我使用CXF生成的代码通过SSL和公司代理连接到远程web服务。当通过javaapi建立连接并将所有SSL设置设置为系统属性时,代码可以正常工作,如下所示。
System.setProperties("https.proxyHost", "myproxy.com");
System.setProperties("https.proxyPort", "8001");
System.setProperties("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperties("javax.net.ssl.keyStore", "C:/keystore.p12");
System.setProperties("javax.net.ssl.keyStorePassword", "keypassword");
System.setProperties("javax.net.ssl.trustStore", "C:/cacerts");
System.setProperties("javax.net.ssl.trustStorePassword", "capassword");
MyWebService_Service ss = new MyWebService_Service(wsdlUrl, SERVICE_NAME);
MyWebService service = ss.getMyWebServicePort();
使用这段代码,我现在可以调用服务方法,一切都按预期工作。当我试图用Spring设置相同的配置时,问题就出现了,这是我们首选的方法,因为我们已经广泛地使用Spring了。
我的弹簧配置:
<!-- relevant snippet from spring context -->
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
<jaxws:client id="webservice" serviceName="myns:MyWebService" endpointName="myns:MyWebServicePort"
address="https://bigserver.com:5012/blah/TheWebService"
serviceClass="com.mycomp.MyWebService" />
<http:conduit name="{myns}MyWebServicePort.http-conduit">
<http:tlsClientParamenters disableCNCheck="true" secureSocketProtocol="TLS">
<sec:trustManagers>
<sec:keyStore type="JKS" password="capassword" file="c:/cacerts" />
</sec:trustmanagers>
<sec:keyManagers>
<sec:keyStore type="pkcs12" password="keypassword" file="c:/keystore.p12" />
</sec:keyManagers>
</http:tlsClientParamenters>
<http:client ProxyServer="myproxy.com" ProxyServerPort="8001" />
</http:conduit>
在这两种情况下,web服务客户机都部署在web应用程序中。在第二种情况下,访问web服务会导致
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
编辑:我使用的是CXF2.2版。
