java 使用 wsimport 时的安全异常
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6576030/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Security exception while using wsimport
提问by strauberry
I want to generate stub files from a wsdl file which is reachable over a ssl connection with a self-signed certificate.
我想从 wsdl 文件生成存根文件,该文件可通过带有自签名证书的 ssl 连接访问。
<exec executable="wsimport">
<arg value="-d" />
<arg value="${absolute.path.to.project}/gen" />
<arg value="-s" />
<arg value="${absolute.path.to.project}/src" />
<arg value="https://host:8443/wsrf/services/WS?wsdl" />
</exec>
When I execute this in ant, I get this error:
当我在 ant 中执行此操作时,出现此错误:
generate-from-wsdl:
[exec] parsing WSDL...
[exec] [ERROR] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[exec] Failed to read the WSDL document: https://192.168.56.101:8443/wsrf/services/KnowledgebaseWebservice?wsdl, because 1) could not find the document; /2) the document could not be read; 3) the root element of the document is not <wsdl:definitions>.
[exec] [ERROR] failed.noservice=Could not find wsdl:service in the provided WSDL(s):
[exec] At least one WSDL with at least one service definition needs to be provided.
[exec] Failed to parse the WSDL.
[exec] Result: 1
To avoid this, I tried to
为了避免这种情况,我试图
- Import the server.crt file with
keytool -importcert -file ~/path/server.crt - Copying the server.crt to $JAVA_HOME/lib/security
- 导入 server.crt 文件
keytool -importcert -file ~/path/server.crt - 将 server.crt 复制到 $JAVA_HOME/lib/security
UPDATE
更新
I've also tried the following:
我还尝试了以下方法:
<wsimport wsdl="https://host:8443/Webservice?wsdl" destdir="gen"
sourcedestdir="src"
verbose="true">
<jvmarg value="-Djavax.net.ssl.trustStore=/path/host.cer" />
<jvmarg value="-Djavax.net.ssl.trustStorePassword=changeit" />
</wsimport>
I still get this error. What could I do?
我仍然收到此错误。我能做什么?
采纳答案by sudocode
I think you will need to import the server cert into the JRE's keystore by specifying -keystore <path_to>/jre/lib/security/cacerts. If you stick with your previous command line, I think you'll need to execute that command for the same user who executes Ant.
我认为您需要通过指定将服务器证书导入 JRE 的密钥库-keystore <path_to>/jre/lib/security/cacerts。如果您坚持使用以前的命令行,我认为您需要为执行 Ant 的同一用户执行该命令。
回答by lovelywib
I cannot import cert to my /jre/lib/security/cacerts.
我无法将证书导入我的 /jre/lib/security/cacerts。
So I ended up with the following workaround:
所以我最终采用了以下解决方法:
<target name="main" >
<exec executable="java">
<arg line="-Djavax.net.ssl.trustStore=c:\jdk160_29\.mykeystore -classpath C:\jdk160_29\lib\tools.jar com.sun.tools.internal.ws.WsImport https://host:8443/Webservice?wsdl -p com.test -s ./src"/>
</exec>
</target>
