SSLHandshakeException talking to a https Web servi

2019-06-07 07:18发布

问题:

I am getting the below error talking to a https webservice.

org.springframework.ws.client.WebServiceIOException: I/O error:   
sun.security.validator.ValidatorException: PKIX path building failed:  
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid 
certification path to requested target; nested exception is 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX  
path 
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target

I am using spring's WebServiceTemplate and below's my xml configuration for it

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     
xmlns:p="http://www.springframework.org/schema/p"
xmlns:sws="http://www.springframework.org/schema/web-services"
xmlns:oxm="http://www.springframework.org/schema/oxm"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/web-services
       http://www.springframework.org/schema/web-services/web-services-2.0.xsd
       http://www.springframework.org/schema/oxm 
       http://www.springframework.org/schema/oxm/spring-oxm-1.5.xsd">

<bean id="webServiceTemplate"
class="org.springframework.ws.client.core.WebServiceTemplate"
p:marshaller-ref="jaxbMarshaller" 
p:unmarshaller-ref="jaxbMarshaller"
p:defaultUri="https://XXXXXXXXXXXXXXXX"
p:messageSender-ref="messageSender">
<constructor-arg ref="messageFactory" />
</bean>

<bean id="messageSender"
class="org.springframework.ws.transport.http.CommonsHttpMessageSender" />

 <!-- <bean id="messageSender"
class="org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender" /> -->

<bean id="messageFactory"
class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />

<bean id="jaxbMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller"
p:contextPath="com.test.schemas" />

</beans>

I am able to hit the service from soapui but not from the sample java code I wrote. Could some one please point me to why this is happening and how I can resolve this? Should we have received some security certificates from the 3'rd party wsdl folks?

回答1:

According to documentation CommonsHttpMessageSender is Deprecated in favor of HttpComponentsMessageSender.

Please configure httpClient property of HttpComponentsMessageSender: http://docs.spring.io/spring-ws/site/apidocs/org/springframework/ws/transport/http/HttpComponentsMessageSender.html#setHttpClient%28org.apache.http.client.HttpClient%29

See my other post on how to configure httpClient bean to work around self-signed certificate issues. sending https post request with post data using spring web

No need to import keys into keystore.



回答2:

Check if this works:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     
xmlns:p="http://www.springframework.org/schema/p"
xmlns:sws="http://www.springframework.org/schema/web-services"
xmlns:oxm="http://www.springframework.org/schema/oxm"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/web-services
       http://www.springframework.org/schema/web-services/web-services-2.0.xsd
       http://www.springframework.org/schema/oxm 
       http://www.springframework.org/schema/oxm/spring-oxm-1.5.xsd">


<!-- HTTPS connection to trust self signed certificates -->
<bean id="sslSocketFactory" class="org.apache.http.conn.ssl.SSLSocketFactory">
    <constructor-arg name="trustStrategy">
        <bean class="org.apache.http.conn.ssl.TrustSelfSignedStrategy" />
    </constructor-arg>
    <constructor-arg name="hostnameVerifier">
        <bean class="org.apache.http.conn.ssl.AllowAllHostnameVerifier" />
    </constructor-arg>
</bean>

<bean id="httpsSchemaRegistry" class="org.apache.http.conn.scheme.SchemeRegistry">
    <property name="items">
        <map>
            <entry key="https">
                <bean class="org.apache.http.conn.scheme.Scheme">

                    <constructor-arg value="https" />
                    <constructor-arg value="443" />
                    <constructor-arg ref="sslSocketFactory" />
                </bean>
            </entry>
        </map>
    </property>
</bean>
<bean id="httpClient" class="org.apache.http.impl.client.DefaultHttpClient">
    <constructor-arg>
        <bean class="org.apache.http.impl.conn.PoolingClientConnectionManager">
            <constructor-arg ref="httpsSchemaRegistry" />
        </bean>
    </constructor-arg>
</bean>

<!-- <bean id="apacheHttpsRequestFactory"
    class="org.springframework.http.client.HttpComponentsClientHttpRequestFactory">
    <constructor-arg ref="httpClient" />
-->
<bean id="webServiceTemplate"
class="org.springframework.ws.client.core.WebServiceTemplate"
p:marshaller-ref="jaxbMarshaller" 
p:unmarshaller-ref="jaxbMarshaller"
p:defaultUri="https://XXXXXXXXXXXXXXXX"
p:messageSender-ref="messageSender">
<constructor-arg ref="messageFactory" />
</bean>

<bean id="messageSender"
class="org.springframework.ws.transport.http.HttpComponentsMessageSender"
p:httpClient="httpClient" />


<bean id="messageFactory"
class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />

<bean id="jaxbMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller"
p:contextPath="com.test.schemas" />


</beans>