5 Replies Latest reply on Apr 19, 2016 9:26 PM by igarashitm

Switchyard call HTTPS service with certificate - soap binding

ravi21588 Apr 11, 2016 11:53 AM

Hi All,

I need to call a https service from a switchyard service.

Iam getting below error.

Caused by: javax.xml.soap.SOAPException: javax.xml.ws.WebServiceException: Could not send Message.

at org.switchyard.component.soap.OutboundHandler.invokeService(OutboundHandler.java:338) [switchyard-component-soap-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]

at org.switchyard.component.soap.OutboundHandler.handleMessage(OutboundHandler.java:273) [switchyard-component-soap-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]

... 284 more

Caused by: javax.xml.ws.WebServiceException: Could not send Message.

at org.apache.cxf.jaxws.DispatchImpl.mapException(DispatchImpl.java:269) [cxf-rt-frontend-jaxws-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:392) [cxf-rt-frontend-jaxws-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:243) [cxf-rt-frontend-jaxws-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.switchyard.component.soap.OutboundHandler.invokeService(OutboundHandler.java:329) [switchyard-component-soap-1.1.1-p5-redhat-1.jar:1.1.1-p5-redhat-1]

... 285 more

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://localhost:8443/demo1/WorkService: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to re

ted target

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.7.0_80]

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) [rt.jar:1.7.0_80]

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.7.0_80]

at java.lang.reflect.Constructor.newInstance(Constructor.java:526) [rt.jar:1.7.0_80]

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1474) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1459) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660) [cxf-rt-transports-http-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:354) [cxf-api-2.6.8.redhat-7.jar:2.6.8.redhat-7]

at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:385) [cxf-rt-frontend-jaxws-2.6.8.redhat-7.jar:2.6.8.redhat-7]

... 287 more

Switchyard xml is as below:

<?xml version="1.0" encoding="UTF-8"?>

<sy:switchyard xmlns:camel="urn:switchyard-component-camel:config:1.1" xmlns:sca="http://docs.oasis-open.org/ns/opencsa/sca/200912" xmlns:soap="urn:switchyard-component-soap:config:1.1" xmlns:sy="urn:switchyard-config:switchyard:1.1" name="Sync_Security_Demo" targetNamespace="urn:com.example.switchyard:Sync_Security_Demo:1.0">

<sca:composite name="Sync_Security_Demo" targetNamespace="urn:com.example.switchyard:Sync_Security_Demo:1.0">

<sca:component name="Component">

<camel:implementation.camel>

<camel:xml path="route.xml"/>

</camel:implementation.camel>

<sca:service name="SyncSecurityDemo" requires="clientAuthentication confidentiality">

<sca:interface.wsdl interface="wsdl/in/WorkService.wsdl#wsdl.porttype(SyncSecurityDemo)"/>

</sca:service>

<sca:reference name="WorkService" requires="confidentiality">

<sca:interface.wsdl interface="wsdl/out/WorkService.wsdl#wsdl.porttype(WorkService)"/>

</sca:reference>

</sca:component>

<sca:service name="SyncSecurityDemo" promote="Component/SyncSecurityDemo">

<sca:interface.wsdl interface="wsdl/in/WorkService.wsdl#wsdl.porttype(SyncSecurityDemo)"/>

<soap:binding.soap name="soap1">

<soap:wsdl>wsdl/in/WorkService.wsdl</soap:wsdl>

<soap:contextPath>syncsecuritydemo</soap:contextPath>

</soap:binding.soap>

</sca:service>

<sca:reference name="WorkService" multiplicity="0..1" promote="Component/WorkService">

<sca:interface.wsdl interface="wsdl/out/WorkService.wsdl#wsdl.porttype(WorkService)"/>

<soap:binding.soap name="soap1">

<soap:wsdl>wsdl/out/WorkService.wsdl</soap:wsdl>

<soap:endpointAddress>https://localhost:8443/demo1/WorkService</soap:endpointAddress>

<soap:timeout>10</soap:timeout>

</soap:binding.soap>

</sca:reference>

</sca:composite>

<sy:domain>

<sy:properties>

<sy:property name="org.switchyard.handlers.messageTrace.enabled" value="true"/>

</sy:properties>

<sy:securities>

<sy:security callbackHandler="org.switchyard.security.jboss.callback.handler.STSTokenCallbackHandler" securityDomain="saml-validate-token"/>

</sy:securities>

</sy:domain>

</sy:switchyard>

1. Re: Switchyard call HTTPS service with certificate - soap binding

igarashitm Apr 14, 2016 6:01 AM (in response to ravi21588)

This line suggests you need to configure valid certificate for outbound invocation.

Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://localhost:8443/demo1/WorkService: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to re

ted target
Actions
2. Re: Switchyard call HTTPS service with certificate - soap binding

ravi21588 Apr 14, 2016 8:56 AM (in response to igarashitm)

Hi Tomohisa,

I have valid JKS file, Can you please tell me how to add it in soap binding Composite reference for outbound invocation.
Actions
3. Re: Switchyard call HTTPS service with certificate - soap binding

igarashitm Apr 14, 2016 11:55 AM (in response to ravi21588)

It seems like you need to configure it via cxf.xml. Following JIRAs added cxf.xml support in SY2.
[SWITCHYARD-2049] Add Spring support for SOAP Component - JBoss Issue Tracker
https://issues.jboss.org/browse/SWITCHYARD-2503

Here is the SSL configuration for CXF
Apache CXF -- Client HTTP Transport (including SSL support)
Actions
4. Re: Switchyard call HTTPS service with certificate - soap binding

ravi21588 Apr 15, 2016 6:51 AM (in response to igarashitm)

Hi Tomohisa,
Iam using Jboss FSW 6.0 which supports Switchyard 1.1.
I hope cxf support is for Switchyard 2.
Can you please tell me if there is any alternative to implement in Jboss Fuse service works 6.0
Actions
5. Re: Switchyard call HTTPS service with certificate - soap binding

igarashitm Apr 19, 2016 9:26 PM (in response to ravi21588)

You can provide a system default certificate via javax.net.ssl.keystore system property, that's the only one option on FSW6 I think. Unless you have a subscription, there's no benefit to use FSW6 vs. Fuse6.2.1 on EAP at this time.
Actions

Go to original post