为wso2 esb UsernameToken安全服务生成存根

时间:2012-08-08 07:32:07

标签: java wso2 stub wso2esb

我正在尝试为wso2 esb服务编写一个简单的java客户端,使用UsernameToken方法进行保护。我在生成java存根时遇到了困难。

我首先尝试了WSDL2Java,但它没有生成有效的pom.xml文件,并且maven无法解析依赖项。

所以我决定尝试使用JAX-WS RI。存根生成并且看起来很好,但是当我尝试调用服务时,我得到以下异常。

    Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
    at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)
    at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
    at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
    at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
    at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
    at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
    at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
    at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
    at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
    at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
    at $Proxy32.getcodelists(Unknown Source)
    at com.sirmaitt.esb.codelists.client.Client.main(Client.java:32)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
    ... 15 more
Caused by: java.security.cert.CertificateException: No name matching xxxxx found
    at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
    at sun.security.util.HostnameChecker.match(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 27 more

我理解异常是由wso2服务器拥有的自签名证书引起的。我该怎么做才能避免它?

是否有一些更简单的方法可以使用UsernameToken安全方法为ssl安全服务生成有效的Java存根?这是我的服务定义:

 <proxy name="bala-ala" transports="https" startOnLoad="true" trace="disable">
        <target>
            <endpoint>
                <address uri="http://xx.xx.xxx.xx:9766/services/list?wsdl"/>
            </endpoint>
            <outSequence>
                <send/>
            </outSequence>
        </target>
        <publishWSDL uri="http://xx.xx.xxx.xx:9766/services/Codelists?wsdl"/>
        <policy key="conf:/repository/axis2/service-groups/bala-ala/services/bala-ala/policies/UTOverTransport"/>
        <enableSec/>
    </proxy>

1 个答案:

答案 0 :(得分:2)

您仍然可以使用http中公开的wsdl。 (服务仅在https中公开,但wsdls仍在http中公开)

http://localhost:8280/services/bala-ala?wsdl

如果要继续使用https中公开的wsdl,最好的选择是将ESB的证书导入cacerts。