2 Replies Latest reply on Dec 12, 2011 6:34 AM by tao_dl

    cxf.xml doesn't work under JBoss 6.1

    tao_dl

      Dear Forum,

       

      Currently under JBoss 6.1, I have a problem by calling web service over https (SSL), which has a self-signed certificate. By using a dummy (certificate)TrustManager, I got one step further with following errors:

       

      Caused by: java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate.  To

      disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.

       

      I googled and found that I need to set a cxf client configuration file with the project. Then I created a cxf.xml with following content and left it in the folder: myProject-ejb\src\main\resources\ :

       

       

      <beans xmlns="http://www.springframework.org/schema/beans"

            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

            xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"     

            xsi:schemaLocation="

                http://cxf.apache.org/configuration/security

                http://cxf.apache.org/schemas/configuration/security.xsd

                http://cxf.apache.org/transports/http/configuration

                http://cxf.apache.org/schemas/configuration/http-conf.xsd

                http://www.springframework.org/schema/beans

                http://www.springframework.org/schema/beans/spring-beans.xsd">

       

      <http-conf:conduit name="{https://server.company.com:8443/}WebService.http-conduit">

          <http-conf:tlsClientParameters  secureSocketProtocol="SSL" disableCNCheck="true"/>

      </http-conf:conduit>

       

      <http-conf:conduit name="*.http-conduit">

          <http-conf:tlsClientParameters  disableCNCheck="true" secureSocketProtocol="SSL"/>

      </http-conf:conduit>

      </beans>

       

      However, I always get the above errors. Did I do something wrong? I saw that the cxf.xml file has been copied into the root folder of the myProject-ejb.jar file, but I don't know if the cxf.file really works. How can I check if the cxf.xml is working?

       

      Thanks in advance!

       

      Tao

        • 1. Re: cxf.xml doesn't work under JBoss 6.1
          asoldano

          In the JBossWS-CXF integration, you can also turn on the disableCNCheck flag by setting the org.jboss.security.ignoreHttpsHost sys property (-Dorg.jboss.security.ignoreHttpsHost=true)

          1 of 1 people found this helpful
          • 2. Re: cxf.xml doesn't work under JBoss 6.1
            tao_dl

            Hello Soldano, thanks a lot for your tipp! I solved the problem with the following line:

             

            System.setProperty("org.jboss.security.ignoreHttpsHost", "true");

             

            Another way to solve the problem is to use the JaxWsProxyFactoryBean method:

             

             

             

            ---------------------------------------------------------------------------------------------------------------------------------------

            import javax.net.ssl.HttpsURLConnection;

            import javax.net.ssl.SSLContext;

            import javax.net.ssl.TrustManager;

            import javax.net.ssl.X509TrustManager;

            import java.security.cert.X509Certificate;

             

            import org.apache.cxf.configuration.jsse.TLSClientParameters;

            import org.apache.cxf.configuration.security.AuthorizationPolicy;

            import org.apache.cxf.endpoint.Client;

            import org.apache.cxf.frontend.ClientProxy;

            import org.apache.cxf.transport.http.HTTPConduit;

            import org.apache.cxf.interceptor.*;

            import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;

             

            MyWebServiceEndpoint port = null;

             

            JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();

            factory.setServiceClass(MyWebServiceEndpoint.class);

            factory.setAddress(MyWebServiceURL());

            port = (MyWebServiceEndpoint) factory.create();

            configHttpConduit(port);

             

            BindingProvider bp = (BindingProvider)port;

            bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, username);

            bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, password);

            ...

             

             

            private void configHttpConduit(Object service) {

                    Client clientProxy = ClientProxy.getClient(service);

             

                    HTTPConduit conduit = (HTTPConduit) clientProxy.getConduit();

                    String targetAddr = conduit.getTarget().getAddress().getValue();

                    if (targetAddr.toLowerCase().startsWith("https:")) {

                        TrustManager[] simpleTrustManager = new TrustManager[] { new X509TrustManager() {

                            public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                                return null;

                            }

             

                            public void checkClientTrusted(

                                    java.security.cert.X509Certificate[] certs, String authType) {

                            }

             

                            public void checkServerTrusted(

                                    java.security.cert.X509Certificate[] certs, String authType) {

                            }

                        } };

                        TLSClientParameters tlsParams = new TLSClientParameters();

                        tlsParams.setTrustManagers(simpleTrustManager);

                        tlsParams.setDisableCNCheck(true);

                        tlsParams.setSecureSocketProtocol("SSL"); // This line is not very necessary.

                        conduit.setTlsClientParameters(tlsParams);

             

                    }

                }