javax.xml.ws.Service通过SSL使用SOAP服务

Question

我想通过HTTPS使用SOAP服务。我已经写了一个客户来做这件事。我没有使用自动类生成，因为目标服务在多个系统上运行，因此服务URL在运行时发生更改。

这是使用JAX-WS实现：

public class SAPClient implements Callable<...> { 

private Service service = null; 
private SOAPMessage response = null; 
private boolean submitted = false; 
private boolean successfull = false; 
private QName serviceName; 
private QName portName; 
private SAPResult result = new SAPResult(); 
private Dispatch<SOAPMessage> dispatch = null; 
private SOAPBody resBody = null; 
private SapConnector connector; 

public SAPClient(EricAgent agent, SapConnector connector) { 
    this.connector = connector; 
    serviceName = new QName(connector.getUrl(), Environment.SAP_CLIENT_SERVICE_NAME); 
    portName = new QName(connector.getUrl(), Environment.SAP_CLIENT_PORT); 
    this.service = Service.create(serviceName); 
    service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, connector.getUrl()); 
    this.successfull = false; 
} 

(...) 

public synchronized void invoke() throws SOAPException { 
    try { 
     dispatch = service.createDispatch(portName, SOAPMessage.class, Service.Mode.MESSAGE); 

     MessageFactory mf = MessageFactory.newInstance(SOAPConstants.SOAP_1_1_PROTOCOL); 
     SOAPMessage message = mf.createMessage(); 
     SOAPPart part = message.getSOAPPart(); 
     SOAPEnvelope env = part.getEnvelope(); 
     SOAPBody body = env.getBody(); 

     SOAPElement operation = body.addChildElement(
       Environment.SAP_CLIENT_OPERATION_NAME, 
       Environment.SAP_CLIENT_TARGET_NAMESPACE.getPrefix(), 
       Environment.SAP_CLIENT_TARGET_NAMESPACE.getURI()); 

     // Add ticket 
     SOAPElement ticketValue = operation.addChildElement("ITicket"); 
     ticketValue.addTextNode(...); 

     // Add "Informationsprotokoll" 
     String resultString = buildEricResultString(agent); 
     SOAPElement xmlValue = operation.addChildElement("IXml"); 
     xmlValue.addTextNode(resultString); 
     message.saveChanges(); 

     Response<SOAPMessage> sapResponse = dispatch.invokeAsync(message); 

     long waitingTime = 0; 

     while (true) { 
      if (waitingTime > Environment.SAP_CLIENT_TIME_OUT) { 
       //... handle timeout 
      } 

      if (sapResponse.getContext() != null) { 
       Environment.LOGGER.debug("got response"); 
       response = sapResponse.get(); 
       submitted = true; 
       successfull = result.returnCode.equals("0"); 

       //... 

       break; 
      } 

      wait(1000); 
      waitingTime += 1000; 
     } 
    } catch (Throwable ex) { 
     Environment.LOGGER.error(null, ex); 
     this.submitted = false; 
     this.successfull = false; 
    } 
} 

} 

我想现在消耗通过SSL此服务。你能解释我如何告诉Service类使用特定的证书吗？如何通过密钥库例如...我搜索并没有找到满意的结果。提前致谢！

更新1：

通过添加：

System.setProperty("javax.net.ssl.keyStore", certPath); 
    System.setProperty("javax.net.ssl.keyStorePassword", certPass); 

我能得到SSL的工作 - 感谢zuxqoj！

输出看上去很喜欢这一点，并连接超时：

keyStore type is : jks 
keyStore provider is : 
init keystore 
init keymanager of type SunX509 
trustStore is: *** 
trustStore type is : jks 
trustStore provider is : 
init truststore 
adding as trusted cert: 
    Subject: CN=***, OU=I0020498236, OU=SAP Web AS, O=SAP Trust Community, C=DE 
    Issuer: CN=***, OU=I0020498236, OU=SAP Web AS, O=SAP Trust Community, C=DE 
    Algorithm: RSA; Serial number: 0x20120718050810 
    Valid from Wed Jul 18 07:08:10 CEST 2012 until Fri Jan 01 01:00:01 CET 2038 

trigger seeding of SecureRandom 
done seeding SecureRandom 
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 

要获得通过超时我有这个属性传递到JVM和HTTP（S）请求经历：

-Djava.net.preferIPv4Stack=true 

Answer 1

这个SOAP调用之前添加到您的代码

System.setProperty("javax.net.ssl.keyStore",certificatePath); 
System.setProperty("javax.net.ssl.keyStorePassword", certificatePassword)); 
System.setProperty("javax.net.ssl.keyStoreType", "JKS"); 

你可以d从服务器的URL ownload .cer证书，并使用命令

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias" 

现在你需要对应于每个目标服务器，并在某处你的系统认证你需要维护服务器的URL和证书

之间的映射将其转换为JKS