Coldfusion 11 Web Services and SSL Issue
Our company has two web services that we host that a vendor uses to grab information from on a periodic basis. These services ran fine on a CF8 SSL site, but once we switched to 11, the services can no longer be created. However, I can create them on our unsecured test site (which also is running CF 11) and access them externally without issue. When I try to create the webservice in the url, I just get a blank page back instead of the XML I should be getting. Is there something special I am missing that has to be done to create web services in a secure environment? The raw error message I get when trying to invoke the secure web service is below:
coldfusion.xml.rpc.XmlRpcServiceImpl$BadWsdlXMLException: Unable to parse WSDL as an XML document. at coldfusion.xml.rpc.XmlRpcServiceImpl.retrieveWSDL(XmlRpcServiceImpl.java:976) at coldfusion.xml.rpc.XmlRpcServiceImpl.access$000(XmlRpcServiceImpl.java:96) at coldfusion.xml.rpc.XmlRpcServiceImpl$1.run(XmlRpcServiceImpl.java:309) at java.security.AccessController.doPrivileged(Native Method) at coldfusion.xml.rpc.XmlRpcServiceImpl.registerWebService(XmlRpcServiceImpl.java:302) at coldfusion.xml.rpc.XmlRpcServiceImpl.getWebServiceProxy(XmlRpcServiceImpl.java:692) at coldfusion.tagext.lang.InvokeTag.doEndTag(InvokeTag.java:469) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2987) at cfcallmattersearch2ecfm1244659485.runPage(D:\Web\sims\st\callmattersearch.cfm:9) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:246) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:734) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:570) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.IpFilter.invoke(IpFilter.java:45) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:487) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:42) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:141) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:78) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 ) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:422) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:198) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.jav a:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
I've got this working on our dev and test servers. Now I'm trying to deploy it to production. We have an external prod server in a DMZ that calls the web service on our internal prod server. We only have port 443 open in the firewall between these two servers (not port 80). I am able to do a <cfhttp> call to the WSDL over 443 and get back the xml. However, if I make the web service call using <cfinvoke> I get the following error:
Cannot perform web service invocation getNthDayOfMonth.
The fault returned when invoking the web service operation is:
org.apache.axis2.AxisFault: Connection refused
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(Common sHTTPTransportSender.java:402)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSen der.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java :229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at standard.StandardDate_functionCfcStub.getNthDayOfMonth(StandardDate_functionCfcStub.java: 192)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorI... ''
I am able to successfully call the same web service (on the internal prod server) using the same code from my internal dev server. However, when I look at my httpd logs on the internal prod server, I don't see the request in the ssl logs. It shows up in the access_log file as:
150.231.26.130 - - [03/Feb/2015:13:48:57 -0500] "POST /standard/date_function.cfc HTTP/1.1" 200 397 "-" "Axis2"
Any thoughts why this appears to still be coming through port 80?
Similar Messages
-
Hi,
Has anyone tried (and maybe succeeded) in accessing an
RPC-style Web Service deployed on WebLogic Server 6.1 using
SSL? I have a Web Service deployed and am able to access it using JNDI and the
weblogic.soap.http.SoapInitialContextFactory
INITIAL_CONTEXT_FACTORY. However, when I try to set the
Context.SECURITY_PROTOCOL to "ssl" and access the secure port,
I get a "java.net.SocketException: Unexpected end of file from
the server" error message.
Does the weblogic.soap.http.SoapInitialContextFactory not
support SSL? Do I need to do the SOAP/XML messaging myself,
without being able to make use of the WebLogic convenience
classes? Thanks! RobAlright!
Glad you got it working ;-)
Actually, the problem with the protocol being hardcoded to http in the wsdl.jsp,
is a bit strange. It's unusual that the BEA engineers that coded the wsgen component
and support classes, didn't use something like the following:
<soap:address location="<%= request.getScheme() + "://" + request.getServerName()
+ ":" + request.getServerPort() %>/security/examples/webservices/security/PhoneBookService"/>
I don't use wsgen too much, because I need to have more control over the J2EE
packaging. It (wsgen) is great for spitting out stuff, but not really setup for
doing Web service packaging that use classes (i.e. helper files, frameworks, etc.)
that it doesn't generate. I think they (BEA) might be looking into integrating
the Web Services assembly process with other tools like WebGain, Forte, etc. to
alleviate these types of issues.
Anyway, glad you got it working, so now you can help somebody else (time permitting,
of course) with this topic in the future!
Regards,
Mike Wooten
"Rob Nelson" <[email protected]> wrote:
>
Mike,
Thank you very much for your response! The next to
last sentence did it for me (when you mentioned checking
that the location attribute of the soap:address element
was set properly)! I noticed that when I viewed the WSDL
file via the browser (by clicking on the link in the
index.html page), I saw http://host:<unsecure_port> when
I requested it over the unsecure port, but I saw
http://host:<secure_port> when I requested the WSDL over
the secure port. Notice it did not say https!
