java - 使用ClientAuth的Web服务调用:在独立应用程序上工作的Tomcat上的recv失败

原文 标签 java tomcat ssl authentication

我已为ServiceMix服务器上部署的Web服务打开了SSL客户端身份验证。我已经导入了客户端和服务器证书。我已经使用独立应用程序对其进行了测试,并且一切正常。但是,当我尝试从Tomcat上部署的应用程序调用此Web服务时,出现异常:

Caused by: java.net.SocketException: Software caused connection abort: recv failed
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:150)
    at java.net.SocketInputStream.read(SocketInputStream.java:121)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:312)
    at sun.security.ssl.InputRecord.read(InputRecord.java:350)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
    at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1689)
    at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:122)
    at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:972)
    at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1083)
    at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1002)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:282)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1321)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1305)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1087)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1916)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1871)
    at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)
    at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
    at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1934)
    at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
    at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
    at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
    at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
    at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
    ... 107 more


当我无法使用客户端私钥指定keyStore时,我收到了来自独立Java应用程序的recv failed消息。堆栈跟踪,但是,其他:

Exception in thread "main" com.sun.xml.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.

java.net.SocketException: Software caused connection abort: recv failed
java.net.SocketException: Software caused connection abort: recv failed

    at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:172)
    at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144)
    at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:263)
    at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:226)
    at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:174)
    at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)
    at javax.xml.ws.Service.<init>(Service.java:56)


在这种情况下,我无法阅读WSDL。但是在Tomcat上,可以读取WSDL,但是CXF尝试发送消息时会引发错误。

是什么导致Tomcat上的错误?是证书问题吗?在两种情况下,指向trustStore和keyStore的Java变量都是相同的:

javax.net.ssl.keyStoreType=jks
javax.net.ssl.trustStoreType=jks
javax.net.ssl.keyStore=c:/cert/gen.keystore
javax.net.ssl.trustStore=c:/cert/client.keystore
javax.net.ssl.keyStorePassword=changeit
javax.net.ssl.trustStorePassword=changeit


Java:
    Java版本“ 1.6.0_30”
    Java(TM)SE运行时环境(内部版本1.6.0_30-b12)
    Java HotSpot(TM)客户端VM(内部版本20.5-b03,混合模式,共享)

的Tomcat:6.0.26

最佳答案

即使我以前也遇到过同样的错误。但是当我执行以下任一操作时,它不会发生


重新启动服务器。
重新生成证书。
尝试从服务器端设置所有这些变量,这意味着在Tomcat的server.xml文件中:

javax.net.ssl.keyStoreType=jks
javax.net.ssl.trustStoreType=jks
javax.net.ssl.keyStore=c:/cert/gen.keystore
javax.net.ssl.trustStore=c:/cert/client.keystore
javax.net.ssl.keyStorePassword=changeit
javax.net.ssl.trustStorePassword=changeit

相关文章:

java - Mahout seqdirectory不起作用

java - AngularJS-Spring MVC Rest:如何处理异常

javascript - 使用nodeJS检查其他域SSL证书

angularjs - Angular 和自签名SSL证书-ERR_INSECURE_RESPONSE

android - 创建SSL-Socket时发生NullPointerException

java - 如何读取XML文件并在reSTLet中作为响应发送

java - 在Java对象中存储表-数据结构

java - tomcat是否为每个用户创建一个线程?

java - 如何在Tomcat本地生成503错误?

java - 将应用程序安装到Tomcat7中以与sonarqube 4.1一起运行(Maven插件)