带有附件的Web服务在双向SSL连接上失败
带有附件的Web服务在双向SSL连接上失败
提问于 2010-09-06 09:36:39
我有两个应用程序,一个提供网络服务(让我们称之为ws-provider),另一个是这个Web的客户端(称为ws-client)。这种通信是通过2种SSL保护的.关于此机密性限制,两台服务器都已正确配置(证书安装、SSL配置、Tomcat参数化.)
服务器运行在Tomcat ( ws-provider为5.5,ws-client为6)和Java6上,并使用Jax提供/消费web服务。
当用户连接到ws-client应用程序并执行调用ws-provider web服务的操作时,后一个操作通常会失败,出现以下错误:
com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 400: No client certificate chain in this request
at com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:218)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
at com.sun.xml.ws.client.Stub.process(Stub.java:234)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
at $Proxy33.createOrRenewRequest(Unknown Source)
at my.app.MyPushRequest.sendXMLRequest(MyPushRequest.java:29)
at my.app.MyRequestCreation.sendRequestForDraftApproval(MyRequestCreation.java:284)在ws-provider上,我得到了以下错误:
WARNING: Exception getting SSL attributes
java.net.SocketException: SSL Cert handshake timeout
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:101)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:67)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:121)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1127)
at org.apache.coyote.Request.action(Request.java:349)
...现在,奇怪的是,我刚才说过,在调用web服务时,它通常是失败的。出于某些原因,有时我在调用web服务时得到了成功的尝试。如果用户在登录到应用程序后的一分钟内启动操作,通常会发生这种情况(不,我不知道为什么!)
web服务请求包含一个附件。此附件是一个不大于15 my的PDF文件(至少在我的所有测试中,成功或失败,这个大小从未超过)。
因此,经过多次测试,我尝试调用相同的web服务,而不需要附加任何PDF文件,并且调用是成功的。
关于您的信息,如果在ws-provider上禁用了安全约束(即我们不再使用2种SSL连接),那么web服务调用永远不会失败。
所以我想我必须在我的网络服务或者Tomcat (或者?)上配置一些东西。才能让系统正常工作。有什么想法吗?
Java代码
下面是在ws-client上提供方法调用的Java接口(如您所见,用于WS的核心Java类是由Jax库生成的):
/**
* This class was generated by the JAX-WS RI.
* JAX-WS RI 2.1.3-b02-
* Generated source version: 2.1
*
*/
@WebService(name = "PushServicePortType", targetNamespace = "http://my.app.ws/PushService")
@XmlSeeAlso({
ObjectFactory.class
})
public interface PushServicePortType {
@WebMethod
@WebResult(name = "response", targetNamespace = "")
@RequestWrapper(localName = "createOrRenewRequest", targetNamespace = "http://my.app.ws/CwfPushService", className = "my.app.CreateOrRenewRequest")
@ResponseWrapper(localName = "createOrRenewRequestResponse", targetNamespace = "http://my.app.ws/CwfPushService", className = "my.app.CreateOrRenewRequestResponse")
public String createOrRenewRequest(
@WebParam(name = "xmlMessageContent", targetNamespace = "")
String xmlMessageContent,
@WebParam(name = "version", targetNamespace = "")
String version,
@WebParam(name = "attachments", targetNamespace = "")
List<DataHandler> attachments);
}对ws-client的调用如下(xmlFile包含请求的XML,datahandler是包含javax.activation.DataHandler附件的javax.activation.DataHandler):
PushServicePortType pushServicePort = new PushService(new URL("url/to/wsdl"), new QName("http://my.app.ws/PushService", "PushService")).getPushServiceSOAP(new MTOMFeature());
PushRequest push = new PushRequest();
responseXML = push.sendXMLRequest(pushServicePort, xmlFile, datahandler);有很多配置文件、日志或Java类。因此,如果需要的话,不要犹豫地要求更多的细节!
编辑1
通过将MTOM阈值定义为2MB,我试图强制将PDF文件集成到SOAP消息中:
论ws-client
PushServicePortType pushServicePort = new PushService(new URL("url/to/wsdl"), new QName("http://my.app.ws/PushService", "PushService")).getPushServiceSOAP(new MTOMFeature(2097152));在ws-provider上,我用@MTOM(threshold=2097152)配置了MTOM注释
这次修正并没有解决我的问题,不幸的是.
编辑2
我已经从我的web服务中全部删除了PDF附件,现在它也失败了,但是有一个不同的消息:
javax.xml.ws.soap.SOAPFaultException: Failed to read a response: javax.xml.bind.UnmarshalException
- with linked exception:
[javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,3834]
Message: XML document structures must start and end within the same entity.]
