HttpsURLConnection.setDefaultHostnameVerifier: 未调用方法验证
HttpsURLConnection.setDefaultHostnameVerifier: method verify not invoked
我这样配置 HttpsUrlConnection:
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
DummyHostnameVerifier:
public class DummyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}
当然,这只是配置的一部分。但问题是未调用 DummyHostnameVerifier 中的验证方法。
当我在本地机器 glassfish 3 服务器上测试我的应用程序时,验证已调用并且我没有收到任何异常。
但是当我在远程环境中测试它时,验证没有被调用,我收到了这个:
java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate. To disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
在远程环境中,应用程序在 jboss 5 上运行。
也许这取决于某些 jboss 配置?我不明白,在设置我的验证器后,默认主机名验证器在哪里发生了变化。
我认为如果您想绕过 certificateValidation,您需要创建不会进行证书验证的 Trustmanager
HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
// Create a TrustManager which wont validate certificate chains start
javax.net.ssl.TrustManager[] trustAllCertificates = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCertificates[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllCertificates, null);
// Create a TrustManager which wont validate certificate chains end
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
能否请您尝试使用上面的代码,如果您得到解决方案,请告诉我?
问题如下:发送给服务器的消息中不知何故没有操作名称。
我这样配置连接:
HttpsURLConnection.setDefaultSSLSocketFactory(ssl工厂);
HttpsURLConnection.setDefaultHostnameVerifier(新的 DummyHostnameVerifier());
URL url = null;
try {
url = new URL(endpoint + "/wsdl");
} catch (MalformedURLException e) {
LOG.error(e.getMessage());
}
javax.xml.ws.Service s = MyService.create(url, new QName(MyService.NAMESPACE, MyService.SERVICE));
ServiceSoap port = s.getPort(ServiceSoap.class);
Map<String, Object> reqCtx = ((BindingProvider)port).getRequestContext();
reqCtx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
reqCtx.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
reqCtx.put(BindingProvider.SOAPACTION_URI_PROPERTY, actionName);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnection(ConnectionType.CLOSE);
http.setClient(httpClientPolicy);
TLSClientParameters tls = new TLSClientParameters();
tls.setSSLSocketFactory(sslFactory);
tls.setDisableCNCheck(true);
http.setTlsClientParameters(tls);
所以,端口配置好了,一切都开始工作了。
我这样配置 HttpsUrlConnection:
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
DummyHostnameVerifier:
public class DummyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}
当然,这只是配置的一部分。但问题是未调用 DummyHostnameVerifier 中的验证方法。 当我在本地机器 glassfish 3 服务器上测试我的应用程序时,验证已调用并且我没有收到任何异常。 但是当我在远程环境中测试它时,验证没有被调用,我收到了这个:
java.io.IOException: The https URL hostname does not match the Common Name (CN) on the server certificate. To disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
在远程环境中,应用程序在 jboss 5 上运行。 也许这取决于某些 jboss 配置?我不明白,在设置我的验证器后,默认主机名验证器在哪里发生了变化。
我认为如果您想绕过 certificateValidation,您需要创建不会进行证书验证的 Trustmanager
HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
// Create a TrustManager which wont validate certificate chains start
javax.net.ssl.TrustManager[] trustAllCertificates = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new miTM();
trustAllCertificates[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
sc.init(null, trustAllCertificates, null);
// Create a TrustManager which wont validate certificate chains end
HttpsURLConnection.setDefaultSSLSocketFactory(sslFactory);
能否请您尝试使用上面的代码,如果您得到解决方案,请告诉我?
问题如下:发送给服务器的消息中不知何故没有操作名称。 我这样配置连接:
HttpsURLConnection.setDefaultSSLSocketFactory(ssl工厂); HttpsURLConnection.setDefaultHostnameVerifier(新的 DummyHostnameVerifier());
URL url = null;
try {
url = new URL(endpoint + "/wsdl");
} catch (MalformedURLException e) {
LOG.error(e.getMessage());
}
javax.xml.ws.Service s = MyService.create(url, new QName(MyService.NAMESPACE, MyService.SERVICE));
ServiceSoap port = s.getPort(ServiceSoap.class);
Map<String, Object> reqCtx = ((BindingProvider)port).getRequestContext();
reqCtx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
reqCtx.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE);
reqCtx.put(BindingProvider.SOAPACTION_URI_PROPERTY, actionName);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnection(ConnectionType.CLOSE);
http.setClient(httpClientPolicy);
TLSClientParameters tls = new TLSClientParameters();
tls.setSSLSocketFactory(sslFactory);
tls.setDisableCNCheck(true);
http.setTlsClientParameters(tls);
所以,端口配置好了,一切都开始工作了。