So, I unjarred the EAR file that was generated by my
wsgen task, and then unjarred the generated WAR file
contained therein. When I looked at wsdl.jsp, I noticed
that "http" was hard-coded in the location attribute, but
that the host name and port number were dynamically
generated. So I added a scriplet to dynamically place an
"s" after "http" (if request.isSecure()) and rejarred up
the WAR and EAR files.
Now when I deployed the EAR file, I see "https" when
I request the WSDL over the secure port, and my client
(actually your client;) works! Awesome! I really appreciate
your help! Now my only issue is why did the wsdl.jsp have
"http" hard-coded, not accounting for secure requests.
These files were generated by the WSGEN task in ANT.
I figure it's either: I have a configuration problem,
I have a problem with my ANT build script, my version of
WebLogic Server (6.1 w/SP1 built 9/18/2001) has a bug, or
maybe you just have to manually go in and modify the wsdl.jsp
file if you want to use https :(. Please let me know if
you have any insight on this, and I will also follow up
with WebLogic support. Thanks again! Rob
"Michael Wooten" <[email protected]> wrote:
Hi Rob,
I am absolutely sure the code I posted works, so we need to approach
this from
a different angle ;-)
First, I know why the Context.SECURITY_PROTOCOL approach doesn't works.
It's because
the namespace in the Web Services code examples is not the same oneas
the one
used for RMI objects, EJBs, JDBC Data Sources, etc. For those objects,
the Context.PROVIDER_URL
is something like "t3://localhost:7001", and the INITIAL_CONTEXT_FACTORY
is "weblogic.jndi.WLInitialContextFactory".
The one being used with WebLogic Web Services, is mainly just functioning
as a
mechanism for manufacturing WebServiceProxy objects, because it is a
non-instanciable!
It does this by using a subclass of javax.naming.Context called SOAPContext,
which
is completely hidden from you, but also doesn't do much except implement
the lookup()
method. The implementation of this method ignores the Context.SECURITY_URL
property,
but it does pay attention to the "java.naming.security.principal" and
"java.naming.security.credentials"
properties. You don't need these properties for SSL, just Basic Authentication.
Enough about that, though. The service end-point is a servlet right?
So this means
it has a URL that begins with http or https, which in turn means the
WebLogic
servlet engine gets the SOAP request and sends it to the StatelessSessionAdapter
servlet. To WLS, this is just like any other HTTP/HTTPS request sent
to it ;-)
There is no special "SOAP-related" HTTP/HTTPS handler in WLS, but the
SSL challenge
dance still happens. So my first question is, are you sure you havethe
HTTPS
attributes set properly in the WebLogic console. SSL/HTTPS should be
enabled and
the "Hostname Verification Ignored" checkbox should be checked. Next,
are you
sure the URL assigned to the location attribute of the <service> element
in the
WSDL is correct (i.e. https://localhost:7002)? Are you using the "dynamic
client"
approach?
Regards,
Mike Wooten
"Rob Nelson" <[email protected]> wrote:
Mike,
Thanks for your response. I downloaded the code example that
you
posted
last week, as well as the code example that you posted in October for
a similar
request (BEA Support pointed me towards that). Unfortunately, I still
can't get
the Web Service to respond to the client request when the client uses
the HTTPS
port for the WebLogic Server.
I tried two different client approaches. The first uses the client
code
that you posted in October, the WebServiceProxy approach. The second
approach
is based on the example in the WebLogic documentation, which uses the
weblogic.soap.SoapInitialContextFactory
class with the javax.naming.Context object to perform a lookup on the
service
(which closely resembles rmi without the narrowing).
Both client classes fail to invoke the the service itself viaHTTPS
(although
they both work when making HTTP requests to the unsecure port). However,
when
I run the client based on the client class that you posted in October
and make
an HTTPS request, I can see in the output where it is able to download
the WSDL
file and use it (via the WebServiceProxy) to describe the availablemethods
for
the associated Web Service. It is only when the actual invoke() method
is called
on the SoapMethod object (which in turn sends the XML request to the
Web Service
Servlet), that the server doesn't respond, and the client fails with
an UnexpectedEndOfFileException
(i.e. no response).
So, do you know why the servlet that the RPC-style Web Serviceuses
to handle
requests would not respond to HTTPS requests, when it processes HTTP
requests
without a problem (using the same client code that fails with the HTTPS
request)?
I am using WebLogic Server 6.1 w/SP1 on a Solaris 8 platform. Thanks
for any
advice you can give me! Rob
"Michael Wooten" <[email protected]> wrote:
Hi Rob,
Check out the attached zip for "insights" into how to do this. It
contains
the
code for two Web service "consumers" (that the new fangled word fora
"client")
and the web.xml and weblogic.xml for the RPC-style Web Service, that
they consume.
