如何使用 jax-ws 正确构建端点?
How to build the EndPoint correctly using jax-ws?
我正在使用 bootstrap 方法通过使 WSDL 在本地可用来动态构建我的端点。对于 http 和 https,但我很确定我在为 https 构建它们时出错了。
Map<String, Object> context = ((BindingProvider)control).getRequestContext();
URL address = mInstance.getConnectionEndpoint();
if (address != null && Settings.getSettings().isUsingHttpConnection()) {
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,address.toString());
System.out.println(address);
}
else{
//for https
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
if (hostname.equals("myhostname"))
return true;
return false;
}
});
address = mInstance.getSecureConnectionEndpoint();
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,address.toString());
}
getConnectionEndpoint 和 getSecureConnectionEndpoint 看起来像:
public URL getConnectionEndpoint() {
URL url = null;
try {
int port = 50013;
url = new URL("http", mHost.getHostAddress(), port, "");
} catch (MalformedURLException e) {
e.printStackTrace();
}
return url;
}
public URL getSecureConnectionEndpoint() {
URL url = null;
try {
int port = 50014;
url = new URL("https", mHost.getHostAddress(), port, "");
} catch (MalformedURLException e) {
e.printStackTrace();
}
return url;
}
这在我使用 http 时工作正常。但是对于 https,我总是会收到这样的错误:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
显然谷歌搜索这个错误我找到了答案,这可能是由于在 Java TrustStore 中不正确地导入服务器和客户端 SSL 证书。
但我非常有信心问题不在于此。
上面提到的父错误的子错误看起来像这样:
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
如果你能帮我解决这个问题,我将不胜感激!提前干杯。
问题可能是从 mHost.getHostAddress() 返回的值与服务器提供的证书上的 common name 不同的主机名。例如,如果 localhost 是 mHost.getHostAddress() 的值,但 SSL 证书颁发给 127.0.0.1(反之亦然),您可能会遇到此问题。
This post identifies a code workaround in case regenerating and reinstalling the certificate with a different CN is not viable or desirable. It involves using the HostnameVerifier mechanism of HttpsUrlConnection.
我正在使用 bootstrap 方法通过使 WSDL 在本地可用来动态构建我的端点。对于 http 和 https,但我很确定我在为 https 构建它们时出错了。
Map<String, Object> context = ((BindingProvider)control).getRequestContext();
URL address = mInstance.getConnectionEndpoint();
if (address != null && Settings.getSettings().isUsingHttpConnection()) {
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,address.toString());
System.out.println(address);
}
else{
//for https
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
if (hostname.equals("myhostname"))
return true;
return false;
}
});
address = mInstance.getSecureConnectionEndpoint();
context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,address.toString());
}
getConnectionEndpoint 和 getSecureConnectionEndpoint 看起来像:
public URL getConnectionEndpoint() {
URL url = null;
try {
int port = 50013;
url = new URL("http", mHost.getHostAddress(), port, "");
} catch (MalformedURLException e) {
e.printStackTrace();
}
return url;
}
public URL getSecureConnectionEndpoint() {
URL url = null;
try {
int port = 50014;
url = new URL("https", mHost.getHostAddress(), port, "");
} catch (MalformedURLException e) {
e.printStackTrace();
}
return url;
}
这在我使用 http 时工作正常。但是对于 https,我总是会收到这样的错误:
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
显然谷歌搜索这个错误我找到了答案,这可能是由于在 Java TrustStore 中不正确地导入服务器和客户端 SSL 证书。
但我非常有信心问题不在于此。
上面提到的父错误的子错误看起来像这样:
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
如果你能帮我解决这个问题,我将不胜感激!提前干杯。
问题可能是从 mHost.getHostAddress() 返回的值与服务器提供的证书上的 common name 不同的主机名。例如,如果 localhost 是 mHost.getHostAddress() 的值,但 SSL 证书颁发给 127.0.0.1(反之亦然),您可能会遇到此问题。
This post identifies a code workaround in case regenerating and reinstalling the certificate with a different CN is not viable or desirable. It involves using the HostnameVerifier mechanism of HttpsUrlConnection.