Solved

Import WebServices over SSL with Flex Builder 3

Posted on 2009-07-09
1
1,723 Views
Last Modified: 2013-12-02
Hi everyone.

Before to start, here's my configuration :

Flex Builder 3
JBoss 4.2.2.GA for the server part (meaning TomCat running under)

I access the server trough http://localhost:8081, https://localhost:8443

I'm facing quite a strange problem and couldn't find any thread on the flex subject.
I got an application written in Java and wrote some more code to have some Web Services. The client is written in AS3 with Flex Builder.
When I import the services and create the client classes (with the Flex Builder Wiazrd/ Import Web Service) over HTTP I got no problems. But when I try to carry one of the WS over SSL, Flex Builder tells me "Unable to load the WSDL. Specify another URI".
The thing that's is disturbing is that I set up the connector :

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false"
                     keystoreFile="${jboss.server.home.dir}/ssl/kc.keystore"
                     keystorePass="changeit" sslProtocol="TLS" />

I told the server to secure the WS into the web.xml file

<security-constraint>
    <web-resource-collection>
      <web-resource-name>All resources</web-resource-name>
      <url-pattern>/UserAuthenticationWS</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

I set up a crossdomain.xml file into the ROOT.war folder of JBoss

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
      <allow-access-from domain="*" to-ports="*" secure="false"/>
</cross-domain-policy>


And I also set up the keystore for the  server and even export/import the cert to the jdk that's currently running my FlexBuilder but I still have the same problem.
I checked the Flex Builder logs and found this error :

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

.. which is quite a common error as I read many thread on it but always with different configurations. I can access the service with a browser and even succeed to import a secured WS of Amazon with no problems.

I don't know if some of you faced this problem already and how you you fixed it. Hope you'll give me tips rapidly.

-I'm not well aware about the crossdomain.xml file since I'm not really sure that the wizard for web services is asking for it .... but anyway
-I set up only "localhost" for the certificate as I got couple of problems by specifying another fancy name :)
-I'm lost ... need help !

Thanks for your help
0
Comment
Question by:KCTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
KCTeam earned 0 total points
ID: 24822579
Hey girls, hey guys ...

I finally ended up to find the solution.

Here's the problem summarized :

In SSL, especially with self signed certificate, you must explicitely add the certificate on the client side:

-Firefox complains and asks your permission to accept the certificate
-IE complains too ..
- A java application could complain too (http://www.astorm.ch/blog/index.php?post/2008/07/23/WebService-et-HTTPS)

When importng a WS with Flex Builder, the client is actually ... FB.
So I added the certificate under the cacerts of the JDK, since FB is running on it but it didn't work ...

Here's why: FB has his own cacerts file, the location where it keeps track of every certificates. Once the certificate has been added on this repo, Flex Builder doesn't complain anymore and generate the appropriate classes :)

Hope this might help


0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question