JBoss 4.2.2容器中的我的Java组件尝试访问SSL Web服务,但它获得异常(不重要,功能正常,从ssl webservice检索响应)。
操作系统:AIX
Java:
> /usr/java6_64/bin/java -version
java version "1.6.0"
Java(TM) SE Runtime Environment (build pap6460sr9fp1-20110208_03(SR9 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc64-64 jvmap6460sr9-20110203_74623 (JIT enabled, AOT enabled)
J9VM - 20110203_074623
JIT - r9_20101028_17488ifx3
GC - 20101027_AA)
JCL - 20110203_01
代码:
SOAPMessage reply = connection.call(message, webserviceUrl);
连接是SOAPConnection。
我得到以下日志输出:
2012-03-29 15:10:17,651 ERROR [org.jboss.remoting.transport.http.HTTPClientInvoker] (Thread-17) Error creating SSL Socket Factory for client invoker.
java.io.IOException: Error initializing socket factory SSL context: SunX509 TrustManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:230)
at javax.net.ssl.TrustManagerFactory.getInstance(TrustManagerFactory.java:11)
at org.jboss.remoting.security.SSLSocketBuilder.loadTrustManagers(SSLSocketBuilder.java:1407)
at org.jboss.remoting.security.SSLSocketBuilder.initializeSocketFactorySSLContext(SSLSocketBuilder.java:1326)
at org.jboss.remoting.security.SSLSocketBuilder.createCustomSocketFactory(SSLSocketBuilder.java:451)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:431)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:381)
at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.createSocketFactory(HTTPSClientInvoker.java:140)
at org.jboss.remoting.RemoteClientInvoker.<init>(RemoteClientInvoker.java:46)
at org.jboss.remoting.transport.http.HTTPClientInvoker.<init>(HTTPClientInvoker.java:105)
at org.jboss.remoting.transport.https.TransportClientFactory.createClientInvoker(TransportClientFactory.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.jboss.remoting.InvokerRegistry.loadClientInvoker(InvokerRegistry.java:419)
at org.jboss.remoting.InvokerRegistry.createClientInvoker(InvokerRegistry.java:320)
at org.jboss.remoting.Client.connect(Client.java:459)
at org.jboss.ws.core.client.RemotingConnectionImpl.createRemotingClient(RemotingConnectionImpl.java:247)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:165)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
at xxx.yyy.fooservice.FooServiceImpl.foo(FooServiceImpl.java:103)
at xxx.yyy.fooservice.FooAsyncRunner.run(FooAsyncRunner.java:31)
at java.lang.Thread.run(Thread.java:736)
我尝试在网上使用提示修改$ JAVA_HOME / jre / lib / security / java.security中的ssl.KeyManagerFactory.algorithm和ssl.TrustManagerFactory.algorithm,但错误占优势。
额外信息:指定
后出现上述例外情况export JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=foo"
...在JBoss 4.2.2启动中,在此之前我得到以下异常:
2012-03-28 12:10:13,424 ERROR [org.jboss.remoting.transport.http.HTTPClientInvoker] (Thread-13) Error creating SSL Socket Factory for client invoker.
java.io.IOException: Error initializing socket factory SSL context: Can not find truststore url.
at org.jboss.remoting.security.SSLSocketBuilder.initializeSocketFactorySSLContext(SSLSocketBuilder.java:1340)
at org.jboss.remoting.security.SSLSocketBuilder.createCustomSocketFactory(SSLSocketBuilder.java:451)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:431)
at org.jboss.remoting.security.SSLSocketBuilder.createSSLSocketFactory(SSLSocketBuilder.java:381)
at org.jboss.remoting.transport.http.ssl.HTTPSClientInvoker.createSocketFactory(HTTPSClientInvoker.java:140)
at org.jboss.remoting.RemoteClientInvoker.<init>(RemoteClientInvoker.java:46)
at org.jboss.remoting.transport.http.HTTPClientInvoker.<init>(HTTPClientInvoker.java:105)
at org.jboss.remoting.transport.https.TransportClientFactory.createClientInvoker(TransportClientFactory.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.jboss.remoting.InvokerRegistry.loadClientInvoker(InvokerRegistry.java:419)
at org.jboss.remoting.InvokerRegistry.createClientInvoker(InvokerRegistry.java:320)
at org.jboss.remoting.Client.connect(Client.java:459)
at org.jboss.ws.core.client.RemotingConnectionImpl.createRemotingClient(RemotingConnectionImpl.java:247)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:165)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.soap.SOAPConnectionImpl.callInternal(SOAPConnectionImpl.java:106)
at org.jboss.ws.core.soap.SOAPConnectionImpl.call(SOAPConnectionImpl.java:66)
at xxx.yyy.fooservice.FooServiceImpl.foo(FooServiceImpl.java:103)
at xxx.yyy.fooservice.FooAsyncRunner.run(FooAsyncRunner.java:31)
at java.lang.Thread.run(Thread.java:736)
我可以做些什么来消除这些异常?所有帮助都非常感谢!提前谢谢。
答案 0 :(得分:2)
快速浏览一下JBoss的SSLSocketBuilder.loadTrustManagers后,它会尝试在配置中使用org.jboss.remoting.trustStoreAlgorithm属性,回退到org.jboss.remoting.keyStoreAlgorithm,然后再回到硬编码的默认值{{ {1}}。
请注意,即使在Sun / Oracle JRE上,这也不是信任管理器算法it's PKIX的默认值。
我会将此报告为JBoss的错误/ RFE:当没有设置任何内容时,它应该可以回退到TrustManagerFactory.getDefaultAlgorithm()(这是此方法的重点)。
您可能必须在配置中明确设置其中一个属性以使用IBM的默认信任管理器算法,以防止它回退到这些硬编码的默认值。
答案 1 :(得分:1)
IBM JVM的名称是IbmX509而不是SunX509,这是JBoss使用的默认值,除非另有明确配置。
有关详细信息,请参阅http://docs.jboss.org/jbossweb/2.1.x/ssl-howto.html。搜索IbmX509。