Hope this helps,
Mike Wooten
"Rob Nelson" <[email protected]> wrote:
Hi,
Has anyone tried (and maybe succeeded) in accessing an
RPC-style Web Service deployed on WebLogic Server 6.1 using
SSL? I have a Web Service deployed and am able to access it using
JNDI
and the
weblogic.soap.http.SoapInitialContextFactory
INITIAL_CONTEXT_FACTORY. However, when I try to set the
Context.SECURITY_PROTOCOL to "ssl" and access the secure port,
I get a "java.net.SocketException: Unexpected end of file from
the server" error message.
Does the weblogic.soap.http.SoapInitialContextFactory not
support SSL? Do I need to do the SOAP/XML messaging myself,
without being able to make use of the WebLogic convenience
classes? Thanks! Rob -
I have a web service that has been working fine using http. Just switched over to SSL using the <WLHttpsTransport> tag on the jwsc ant command. Now I get the following error at runtime: Any ideas/suggestions? Thanks in advance - Craig
16:22:27,953 INFO [STDOUT] Caused by: java.lang.NoClassDefFoundError: org/apache/tools/ant/BuildException
16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.internal.TylarJ2SBindingsBuilderImpl.<init>(TylarJ2SBindingsBuilderImpl.java:87)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.J2SBindingsBuilder$Factory.newInstance(J2SBindingsBuilder.java:30)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.ExceptionUtil.<clinit>(ExceptionUtil.java:48)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.FaultUtil.exception2Fault(FaultUtil.java:230)
16:22:27,953 INFO [STDOUT] at weblogic.wsee.message.soap.SoapMessageContext.setFault(SoapMessageContext.java:102)I thought I would post an update since I found a solution. The problem was a ClassCast exception in a part of the SSL stack, that wanted to use the ant BuildException class. This has the effect of hiding the real issue which was that the SSL connection was not successfully occuring. The real problem was that the SSL connection started with a WSDL retrieved via SSL, but the connection for the port was through a username/password. When a username/password is used to create a port, the WL stack falls back to http and causes a ClassCast exception on weblogic.wsee.connection.transport.http.HttpTransportInfo. The solution is to create an https transport object when the service impl is created:
HttpsTransportInfo transport = new HttpsTransportInfo ();
transport.setUsername (user.getBytes ());
transport.setPassword (pass.getBytes ());
gServiceImpl = new PersistenceManagerService_Impl (url, transport);
and to create the port without parameters:
port = getServiceImpl ().getPersistenceManagerServicePort ();
This allows one-way SSL with username/password for the connection. -
i have developed a very small web service and which is hosted along with our web site. our webservice url is
http://www.bba-reman.com/Search/SearchDataIndex.asmx
web service code
namespace WebSearchIndex
#region SearchDataIndex
/// <summary>
/// SearchDataIndex is web service which will call function exist in another library for part data indexing
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class SearchDataIndex : System.Web.Services.WebService
//public AuthHeader ServiceAuth=null;
public class AuthHeader : SoapHeader
public string Username;
public string Password;
#region StartIndex
/// <summary>
/// this function will invoke CreateIndex function of SiteSearch module to reindex the data
/// </summary>
[WebMethod]
public string StartIndex(AuthHeader auth)
string strRetVal = "";
if (auth.Username == "Admin" && auth.Password == "Admin")
strRetVal = SiteSearch.CreateIndex(false);
else
SoapException se = new SoapException("Failed : Invalid credentials",
SoapException.ClientFaultCode,Context.Request.Url.AbsoluteUri,new Exception("Invalid credentials"));
throw se;
return strRetVal;
#endregion
#endregion
when i was calling that web service from my win apps using
HttpWebRequest
class then getting error The remote server returned an error: (500) Internal Server Error
here is code of my win apps from where i am calling web service
string strXml = "";
strXml = "<s:Envelope xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body><StartIndex xmlns='http://tempuri.org/' xmlns:i='http://www.w3.org/2001/XMLSchema-instance'><auth><Username>joy</Username><Password>joy</Password></auth></StartIndex></s:Body></s:Envelope>";
string url = "http://www.bba-reman.com/Search/SearchDataIndex.asmx";
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "POST";
req.ContentType = "text/xml";
req.KeepAlive = false;
req.ContentLength = strXml.Length;
StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII);
streamOut.Write(strXml);
streamOut.Close();
StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
string strResponse = streamIn.ReadToEnd();
streamIn.Close();
i am just not being able to understand when this line execute
StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
then getting the error The remote server returned an error: (500) Internal Server Error
not being able to understand where i made the mistake. mistake is in the code of web service end or in calling code?
