cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X

Integrity web service in Java over https

amatei
12-Amethyst

Integrity web service in Java over https

Hello,

We are using Integrity Lifecycle Manager version 11.2.0.1413

Using the SoapUI tool, we can successfully call web service methods over https to our server.

For example, calling the getItem() web method is successful from SoapUI over https:

https://server:port/webservices/10/2/Integrity

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:int="http://webservice.mks.com/10/2/Integrity" xmlns:sch="http://webservice.mks.com/10/2/Integrity/schema">
<soapenv:Header/>
<soapenv:Body>
<int:getItem>

<arg0 transactionId="?" sch:ItemId="123581">


<sch:Username>uuuu</sch:Username>
<sch:Password>pppp</sch:Password>

<sch:InputField>Attachments</sch:InputField>


</arg0>
</int:getItem>
</soapenv:Body>
</soapenv:Envelope>

 

But if we create a SOAP client in Java from the Eclipse IDE and then we call the getItem() web method, we get an exception: 

com.sun.xml.internal.ws.client.ClientTransportException, HTTP transport error: javax.net.ssl.SSLException: Received fatal alert: unexpected_message

 

 

I mention that this Java code works very well over http for other Integrity servers!

I cannot post all here the code, just an idea of how it looks like.

 

Integrity102Service service = new Integrity102Service();

Integrity102 endpoint = service.getIntegrity102Port();

BindingProvider provider = (BindingProvider)endpoint;
Map<String, Object> context = provider.getRequestContext();
context.put(ENDPOINT_ADDRESS_PROPERTY,"https://server:port/webservices/10/2/Integrity/");

.....

GetItemType arg = new GetItemType();
arg.setUsername("uuuu");
arg.setPassword("pppp");
arg.setItemId(BigInteger.valueOf(123581));

arg.getInputField().add("Attachments");

Item item = endpoint.getItem(arg); //this throws the exception

 

--------

public class Integrity102Service extends Service
{

...

@WebEndpoint(name = "Integrity_10_2Port")
public Integrity102 getIntegrity102Port() {
return super.getPort(new QName("http://webservice.mks.com/10/2/Integrity", "Integrity_10_2Port"), Integrity102.class);
}

... etc

}

 

------ 

 

@WebService(name = "Integrity_10_2", targetNamespace = "http://webservice.mks.com/10/2/Integrity")
@XmlSeeAlso({
ObjectFactory.class
})
public interface Integrity102

{

 

@WebMethod
@WebResult(targetNamespace = "")
@RequestWrapper(localName = "getItem", targetNamespace = "http://webservice.mks.com/10/2/Integrity", className = "proxyIntegrity.GetItem")
@ResponseWrapper(localName = "getItemResponse", targetNamespace = "http://webservice.mks.com/10/2/Integrity", className = "proxyIntegrity.GetItemResponse")
public Item getItem(
@WebParam(name = "arg0", targetNamespace = "")
GetItemType arg0)
throws MKSException
;

... etc

}

 

What is needed to make the SOAP client work over https with Integrity web services  ?

 

1 ACCEPTED SOLUTION

Accepted Solutions
amatei
12-Amethyst
(To:amatei)

I solved the case. The web service exception is raised only when launching our Java application from within the IDE, for example during debugging, which is using a JDK.

When our Java application is launched with "java.exe -jar ourApp.jar", which uses a JRE, then the web service methods are executed correctly over https.

 

The following trick has been added to the source code 

https://stackoverflow.com/questions/13626965/how-to-ignore-pkix-path-building-failed-sun-security-provider-certpath-suncertp

 

String javaLocation=System.getProperty("java.home").toLowerCase();

if (javaLocation.indexOf("jdk") != -1 )
{

//when at runtime we use a JDK
//when testing or debugging within the IDE, we must apply this fix

 

/* Start of Fix */
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) throws java.security.cert.CertificateException { }
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws java.security.cert.CertificateException { }

 

} };

SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
/* End of the fix*/
}

View solution in original post

1 REPLY 1
amatei
12-Amethyst
(To:amatei)

I solved the case. The web service exception is raised only when launching our Java application from within the IDE, for example during debugging, which is using a JDK.

When our Java application is launched with "java.exe -jar ourApp.jar", which uses a JRE, then the web service methods are executed correctly over https.

 

The following trick has been added to the source code 

https://stackoverflow.com/questions/13626965/how-to-ignore-pkix-path-building-failed-sun-security-provider-certpath-suncertp

 

String javaLocation=System.getProperty("java.home").toLowerCase();

if (javaLocation.indexOf("jdk") != -1 )
{

//when at runtime we use a JDK
//when testing or debugging within the IDE, we must apply this fix

 

/* Start of Fix */
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) throws java.security.cert.CertificateException { }
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws java.security.cert.CertificateException { }

 

} };

SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) { return true; }
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
/* End of the fix*/
}

Top Tags