Apache CXF + grails - 间歇性错误 - https URL主机名与公用名(CN)不匹配

时间:2014-05-06 16:04:59

标签: apache grails ssl cxf

我正在使用Apache CXF插件(我已尝试使用1.5.6和1.6.1)与Grails(2.2.3)通过SSL调用Web服务。

我有时会收到错误“https URL主机名与客户端信任库中服务器证书上的公用名(CN)不匹配。请确保服务器证书正确,或禁用此检查(不建议用于生产)将CXF客户端TLS配置属性“disableCNCheck”设置为true。“

然而,它并不总是发生。通常它会工作几次,然后我会开始得到错误。我开始怀疑错误消息不能反映实际问题。我在Config.groovy中将disableCNCheck设置为true,但我仍然看到相同的行为:

cxf {
    client {
        requestClient {
            clientInterface = gov.agency.RequestPortType
            serviceEndpointAddress = "https://agency.gov/service"
            secureSocketProtocol = CxfClientConstants.SSL_PROTOCOL_TLSV1
            tlsClientParameters = [disableCNCheck: true]            
        }
    }
}

有什么想法吗?

以下是插件的调试输出片段:

2014-05-06 09:32:36,507 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleMessage on interceptor org.apache.cxf.interceptor.BareOutInterceptor@464ea113
2014-05-06 09:32:36,507 [http-bio-8080-exec-9] DEBUG http.Headers  - Accept: */*
2014-05-06 09:32:36,507 [http-bio-8080-exec-9] DEBUG http.Headers  - SOAPAction: "tns:ProvideAndRegisterDocumentSet-bRequest"
2014-05-06 09:32:36,507 [http-bio-8080-exec-9] DEBUG http.TrustDecisionUtil  - No Trust Decider for Conduit '{urn:ihe:iti:xdr:async:request:2007}XDRRequest_PortTypePort.http-conduit'. An afirmative Trust Decision is assumed.
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.interceptor.BareOutInterceptor@464ea113
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@5fa570da
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.interceptor.StaxOutInterceptor@111ad6e7
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@1de6a407
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.interceptor.LoggingOutInterceptor@15024134
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@4706c7b2
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@54310a74
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@7912e076
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@7ec40b92
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@e209b8c
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@78d3df42
2014-05-06 09:32:36,621 [http-bio-8080-exec-9] DEBUG phase.PhaseInterceptorChain  - Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@295cf1bb
2014-05-06 09:32:36,626 [http-bio-8080-exec-9] WARN  phase.PhaseInterceptorChain  - Interceptor for {urn:ihe:iti:xdr:async:request:2007}XDRRequestPortTypeService#{urn:ihe:iti:xdr:async:request:2007}ProvideAndRegisterDocumentSet-bRequest has thrown exception, unwinding now
Message: The https URL hostname does not match the Common Name (CN) on the server certificate in the client's truststore.  Make sure server certificate is correct, or to disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
   Line | Method
->> 101 | writeParts        in org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|    68 | handleMessage     in org.apache.cxf.interceptor.BareOutInterceptor
|   262 | doIntercept . . . in org.apache.cxf.phase.PhaseInterceptorChain
|   531 | doInvoke          in org.apache.cxf.endpoint.ClientImpl
|   464 | invoke . . . . .  in     ''
|   367 | invoke            in     ''
|   320 | invoke . . . . .  in     ''
|    89 | invokeSync        in org.apache.cxf.frontend.ClientProxy
|   134 | invoke . . . . .  in org.apache.cxf.jaxws.JaxWsClientProxy
|   424 | invoke            in com.grails.cxf.client.WebServiceClientFactoryImpl$WSClientInvocationHandler

1 个答案:

答案 0 :(得分:0)

在花了一些时间之后,我发现secureSocketProtocol没有正确设置。我更改了我的Config.groovy以完全限定常量:

secureSocketProtocol = com.grails.cxf.client.CxfClientConstants.SSL_PROTOCOL_TLSV1

我不再遇到这个问题了,所以我想这就是问题所在。

相关问题
最新问题