我正在尝试从服务创建基于WSDL的代理。此服务在tomcat服务器中运行,该服务器已配置为仅使用TLSv1.2接受安全连接。此服务在运行wso2server的Intranet之外。
当我在基于WSDL的代理模板中测试wsdl uri时,会出现问题,系统启动以下警告:"无效的WSDL URI(无法建立连接)"。 我不得不说wso2esb与外界有联系,问题是没有访问这个网址,因为:
根据失败的安全wsdl URL的浏览器连接信息,我得到连接TLS协议为1.2且密码为:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
更有用的信息:
来自CARBON_HOME/repository/conf/tomcat /catalina-server.xml:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8888"
bindOnInit="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
enableLookups="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
clientAuth="false"
compression="on"
scheme="https"
secure="true"
SSLEnabled="true"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="..."
URIEncoding="UTF-8" />
也许我错过了wso2server配置中的内容?
更新了问题:
在将SSL证书的公共部分安装到ESB信任库之后,我可以基于已发布的WSDL创建代理服务而没有任何问题,我可以通过ESB请求WSDL模板。但我认为这个问题并没有完全解决:
使用SoapUI尝试服务我在服务器中获得以下异常(在wso2carbon.log中读取):
TID: [0] [ESB] [2015-10-15 08:24:31,057] ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: Received fatal alert: protocol_version {org.apache.synapse.transport.passthru.TargetHandler}
javax.net.ssl.SSLException: Received fatal alert: protocol_version
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:228)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:263)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:380)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:160)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:342)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604)
at java.lang.Thread.run(Thread.java:744)
TID: [0] [ESB] [2015-10-15 08:25:04,600] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-11 {org.apache.synapse.transport.passthru.SourceHandler}
也许我在axis2.xml配置文件($ CARBON_HOME / repository / conf / axis2 / axis2.xml)中遗漏了什么?以下是与以下内容相关的部分:
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">8443</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="bind-address" locked="false">XXX.XXX.XXX.XXX</parameter>
<parameter name="WSDLEPRPrefix" locked="false">https://XXX.XXX.XXX.XXX:8443</parameter>
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.transport.nhttp.api.PassThroughNHttpGetProcessor
<parameter name="HttpsProtocols">TLSv1,TLSv1.1,TLSv1.2</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>XXX</Password>
<KeyPassword>XXX</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>XXX</Password>
</TrustStore>
</parameter>
</transportReceiver>
<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
<parameter name="non-blocking" locked="false">true
<parameter name="HttpsProtocols">TLSv1,TLSv1.1,TLSv1.2
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>XXXX</Password>
<KeyPassword>XXXX</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>XXXXX</Password>
</TrustStore>
</parameter>
<parameter name="HostnameVerifier">AllowAll</parameter>
</transportSender>
谢谢!
答案 0 :(得分:1)
您是否已将服务的公共证书导入ESB的信任存储区?如果没有,This blog post可能提供一些想法(虽然它有点过时)。
答案 1 :(得分:0)
错误“无法建立连接”太不清楚了。
使用SSL调试选项启动服务器(将-Djavax.net.debug = all添加到wso2server.sh)。
这将产生大量输出,但它可以帮助您查明问题。