CXF Web服务客户端忽略ssl配置http-conf：tlsClientParameters-Java 学习之路

我正在尝试在cxf客户端和Web服务之间 Build SSL连接 . 对于概念验证，我正在使用SpringJunit4TestRunner运行测试 . 在我的客户端的spring配置中，我正在使用以下内容：

<jaxws:client id="wsClient"  address="${webservice.endpoint.url}" serviceClass="MyServiceClass"/>
<http-conf:conduit name="${webservice.endpoint.url}">
        <http-conf:client ConnectionTimeout="${webservice.connectionTimeout}" />

        <http-conf:tlsClientParameters>            

            <sec:keyManagers keyPassword="changeit">
                <sec:keyStore type="JKS" password="changeit" file="c:\temp\keystore\myKeyStore.jks" />
            </sec:keyManagers>
            <sec:trustManagers >
                <sec:keyStore type="JKS" password="changeit" file="c:\temp\keystore\myKeyStore.jks"/>
            </sec:trustManagers>
            <sec:cipherSuitesFilter>
                <!-- these filters ensure that a ciphersuite with
                export-suitable or null encryption is used,
                but exclude anonymous Diffie-Hellman key change as
                this is vulnerable to man-in-the-middle attacks -->
                <sec:include>.*_EXPORT_.*</sec:include>
                <sec:include>.*_EXPORT1024_.*</sec:include>
                <sec:include>.*_WITH_DES_.*</sec:include>
                <sec:include>.*_WITH_AES_.*</sec:include>
                <sec:include>.*_WITH_NULL_.*</sec:include>
                <sec:exclude>.*_DH_anon_.*</sec:exclude>
            </sec:cipherSuitesFilter>    
        </http-conf:tlsClientParameters>
    </http-conf:conduit>

但是cxf似乎没有拿起我的配置 . 在启动期间的日志中，我看到了一个

10:38:58.581 [ProofOfConceptTaskExecutor-1] DEBUG o.a.c.t.h.HttpsURLConnectionFactory - The location of the key store has not been set via a system parameter or through configuration so the default value of MYHOMEFOLDER.keystore will be used.
10:38:58.581 [ProofOfConceptTaskExecutor-1] DEBUG o.a.c.t.h.HttpsURLConnectionFactory - The key store password has not been set via a system property or through configuration, reading data from the keystore will fail.
10:38:58.581 [ProofOfConceptTaskExecutor-1] DEBUG o.a.c.t.h.HttpsURLConnectionFactory - The key password has not been set via a system property or through configuration, reading data from the keystore will fail.
10:38:59.252 [ProofOfConceptTaskExecutor-1] WARN  o.a.c.t.h.HttpsURLConnectionFactory - Default key managers cannot be initialized: Password must not be null
java.security.UnrecoverableKeyException: Password must not be null

在此之后，SSL连接失败并出现sun.security.provider.certpath.SunCertPathBuilderException：无法找到所请求目标的有效证书路径

但是，密钥库及其证书链似乎是正确的，就好像我从命令行执行测试，传递密钥库和信任库的arguemnts：

mvn clean test -Dtest=MyTestClass -Djavax.net.ssl.trustStore=C:\temp\keystore\myKeyStore.jks -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=C:\temp\keystore\myKeyStore.jks -Djavax.net.ssl.keyStorePassword=changeit

一切正常，SSL连接工作 . 所以我的结论是CXF忽略了tlsClientParameters . 任何帮助是极大的赞赏 .

编辑：如果我删除自己的TaskExecutor问题仍然存在，但在我看到的日志中

DEBUG o.a.c.t.h.HttpsURLConnectionFactory The location of the key store has not been set via a system parameter or through configuration so the default value will be used

1 回答

4

您应该为http-conf：conduit name属性使用具有限定名称空间的端口名称 . 检查Apache CXF文档 .

回复于 2024-04-28T17:56:53+08:00

CXF Web服务客户端忽略ssl配置http-conf：tlsClientParameters

1 回答

相关问题