help me to fix this issue. thanksHi Mou,
I just tried your win app code about calling web service, but failed. I got the 500 error after I called your service:
The error message I quoted from Fiddler:
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>System.Web.Services.Protocols.SoapException: Failed : Invalid credentials ---> System.Exception: Invalid credentials
--- End of inner exception stack trace ---
at BBAReman.WebSearchIndex.SearchDataIndex.StartIndex(AuthHeader auth)</faultstring><faultactor>http://www.bba-reman.com/Search/SearchDataIndex.asmx</faultactor><detail /></soap:Fault></soap:Body></soap:Envelope>
I am not totally sure that error occurred by the authentication. But I suggest you can try to add this service into your project using this method below:
1.right click the Reference and select Add Service Reference
2.input your service link and click "Go"
And you can use this service as the following:
private async void callService()
ServiceReference1.SearchDataIndexSoapClient client =new ServiceReference1.SearchDataIndexSoapClient();
var Str= await client.StartIndexAsync(new ServiceReference1.AuthHeader { Username = "Admin", Password = "Admin" });
Please try it.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Web service client behind a proxy server connecting to web service over SSL
Hi Friends,
A web service is exposed by an external system over SSL. We are behind a proxy server and are trying to get connected to web service over SSL. <p>
We are getting the following error on the test browser of workshop<p><p>
External Service Failure: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.<p><p>
the whole trace is <p>
<p>JDIProxy attached
<Sep 24, 2005 9:27:25 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl:salesExpertServiceControl; Method=creditcheckcontr
ol.SalesExpertServiceControl.doCreditVerification(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
Code:javax.net.ssl.SSLHandshakeException
String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
Detail:
END SERVICE FAULT>
<Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl; Method=creditcheckcontrol.CreditCheck.testCreditC
heck(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
Code:javax.net.ssl.SSLHandshakeException
String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
Detail:
END SERVICE FAULT [ServiceException]>
<Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=top-level; Method=processes.CreditCheck_wf.$__clientRequest(); Fai
lure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled process exception [ServiceException]>
<Sep 24, 2005 9:27:26 AM EDT> <Error> <WLW> <000000> <Failure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled pr
ocess exception [ServiceException]><p>
I am not able to make out what could be possibly wrong. Please let me know if you guys have any ideas about how to resolve it.
Thanks
Sridhardid you resolve this problem. I am looking at the same issue. If you did I would really appreciate your response.
Thanks. -
Web Service over SSL hangs if sent data size exceeds around 12Kb
Hi,
I have a Web Service running on a WebLogic Server 10.3. One of its purposes is to send and receive documents over a one-way SSL connection. The service runs fine if the documents are smaller than around 12Kb, however if its larger than that, the service simply hangs. From SSL debug information it looks like some data is sent but afterwards it simply stops. When testing the Web Service without SSL it works fine, which points to an SSL issue. Also, surprisingly, when it receives documents over the SSL, it also works fine. I assumed there is a parameter that limits the size of the POST message sent over SSL, however all the parameters that I found, that could do that, were already set to unlimited.We ended up resolving this issue. It turned out to be something really simple. The client that was sending the soap traffic did not have the proper SSL certificate installed on the server that was generating the soap traffic.
-
Web Service over SSL failing in BEA Workshop
I have deployed a web service on weblogic 9.2
I have enabled one-way ssl on it. got a trial ssl certificate from verisign. installed them on the keystore/truststore on the server as well as the jre (cacerts and jssecacerts truststores) being used by the client. the client is on different machine than the server.
i have developed the service through 'bea weblogic workshop 9.2' now when i try to test the service through the 'web services explorer' within bea weblogic workshop i receive the following error:
IWAB0135E An unexpected error has occurred.
IOException
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
on server:
<Jul 13, 2009 6:45:44 PM EDT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from yunus.l1id.local - 10.10.2.72. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
if i try to access the web service (over ssl) through the browser (ie/firefox), it works fine. i have generated a proxy class to access this web service through the same bea workshop and that works fine too. certificates are identified and all. i also created a small .net (c#) application that calls this secure web service over ssl from another machine and it works fine too!
of course non-secure url for the web service is working fine in every case.
what can be the reason for this failing only in 'web services explorer' in bea workshop?
cross posted at: http://www.coderanch.com/t/453879/Web-Services/java/Web-Service-over-SSL-failing
thanks.Hello,
I used this example, when I made my experiments with SSL and Glassfish (GF):
http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
If you have problems with GF I suggest to post a message here:
http://forums.java.net/jive/forum.jspa?forumID=56
e.g. here is one thread:
http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
Miro. -
Calling a web service through SSL via a stand alone java class
HI,
I am trying to call a web service through SSL via a simple stand alone java client.
I have imported the SSL certificate in my keystore by using the keytool -import command.
Basically I want to add a user to a group on the server. Say I add a user user 1 to group group 1 using an admin userid and password. All these values are set in an xml file which I send to the server while calling the server. I pass the web service URL, the soap action name and the xml to post as the command line arguments to the java client.
