Solved

Import WebServices over SSL with Flex Builder 3

Posted on 2009-07-09
1
1,722 Views
Last Modified: 2013-12-02
Hi everyone.

Before to start, here's my configuration :

Flex Builder 3
JBoss 4.2.2.GA for the server part (meaning TomCat running under)

I access the server trough http://localhost:8081, https://localhost:8443

I'm facing quite a strange problem and couldn't find any thread on the flex subject.
I got an application written in Java and wrote some more code to have some Web Services. The client is written in AS3 with Flex Builder.
When I import the services and create the client classes (with the Flex Builder Wiazrd/ Import Web Service) over HTTP I got no problems. But when I try to carry one of the WS over SSL, Flex Builder tells me "Unable to load the WSDL. Specify another URI".
The thing that's is disturbing is that I set up the connector :

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false"
                     keystoreFile="${jboss.server.home.dir}/ssl/kc.keystore"
                     keystorePass="changeit" sslProtocol="TLS" />

I told the server to secure the WS into the web.xml file

<security-constraint>
    <web-resource-collection>
      <web-resource-name>All resources</web-resource-name>
      <url-pattern>/UserAuthenticationWS</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

I set up a crossdomain.xml file into the ROOT.war folder of JBoss

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
      <allow-access-from domain="*" to-ports="*" secure="false"/>
</cross-domain-policy>


And I also set up the keystore for the  server and even export/import the cert to the jdk that's currently running my FlexBuilder but I still have the same problem.
I checked the Flex Builder logs and found this error :

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

.. which is quite a common error as I read many thread on it but always with different configurations. I can access the service with a browser and even succeed to import a secured WS of Amazon with no problems.

I don't know if some of you faced this problem already and how you you fixed it. Hope you'll give me tips rapidly.

-I'm not well aware about the crossdomain.xml file since I'm not really sure that the wizard for web services is asking for it .... but anyway
-I set up only "localhost" for the certificate as I got couple of problems by specifying another fancy name :)
-I'm lost ... need help !

Thanks for your help
0
Comment
Question by:KCTeam
1 Comment
 

Accepted Solution

by:
KCTeam earned 0 total points
ID: 24822579
Hey girls, hey guys ...

I finally ended up to find the solution.

Here's the problem summarized :

In SSL, especially with self signed certificate, you must explicitely add the certificate on the client side:

-Firefox complains and asks your permission to accept the certificate
-IE complains too ..
- A java application could complain too (http://www.astorm.ch/blog/index.php?post/2008/07/23/WebService-et-HTTPS)

When importng a WS with Flex Builder, the client is actually ... FB.
So I added the certificate under the cacerts of the JDK, since FB is running on it but it didn't work ...

Here's why: FB has his own cacerts file, the location where it keeps track of every certificates. Once the certificate has been added on this repo, Flex Builder doesn't complain anymore and generate the appropriate classes :)

Hope this might help


0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question