Java Weblogic在使用代理时中断CXF证书身份验证
我已经在代码中配置了一个CXF客户端。它对WS-server和代理设置使用证书身份验证(无身份验证)。从单元测试和Tomcat上看,一切都很好,但在Weblogic上部署时,一切都会中断。它通过代理,但不使用证书进行身份验证。奇怪的是,如果我没有通过代理,证书认证就可以工作。有什么问题吗 我用于初始化客户端的代码:Java Weblogic在使用代理时中断CXF证书身份验证,java,web-services,ssl,weblogic,cxf,Java,Web Services,Ssl,Weblogic,Cxf,我已经在代码中配置了一个CXF客户端。它对WS-server和代理设置使用证书身份验证(无身份验证)。从单元测试和Tomcat上看,一切都很好,但在Weblogic上部署时,一切都会中断。它通过代理,但不使用证书进行身份验证。奇怪的是,如果我没有通过代理,证书认证就可以工作。有什么问题吗 我用于初始化客户端的代码: JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); factory.setEndpointName(SERVI
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setEndpointName(SERVICE_NAME);
factory.setAddress("Address of the WS server");
factory.setServiceClass(MyService.class);
this.port = (MyService) factory.create();
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
//proxy settings
HTTPClientPolicy policy = new HTTPClientPolicy();
policy.setProxyServer("IP OF THE PROXY");
policy.setProxyServerPort("PORT OF THE PROXY");
conduit.setClient(policy);
//TLS
KeyStore keyStore = KeyStore.getInstance(ARCHIVE_FILE_FORMAT);
keyFile = getKeyFileUrl().openStream();
keyStore.load(keyFile, getPassword().toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, getPassword());
TLSClientParameters tlsCP = new TLSClientParameters();
tlsCP.setKeyManagers(myKeyManagers);
tlsCP.setDisableCNCheck(true);
FiltersType cipherSuiteFilter = new FiltersType();
cipherSuiteFilter.getInclude().add(SSL_RSA_WITH_3_DES_EDE_CBC_SHA);
cipherSuiteFilter.getExclude().add(DH_ANON);
tlsCP.setCipherSuitesFilter(cipherSuiteFilter);
conduit.setTlsClientParameters(tlsCP);
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133523> <BEA-000000> <weblogic user specified trustmanager validation status 0>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133523> <BEA-000000> <SSLTrustValidator returns: 0>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133523> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: No trust failure, validateErr=0.>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133524> <BEA-000000> <Performing hostname validation checks: www.cfmu.eurocontrol.int>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133524> <BEA-000000> <Proxying through 85.125.226.9>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133525> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Successfully completed post-handshake processing.>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133526> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 230 bytesProduced = 261.>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133528> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 1729 bytesProduced = 1786.>
####<Oct 2, 2013 4:08:53 PM UTC> <Debug> <SecuritySSL> <lmdesetup-jab> <fwf-acg> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380730133627> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 733 bytesProduced = 705.>
####
####
####
####
####
####
####
####
####
我尝试过不同版本的CXF(包括最新的2.7.7)和不同版本的weblogic 当我阅读Oracle文档时,Weblogic Server似乎拒绝证书链中没有定义为CA的基本约束扩展的任何证书。您可以使用命令行参数:
-Dweblogic.security.SSL.enforceConstraints=option
http://docs.oracle.com/cd/E11035_01/wls100/secmanage/ssl.html#wp1194346
What worked:
启动weblogic服务器。转到“环境”下的“服务器”。单击服务器名称。在“常规”选项卡下,将ClientCertProxyEnabled标志设置为true。我不久前遇到过类似的问题(CXF、相互SSL身份验证、代理服务器、weblogic),我修补了CXF客户端以应用(临时)解决方法(),因为它是weblogic代码中的一个bug,因为在使用代理时,weblogic.net.https.HttpsClient.openServer()方法中出现了10.3。也许问题已经解决了,我已经有1,5年没有调查过了你在使用DemoTrust证书吗?看起来是基于这个信息。您还可以尝试将-Dweblogic.security.SSL.verbose=true和-Dssl.debug=true添加到服务器启动脚本中以获取更多信息。是。但我认为问题不在证书上。如果我不使用代理,它可以工作。我已经添加了SSL调试输出。(不是所有的,因为有很多。只有在请求后立即出现的部分)谢谢,我尝试了所有可能的设置,但没有任何效果。我也尝试过
-Dweblogic.security.SSL.nojce=true