My xml file(Add.xml) that is posted looks like :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:xsi = "http://www.w3.org/1999/XMLSchema-instance"
xmlns:SOAP-ENC = "http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV = "http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd = "http://www.w3.org/1999/XMLSchema"
SOAP-ENV:encodingStyle = "http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<namesp1:modifyGroupOperation xmlns:namesp1 = "/services/modifyGroup/modifyGroupOp">
<auth>
<user>adminUser</user>
<password>adminPassword</password>
</auth>
<operationType>ADD</operationType>
<groupName>group1</groupName>
<users>
<userName>user1</userName>
</users>
</namesp1:modifyGroupOperation>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I call the client as:
java PostXML https://com.webservice.com/services/modifyGroup "/services/modifyGroup/modifyGroupOp" Add.xml
I my client, I have set the following:
System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
But when I try to execute the java client, I get the following error:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
main, setSoTimeout(0) called
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: .....
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
[Raw read]: length = 5
[Raw read]: length = 58
main, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 58
[Raw read]: length = 5
[Raw read]: length = 5530
main, READ: TLSv1 Handshake, length = 5530
*** Certificate chain
chain [0] = ...
chain [1] = ...
chain [2] = ...
chain [3] = ...
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.c
ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2110)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at PostXML.main(PostXML.java:111)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find v
alid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 23 more
I do not know where I have gone wrong. Could someone point out my mistake.
Thanks In advance!Hi jazz123,
There's an example in the [*Java Web Services Tutorial*|http://java.sun.com/webservices/docs/2.0/tutorial/doc/] : see Chapter 1: Building Web Services with JAX-WS - A Simple JAX-WS Client. -
BAD_CERTIFICATE error calling a web service over SSL in ALSB 2.6
We have a business service on an ALSB 2.6 server (running on WL 9.2.1) that connects to a web service over SSL. When we try to run it, we get the following exception:
<Sep 17, 2009 7:49:17 AM PDT> <Error> <ALSB Kernel> <BEA-380001> <Exception on TransportManagerImpl.sendMessageToService, com.bea.
wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.bea.wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.bea.wli.sb.transports.TransportException.newInstance(TransportException.java:146)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOu
tboundMessageContext.java:310)
at com.bea.wli.sb.transports.http.HttpsTransportProvider.sendMessageAsync(HttpsTransportProvider.java:435)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
Truncated. see log file for complete stacktrace
This exception only occurs when hitting the web service through the bus. I have written a standalone Java application that posts to the web service and it works fine. I ran the application on the server where the ALSB is running using the same jdk (1.5.0_06 - the version that ships with 9.2.1) and the same cacerts file so I know it's not a problem with the certificate not being trusted. I have tried updating the cacerts file to the latest one distributed with JRE 1.6 and it still doesn't work.
After 8 hours of troubleshooting, I'm out of ideas. Does anyone have any suggestiosn?
Thanks.
Matt
Edited by: user6946981 on Sep 17, 2009 7:58 AMAre you sure that your standalone application is using the same keystore (eg. cacert)? Default WebLogic configuration uses different keystore (demo).
I saw BAD_CERTIFICATE error only once and the cause was in keytool that somehow corrupted certificate during import. Deleting and importing certificate again helped me, but I doubt you have the same problem as your standalone application works.
Another idea ... Is hostname varification used? I know that the error message would look different if this was the cause, but try to add this parameter to your weblogic startup script: -Dweblogic.security.SSL.ignoreHostnameVerification=true
Last but not least, there is difference between your standalone application and ALSB runtime as WebLogic uses Certicom SSL provider. If you don't find the reason, contact Oracle support. Maybe they can help you to tweak Certicom provider in some way. -
Hi,
I have to develope a Web Service proxy client to invoke a web service on SSL. First I'm testing with OC4J 10.1.3.1 and JDEV 10.1.3.1 and did this:
1) Developed a basic PL/SQL Web Service with JDEV and publish on my standalone OC4J.
2) Made a test with a browser, it worked OK
3) Generated a proxy client from JDev 10.1.3.1 to invoke web service, it worked OK
--- Now make it work on SSL----
4) Then, added SSL configuration to oc4j , generated a certificate with keytool (updated server.xml, secure-web-site.xml), and shutting down and starting the OC4j instance.
5) Import the certificate to JAVA_HOME/jre/lib/security/cacerts
6) Test web service from browser on https and worked OK.
7) When tried to modified proxy client (generated in step 3) to make it work on SSL, I realized that just changing the END_POINT to the new url (https) it worked!
Questions----
1.- By default the proxy client generated from JDEV 10.1.3.1 knows how to deal with SSL conections?
2.- If I dont have previously the server certificate to import it into JAVA keystore (cacerts) how could I ,from proxy client code, capture it and import it before the validation occurs... because if the certificate is not in keystore , the program fails.
Thanks in advance
J.Hi,
Could you please provide me with the steps necessary to create a web service proxy client through JDeveloper or any other mechanism when 2 way SSL (requiring client authentication) is enabled.
