我正在尝试为wso2 esb服务编写一个简单的java客户端,使用UsernameToken方法进行保护。我在生成java存根时遇到了困难。
我首先尝试了WSDL2Java,但它没有生成有效的pom.xml文件,并且maven无法解析依赖项。
所以我决定尝试使用JAX-WS RI。存根生成并且看起来很好,但是当我尝试调用服务时,我得到以下异常。
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)
at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)
at $Proxy32.getcodelists(Unknown Source)
at com.sirmaitt.esb.codelists.client.Client.main(Client.java:32)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching xxxxxx found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
... 15 more
Caused by: java.security.cert.CertificateException: No name matching xxxxx found
at sun.security.util.HostnameChecker.matchDNS(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 27 more
我理解异常是由wso2服务器拥有的自签名证书引起的。我该怎么做才能避免它?
是否有一些更简单的方法可以使用UsernameToken安全方法为ssl安全服务生成有效的Java存根?这是我的服务定义:
<proxy name="bala-ala" transports="https" startOnLoad="true" trace="disable">
<target>
<endpoint>
<address uri="http://xx.xx.xxx.xx:9766/services/list?wsdl"/>
</endpoint>
<outSequence>
<send/>
</outSequence>
</target>
<publishWSDL uri="http://xx.xx.xxx.xx:9766/services/Codelists?wsdl"/>
<policy key="conf:/repository/axis2/service-groups/bala-ala/services/bala-ala/policies/UTOverTransport"/>
<enableSec/>
</proxy>
答案 0 :(得分:2)
您仍然可以使用http中公开的wsdl。 (服务仅在https中公开,但wsdls仍在http中公开)
http://localhost:8280/services/bala-ala?wsdl
如果要继续使用https中公开的wsdl,最好的选择是将ESB的证书导入cacerts。