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:173)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:102)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:240)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
at $Proxy33.createOrRenewRequest(Unknown Source)
at my.app.CWFPushRequest.sendXMLRequest(PushRequest.java:29)
...
Caused by: com.sun.xml.ws.encoding.soap.DeserializationException: Failed to read a response: javax.xml.bind.UnmarshalException
- with linked exception:
[javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,3834]
Message: XML document structures must start and end within the same entity.]
at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:235)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:74)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:229)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:430)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:230)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:121)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:115)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:146)
at com.sun.xml.ws.transport.http.servlet.WSSpringServlet.doPost(WSSpringServlet.java:52)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at sun.reflect.GeneratedMethodAccessor330.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:262)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogValve.java:482)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
... 1 more
Caused by: javax.xml.bind.UnmarshalException
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.handleStreamException(UnmarshallerImpl.java:397)
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:335)
at com.sun.xml.bind.v2.runtime.BridgeImpl.unmarshal(BridgeImpl.java:84)
at com.sun.xml.bind.api.Bridge.unmarshal(Bridge.java:197)
at com.sun.xml.ws.server.sei.EndpointArgumentsBuilder$DocLit.readRequest(EndpointArgumentsBuilder.java:492)
at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:233)
... 41 more
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1,3834]
Message: XML document structures must start and end within the same entity.
at com.sun.xml.stream.XMLReaderImpl.next(XMLReaderImpl.java:563)
at com.sun.xml.ws.encoding.MtomCodec$MtomXMLStreamReaderEx.next(MtomCodec.java:413)
at com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:188)
at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:333)
... 45 more我试着记录ws-client发送的SOAP消息,但我没有发现有什么问题.
回答 1
Stack Overflow用户
回答已采纳
发布于 2010-09-09 10:28:08
我可能已经找到了解决问题的办法。
如前所述,ws-provider Tomcat给出了以下错误:
java.net.SocketException: SSL Cert handshake timeout
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:101)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:67)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:121)因此,我查看了synchronousHandshake方法(Tomcat5.5.23):
private void synchronousHandshake(SSLSocket socket) throws IOException {
InputStream in = socket.getInputStream();
int oldTimeout = socket.getSoTimeout();
socket.setSoTimeout(1000);
byte[] b = new byte[0];
listener.reset();
socket.startHandshake();
int maxTries = 60; // 60 * 1000 = example 1 minute time out
for (int i = 0; i < maxTries; i++) {
if (logger.isTraceEnabled())
logger.trace("Reading for try #" + i);
try {
int x = in.read(b);
} catch (SSLException sslex) {
logger.info("SSL Error getting client Certs", sslex);
throw sslex;
} catch (IOException e) {
// ignore - presumably the timeout
}
if (listener.completed) {
break;
}
}
socket.setSoTimeout(oldTimeout);
if (listener.completed == false) {
throw new SocketException("SSL Cert handshake timeout");
}
}正如您所看到的,超时的想法不是一个真正的超时问题,至少在我的情况下是这样。错误的发生似乎是因为我们从SSLSocket读取数据,最后,我们不认为握手是正确完成的。
另一件事是,当删除WS调用中的PDF附件时,我遇到了另一个问题。此错误表示XML解析失败。因此,出于某些原因,我怀疑在ws-provider端收到的数据是块的。
然后,我终于在Tomcat中找到了一个有趣的参数,即maxSavePostSize。
POST的最大大小(以字节为单位),在FORM或CLIENT-CERT身份验证期间容器将保存/缓冲。对于两种类型的身份验证,在对用户进行身份验证之前,将保存/缓冲POST。对于客户端-CERT身份验证,在SSL握手期间对POST进行缓冲,并在处理请求时将缓冲区清空。对于表单身份验证,在用户被重新定向到登录表单时保存POST,并保留到用户成功认证或与身份验证请求关联的会话到期为止。可以通过将此属性设置为-1来禁用该限制。将属性设置为零将禁用身份验证期间对POST数据的保存。如果未指定,则此属性设置为4096 (4千字节)。
因此,我决定修改Tomcat配置以设置maxSavePostSize="-1" (即缓冲区不再限于4Kb )。
我不能百分之百肯定这是适用于我的情况的正确的修正,但是我今天所做的所有测试(附有PDF附件)都是成功的,甚至以前总是失败的测试。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/3650404
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号