Solved

Import WebServices over SSL with Flex Builder 3

Posted on 2009-07-09
1
1,717 Views
Last Modified: 2013-12-02
Hi everyone.

Before to start, here's my configuration :

Flex Builder 3
JBoss 4.2.2.GA for the server part (meaning TomCat running under)

I access the server trough http://localhost:8081, https://localhost:8443

I'm facing quite a strange problem and couldn't find any thread on the flex subject.
I got an application written in Java and wrote some more code to have some Web Services. The client is written in AS3 with Flex Builder.
When I import the services and create the client classes (with the Flex Builder Wiazrd/ Import Web Service) over HTTP I got no problems. But when I try to carry one of the WS over SSL, Flex Builder tells me "Unable to load the WSDL. Specify another URI".
The thing that's is disturbing is that I set up the connector :

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false"
                     keystoreFile="${jboss.server.home.dir}/ssl/kc.keystore"
                     keystorePass="changeit" sslProtocol="TLS" />

I told the server to secure the WS into the web.xml file

<security-constraint>
    <web-resource-collection>
      <web-resource-name>All resources</web-resource-name>
      <url-pattern>/UserAuthenticationWS</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

I set up a crossdomain.xml file into the ROOT.war folder of JBoss

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
      <allow-access-from domain="*" to-ports="*" secure="false"/>
</cross-domain-policy>


And I also set up the keystore for the  server and even export/import the cert to the jdk that's currently running my FlexBuilder but I still have the same problem.
I checked the Flex Builder logs and found this error :

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

.. which is quite a common error as I read many thread on it but always with different configurations. I can access the service with a browser and even succeed to import a secured WS of Amazon with no problems.

I don't know if some of you faced this problem already and how you you fixed it. Hope you'll give me tips rapidly.

-I'm not well aware about the crossdomain.xml file since I'm not really sure that the wizard for web services is asking for it .... but anyway
-I set up only "localhost" for the certificate as I got couple of problems by specifying another fancy name :)
-I'm lost ... need help !

Thanks for your help
0
Comment
Question by:KCTeam
1 Comment
 

Accepted Solution

by:
KCTeam earned 0 total points
ID: 24822579
Hey girls, hey guys ...

I finally ended up to find the solution.

Here's the problem summarized :

In SSL, especially with self signed certificate, you must explicitely add the certificate on the client side:

-Firefox complains and asks your permission to accept the certificate
-IE complains too ..
- A java application could complain too (http://www.astorm.ch/blog/index.php?post/2008/07/23/WebService-et-HTTPS)

When importng a WS with Flex Builder, the client is actually ... FB.
So I added the certificate under the cacerts of the JDK, since FB is running on it but it didn't work ...

Here's why: FB has his own cacerts file, the location where it keeps track of every certificates. Once the certificate has been added on this repo, Flex Builder doesn't complain anymore and generate the appropriate classes :)

Hope this might help


0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now