Thanks a lot in advance
Nilesh -
IE browser and Web Cache and SSL - Internet Explorer cannot display the web page
When using IE8, IE9, or IE10 with Web Cache and SSL certain pages which display a lot of data returns the error - "Internet Explorer cannot display the web page."
if we eliminate SSL but continue to use Web Cache, the error does *not* reproduce & If we eliminate Web Cache altogether the error again does *not* reproduce. The error is only reproducible when we use SSL with Web Cache and if we use IE and we access *large* pages. The error is not reproducible with Firefox or Chrome. This is a Web Tier 11.1.1.7 installation with WebLogic 10.3.6 & Red Hat Enterprise 5 Linux x86-64
Event_log shows below errors.
[2013-06-13T16:34:35-04:00] [webcache] [NOTIFICATION:1] [WXE-09002] [logging] [ecid: ] Generated by Oracle Web Cache on Thu Jun 13 16:34:35 2013 - Build 11.1.1.7.0 130113.0721
[2013-06-13T16:34:36-04:00] [webcache] [NOTIFICATION:1] [WXE-08513] [logging] [ecid: ] Cache server process ID 4469 is starting up.
[2013-06-13T16:34:36-04:00] [webcache] [NOTIFICATION:1] [WXE-09612] [main] [ecid: ] Oracle Web Cache 11g (11.1.1.6), Build 11.1.1.7.0 130113.0721
[2013-06-13T16:34:37-04:00] [webcache] [NOTIFICATION:1] [WXE-13002] [config] [ecid: ] Maximum allowed incoming connections are 1000
[2013-06-13T16:35:00-04:00] [webcache] [NOTIFICATION:1] [WXE-09441] [stats] [ecid: ] DMS enabled
[2013-06-13T16:35:28-04:00] [webcache] [NOTIFICATION:1] [WXE-12209] [cluster] [ecid: ] A 1 node cluster successfully initialized
[2013-06-13T16:35:29-04:00] [webcache] [NOTIFICATION:1] [WXE-09614] [main] [ecid: ] The following Oracle Web Cache internal files are pre-populated to the cache: [[
/nssb-p.adm.fit.edu:7785/_oracle_http_server_webcache_static_.html
/nssb-p.adm.fit.edu:4448/_oracle_http_server_webcache_static_.html
[2013-06-13T16:35:29-04:00] [webcache] [NOTIFICATION:1] [WXE-09614] [main] [ecid: ] [[
The following Oracle Web Cache internal files are pre-populated to the cache: [[
/nssb-p.adm.fit.edu:7785/_oracle_http_server_webcache_checkserviceavailability_.html
/nssb-p.adm.fit.edu:4448/_oracle_http_server_webcache_checkserviceavailability_.html
[2013-06-13T16:35:29-04:00] [webcache] [NOTIFICATION:1] [WXE-09608] [main] [ecid: ] The cache server process started successfully.
[2013-06-13T16:35:29-04:00] [webcache] [WARNING:1] [WXE-12104] [utl] [ecid: ] Oracle Web Cache process has page faulted
[2013-06-13T16:44:22-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-29049
[2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The record type is unknown.
[2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Remote IP [163.118.22.16]:55145
[2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Local IP 163.118.170.70:4448
[2013-06-13T16:44:22-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: SSL error during handshake (details: internal=The record type is unknown. system=Success)
[2013-06-13T16:44:27-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-29049
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The record type is unknown.
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Remote IP [163.118.22.16]:55144
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Local IP 163.118.170.70:4448
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: SSL error during handshake (details: internal=The record type is unknown. system=Success)
[2013-06-13T16:44:27-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-29049
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The record type is unknown.
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Remote IP [163.118.22.16]:55148
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: Local IP 163.118.170.70:4448
[2013-06-13T16:44:27-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: SSL error during handshake (details: internal=The record type is unknown. system=Success)
[2013-06-13T16:44:35-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
[2013-06-13T16:44:35-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:44:47-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:45:18-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:45:18-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:45:22-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
[2013-06-13T16:45:22-04:00] [webcache] [ERROR:32] [WXE-11904] [security] [ecid: ] SSL handshake fails SSL-28864
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:45:38-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
[2013-06-13T16:45:41-04:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: This error occurred because the peer closed the connection.
[2013-06-13T16:45:41-04:00] [webcache] [WARNING:1] [WXE-11906] [security] [ecid: ] SSL details: success during initialization (details: internal=success system=Success)
Any help or suggestions are greatly appreciated
Tnx a lot,
LokeshHello ,
Try Below Workarounds:
Workaround 1:
Open Central Admin
àApplication Management à
Configure Alternate access mapping-->Edit your web application zone and add your server name in Intranet zone. So default can be serverIP and intranet could be servername.
Workaround 2:
Might be there is some issue with DNS and try to check that WebApplication is pointing to correct IP or not.
Also try to access your Sharepoint site using ip Address .. If you still gets error Kindly share the logs ..
Best
Regards Kuldeep Verma
Please remember to click "Mark As Answer"
if a post solves your problem or "Vote As Helpful" if it was useful. -
I have an AP designed as a Java Web Start program,
and I want it to connect to a web service via SSL.
