost" value="true"/>
</system-properties>
Actions
4. Re: Disable hostname verification in WildFly JAX WS

jaikiran Jun 30, 2015 6:00 AM (in response to guru.1306)

Guru Prashanth Thanakodi wrote:

This JAVA argument is not working in WildFly 9.0.2.

How did you set it and how do you start the server? Also, there's no 9.0.2. Are you talking about 9.0.0.CR2?
Actions
5. Re: Disable hostname verification in WildFly JAX WS

guru.1306 Jul 1, 2015 1:09 PM (in response to jewellgm)

Thanks for your help. I am using JAX-WS client. So I had to set this property <property name="cxf.tls-client.disableCNCheck" value="true"/>

Got to know from this link. Every step is clearly documented here. I am using 9.0.0 CR2

https://docs.jboss.org/author/display/JBWS/Apache+CXF+integration
Actions

Go to original post