使用SoapClient对象进行SOAP调用的Java EE应用程序 (部署在Wildfly 9中):
SOAPMessage reply = con.call(message, url);
我收到以下消息:
引起:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at org.apache.cxf.transport.http.URLConnectionHTTPConduit $ URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:183)
由于证书问题,尝试绕过错误:
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
return;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
return;
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
soapConnectionFactory = SOAPConnectionFactory.newInstance();
这没有任何影响
有什么想法吗?
答案 0 :(得分:1)
如果CXF是您的客户端框架,那么它不会使用默认的HTTP Socket工厂,而是它自己的工厂。
因此,我建议您按照CXF manual和TLS parameters configuration
中的说明使用CXF配置工具归结为为特定端点创建管道并设置其参数,例如在HelloWorld命名空间上设置端点的配置:
<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">
<http:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="my/file/dir/Truststore.jks"/>
</sec:trustManagers>
</http:tlsClientParameters>
请注意,您可以设置SSLSocketFactory而不是密钥库(请参阅上面的第二个链接):
客户端TLS参数:sslSocketFactory&gt;要使用的SSLSocketFactory。如果已设置,则忽略所有其他bean属性。
如果您不想使用XML / Spring配置,可以通过taping into the CXF API求助于程序化调用:
如何为SOAP客户端配置HTTPConduit?
首先,您需要从Proxy对象或Client获取HTTPConduit,然后您可以设置HTTPClientPolicy,AuthorizationPolicy,ProxyAuthorizationPolicy,TLSClientParameters和/或HttpBasicAuthSupplier。import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.transport.http.HTTPConduit; import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; ... URL wsdl = getClass().getResource("wsdl/greeting.wsdl"); SOAPService service = new SOAPService(wsdl, serviceName); Greeter greeter = service.getPort(portName, Greeter.class); // Okay, are you sick of configuration files // This will show you how to configure the http conduit dynamically Client client = ClientProxy.getClient(greeter); HTTPConduit http = (HTTPConduit) client.getConduit(); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setConnectionTimeout(36000); httpClientPolicy.setAllowChunking(false); httpClientPolicy.setReceiveTimeout(32000); http.setClient(httpClientPolicy); ... greeter.sayHi("Hello");
您还可以查看具有CXF和非CXF案例解决方案的SO答案How to programmatically set the SSLContext of a JAX-WS client?。
您可能希望特别关注this solution:
<http-conf:conduit name="*.http-conduit">
<http-conf:tlsClientParameters useHttpsURLConnectionDefaultSslSocketFactory="true" />
<http-conf:conduit>