I know how to do that in a normal AP. Just add a property like :
System.setProperty("javax.net.ssl.trustStore","my.keystore");
But since a JAWS program is downloaded from server, and don't have a my.keystore on local file system. I can't set a property that way. Is anyone know how to deal with this?
Can a signed jar file help?
Thanx in advance.We had the same problem. There's basically two ways around this. One is extremely easy and the other is a pain.
easy: Use a CA certificate on the web server (Verisign, thawte etc.). All java applications already have a keystore (cacerts) that recognizes
these CAs. This keystore will be used when the cert on the server is a CA. Only drawback - $250 or so for the cert.
painful: Programmatically extract your personal certificate keystore from the deployed client jar. Also programmatically apply it to your SSL handler. Basically - you have to code what's done in a regular App simply by "javax.net.truststore=keyfile". I didn't explore this option
too much as the easy option was viable. -
Hi,
I do not succeed in calling a web service via SSL from within a Web Dynpro application.
Current settings of my logical port:
Target Address: https://...
Authentication: HTTP authentication, basic (username/password)
I do call methods _setUser and _setPassword to set userid and password before calling method execute() of my modelclass.
On calling method execute(), I get message "Connection closed by remote host".
Any suggestions ?
Many thanks.
JorgenCan you check the following?
1) Did you install the SAP Cryptographic toolkit for Java available from service.sap.com?
2) Did you install the "Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files 1.4.2". For Sun they are available here: http://java.sun.com/j2se/1.4.2/download.html (last item on page)
3) How is the SSL server configured? Does it require client authentication? In this case you must send a client certificate. -
Calling web service with SSL (HTTPS) hangs client stub
If anyone can help it would make my day! I've spent way too much time on this!!!
I'm running:
- Web service is running on Linux RedHat with Oracle9iAS 9.0.3
- Client is running from Windows XP under Jdeveloper
I've successfully installed and run the web security demo "ws_security" at http://otn.oracle.com/sample_code/tech/java/web_services/wssecurity/ws_security.jar.
This demo goes through installing the web service, certificates, etc... and the demo runs fine. I'm also able to connect to the web service from a browser using https://server1:4443/CreditCardValidator/CreditCardValidator. I can download the proxy, look at the WSDL, etc...
Now I've written my own very simple stateless java class web service, deployed it to 9iAS , and then downloaded the proxy stub jar. Using the proxy stub I can call my web service and everything works fine.
Then I configure the web service to use HTTPS by making the following changes to the proxy stub (per the ws_security demo).
1) Copy the following 5 lines to the proxy stub
System.setProperty("ssl.SocketFactory.provider","oracle.security.ssl.OracleSSLSocketFactoryImpl");
System.setProperty("ssl.ServerSocketFactory.provider","oracle.security.ssl.OracleSSLServerSocketFactoryImpl");
System.setProperty("java.protocol.handler.pkgs","HTTPClient");
System.setProperty("oracle.wallet.location","C:\\Data\\Oracle\\WALLETS\\ws_security\\wallet.txt");
System.setProperty("oracle.wallet.password","thewalletpassword");
2) modify the "m_soapURL" by changing "http" to "https" and the port number to 4443
3) add the following 3 jar files to my projects library class list:
C:\Program Files\jdev9031\jlib\jssl-1_2.jar
C:\Program Files\jdev9031\jdk\jre\lib\ext\jcert.jar
C:\Program Files\jdev9031\lib\jsse.jar;C:\Program Files\jdev9031\jlib\javax-ssl-1_2.jar
When I run the proxy stub it just hangs. I've traced the hang to the "Response response = call.invoke(new URL(m_soapURL), soapActionURI);" statement in the "makeSOAPCallRPC" method in the proxy stub.
Again, this works fine if I simply change the "m_soapURL" to use "http" instead of "https". It looks like it's hanging on the client side and the call is never making it to the server.
Any help is GREATLY appreciated!!!!!Could you explain it a little more, please.
Since my first message, I used the wallet manager to add the certificate the server where the web service is at, uses.
What else do I need to make it work??
Thanks in advance again. -
I am trying to invoke a web service and I'm getting an error.
Error 401 Unauthorized. Unable to read WSDL from URL: http://servername/generation/bj/TestCalculation.wsdl. An exception occurred while invoking an event handler method from Application.cfc. The method name is: onRequest.
I can put the URL in the browser and it will pull up the WSDL. I can call this from a flex program and it will work fine. I don't know much about Flex and I'm just learning it so I wanted to see if I could get it to work with ColdFusion.
Here is the CFC I created:
<cffunction name="myCalcFunction" access="remote" returntype="any">
<cfinvoke
webservice="http://servername/generation/bj/TestCalculation.wsdl"
method="TestCalculation"
returnvariable="response">
<cfinvokeargument name="number1" value="#arguments.number1#"/>
<cfinvokeargument name="number2" value="#arguments.number2#"/>
</cfinvoke>
<cfreturn response>
</cffunction>
Can anyone point me in the right direction of what I can do?
thanks for the support.
