Tomcat + 数字证书 部署webservice (客户端调用https webService)

关于tomcat +数字证书类例子网络上很多，使用keytool工具即可，配置可见：

http://blog.csdn.net/huzheaccp/article/details/8812826

 最后访问：https://localhost:8443   出现tomcat主页面 并且IE浏览器加锁图标出现

webService打包部署tomcat:

需要jar包：jaxws-2_0.jar  可到官网下载

WebService目录结构:

package com.huzhe.service;import java.util.List;import javax.jws.WebMethod;import javax.jws.WebParam;import javax.jws.WebService;import com.huzhe.po.Student;@WebServicepublic interface IStudentService { @WebMethod Student getStudentById(@WebParam(name="id")String id); }

package com.huzhe.service;import java.util.ArrayList;import java.util.List;import javax.jws.WebService;import com.huzhe.po.Student;@WebService(endpointInterface="com.huzhe.service.IStudentService")public class StudentImpl implements IStudentService {@Overridepublic Student getStudentById(String id) {return  new Student(id, "张三");}}

--------------------------------------------------------------------------------------------------------------------------------------

在执行下面之前，请确保webService可以正常访问，下面的内容主要涉及到tomcat部署以及https调用

--------------------------------------------------------------------------------------------------------------------------------------

配置：cmd   进入 该项目  clesses 目录下：执行：

wsgen -cp . com.xx.service.StudentImpl

在web.xml中加入：

<login-config>        <auth-method>CLIENT-CERT</auth-method>        <realm-name>Client Cert Users-only Area</realm-name>    </login-config>    <security-constraint>                  <web-resource-collection >            <web-resource-name >SSL</web-resource-name>            <url-pattern>/*</url-pattern>        </web-resource-collection>        <user-data-constraint>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>        </user-data-constraint></security-constraint><listener>          <listener-class>              com.sun.xml.ws.transport.http.servlet.WSServletContextListener          </listener-class>      </listener>      <servlet>          <servlet-name>studentImpl</servlet-name>          <servlet-class>              com.sun.xml.ws.transport.http.servlet.WSServlet          </servlet-class>      </servlet>      <servlet-mapping>          <servlet-name>studentImpl</servlet-name>          <url-pattern>/studentImpl</url-pattern>  </servlet-mapping>

在web-inf下建立：sun-jaxws.xml

<?xml version="1.0" encoding="UTF-8"?><endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime"version="2.0"><endpoint name="StudentImplWS" implementation="com.huzhe.service.StudentImpl"url-pattern="/studentImpl" /></endpoints>

然后打包：war 使用maven或者直接Eclipse导出  war

得到：ws.war

 

放到：tomcat webapp下面启动服务器；

 

访问：http://localhost:8080/ws/studentImpl?wsdl

浏览器地址变为：https://localhost:8443/ws/studentImpl?wsdl

说明已经加密了

根据wsdl文件使用eclipse生成webService客户端

（wsdl文件可以使用命令生成，最简单的方法：访问上边的地址得到xml信息  直接复制  保存为 ws.wsdl文件即可）

 

IStudentServiceProxy p = newIStudentServiceProxy();p.getIStudentService().getStudentById("001")                  .getName()

 

 

直接访问：出错   如下：

AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode:  faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target faultActor:  faultNode:  faultDetail: {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:727)at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)at org.apache.axis.client.Call.invokeEngine(Call.java:2784)at org.apache.axis.client.Call.invoke(Call.java:2767)at org.apache.axis.client.Call.invoke(Call.java:2443)at org.apache.axis.client.Call.invoke(Call.java:2366)at org.apache.axis.client.Call.invoke(Call.java:1812)at com.huzhe.client.StudentImplServiceSoapBindingStub.getStudentById(StudentImplServiceSoapBindingStub.java:228)at com.huzhe.client.ClientTest.main(ClientTest.java:18)Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)at sun.security.validator.Validator.validate(Validator.java:218)at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)... 24 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)... 30 more{http://xml.apache.org/axis/}hostname:ISS-03261128javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetat org.apache.axis.AxisFault.makeFault(AxisFault.java:101)at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:727)at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)at org.apache.axis.client.Call.invokeEngine(Call.java:2784)at org.apache.axis.client.Call.invoke(Call.java:2767)at org.apache.axis.client.Call.invoke(Call.java:2443)at org.apache.axis.client.Call.invoke(Call.java:2366)at org.apache.axis.client.Call.invoke(Call.java:1812)at com.huzhe.client.StudentImplServiceSoapBindingStub.getStudentById(StudentImplServiceSoapBindingStub.java:228)at com.huzhe.client.ClientTest.main(ClientTest.java:18)

原因是，客户端没有加入数字证书

在调用方法前加入代码：

public static void main(String[] args) {try {IStudentServiceProxy p = new IStudentServiceProxy();System.setProperty("javax.net.ssl.keyStore","D:\\mykeystore\\test.keystore");System.setProperty("javax.net.ssl.keyStorePassword", "mulepassword");System.setProperty("javax.net.ssl.trustStore","D:\\mykeystore\\test.keystore");System.setProperty("javax.net.ssl.trustStorePassword","mulepassword");System.out.println(p.getIStudentService().getStudentById("001").getName());} catch (RemoteException e) {// TODO Auto-generated catch blocke.printStackTrace();}}

成功！

D:\\mykeystore\\test.keystore

和tomcat里配置的8443端口的keystore文件一样