BJBKBK -
I'm new to SOA/web services so maybe I'm not saying it right but I don't think we are on the same page. In the defintion, the WSDL is just an XML based file used to describe the functionality offered by a web service. I don't need to know anything about the service except the inputs and outputs and the URL to call the WSDL.
I created a service to calculate two numbers and return the result using a software called NextAxiom that my company has. This service is not sitting on our web server but on one of our machines on our network. See below for the WSDL file I have listed. I was just trying to use some of the standards that I read about and was using a CFC to invoke the web service so any CFM program would be able to call the CFC and not put it in the CFM program. But for now I can just put in the invoke tag in my CFM code:
<cfinvoke
webservice="http://localhost/TestCalculation.wsdl?wsdl"
method="TestCalculation" refreshwsdl="true"
returnvariable="response">
<cfinvokeargument name="number1" value="5"/>
<cfinvokeargument name="number2" value="6"/>
</cfinvoke>
<cfdump var="#response#">
Doing this, I can run the CFM program and it will come back with 11. This works great on my local CF server. When I try and run it on my dev machine I get the 401 unauthorized error. (yes I change the path of the wsdl to the path that the WSDL is on my dev web server.)
So it looks like some type of permission problem. My question is where do I look?
thanks for all replys,
BJ
Here is my WSDL file. If you notice the bold line at the bottom, that is the server where my service is.
<!--
Automatically generated 09/23/2011 by Hyperservice Business Platform, NextAxiom Technology, Inc.
-->
<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"xmlns:tns="http://www.nextaxiom.com/soapservice/TrainingBJ.TestCalc.TestCalculation/wsdl" xmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:xsd1="http://www.nextaxiom.com/soapservice/xsd1" name="TrainingBJ.TestCalc.TestCalculation"targetNamespace="http://www.nextaxiom.com/soapservice/TrainingBJ.TestCalc.TestCalculation/wsdl">
<types>
<schema xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"targetNamespace="http://www.nextaxiom.com/soapservice/xsd1">
<element name="TestCalculation">
<complexType>
<sequence>
<element name="number1" type="long"/>
<element name="number2" type="long"/>
</sequence>
</complexType>
</element>
<element name="TestCalculationResult">
<complexType>
<sequence>
<element name="result" type="long"/>
</sequence>
</complexType>
</element>
</schema>
</types>
<message name="TestCalculationRequest">
<part element="xsd1:TestCalculation" name="TestCalculation"/>
</message>
<message name="TestCalculationResponse">
<part element="xsd1:TestCalculationResult" name="TestCalculationResult"/>
</message>
<portType name="TrainingBJ.TestCalc.TestCalculationSoapPort">
<operation name="TestCalculation">
<input message="tns:TestCalculationRequest"/>
<output message="tns:TestCalculationResponse"/>
</operation>
</portType>
<binding name="TrainingBJ.TestCalc.TestCalculationSoapBinding" type="tns:TrainingBJ.TestCalc.TestCalculationSoapPort">
<soap:binding xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="TestCalculation">
<soap:operation xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:doc?in=TestCalculation?out=TestCalculationResult?path=TrainingBJ.TestCalc.TestCalculat ion"/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
</binding>
<service name="TrainingBJ.TestCalc.TestCalculation">
<port binding="tns:TrainingBJ.TestCalc.TestCalculationSoapBinding" name="TrainingBJ.TestCalc.TestCalculationPort">
<soap:address xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" location="http://nextaxb:7777/NXAServer/NextAxiomServer"/>
</port>
</service>
</definitions>
Maybe you are looking for
-
Adding new line item while save
Hi all, use an implementation of BADI ME_PROCESS_REQ_CUST in the MM-Purchase-Requisition, method IF_EX_ME_PROCESS_REQ_CUST~POST while save. based on the line items available(USER ENTERED) i have to add few more line items based on the account assign
-
How to create and implement a new work schedule rule successfully?
Dear Community, How to create and implement a new work schedule rule successfully? In other words, what are all the basic steps to create and implement a new work schedule rule successfully? Thanks in advance.
-
Not generating any register in the execution of a script from a package
Hi everybody, I am developing some script logics and I have got some problems when executing them. Basically the problem is the same in all of them, since the structure of the scripts is very similar. What I am trying to do is to calculate a certain
-
I suspect this is an easy fix, but I can't figure it out... On my T61, the screen will turn off (I'm guessing for screensaver, which is set to "None" in Display Properties) and then turn right back on again. I looked for a conflict between Power Opti
-
Retarget Data Source after forceShutdown WLS 9.1
Hi all, I am using JMX to remotely manage an application instance. I need to remotely shut down the Data Source, and be able to restart it. The forceShutdown on the JDBCDataSourceRuntimeMBean works great. Unfortunately WebLogic decided not to include