asked on

how to call web services from Struts framework 1.1

Dear Team,

We created a test project (Java project and Server is Tomcat Apache) to call a web services using axis client and its running perfectly. .

But the same code is not working into our development scenario( i.e. web based project -having Framework -Struts 1.1 and server-IBM Web sphere V8.0 ) where we are trying to call the same web services using Axis client. We are getting an error.
"Exception in thread "main" java.lang.NoClassDefFoundError: sun.security.provider.Sun" .

What extra jar files we imported in Java project the same we imported here in our development application.

Please find the attached sample code and guide us ASAP.

Regards,
Kalpana
Need-Help-Web-services.zip

mccarl

The problem is that the SocketFactory that you are trying to use (org.apache.axis.components.net.SunFakeTrustSocketFactory) refers to the class in question (sun.security.provider.Sun) explicitly. Now that class is available in the JRE that you are using with Tomcat but under IBM Websphere it isn't.

Have you tried writing your own SocketFactory implementation, to ignore certificates but not using specific Sun classes. The below is one that I found on a quick Google search...

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;

public class FakeSSLSocketFactory extends SSLSocketFactory {
    SSLContext sslContext = SSLContext.getInstance("TLS");

   public FakeSSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        super(truststore);

       TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

           public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

           public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };

       sslContext.init(null, new TrustManager[] {
            tm }, null);
    }

   public static SSLSocketFactory getInstance() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        return new SSLSocketFactory(new TrustStrategy() {
            public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
                return true;
            }
       }, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    }

   @Override
    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
    }

   @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
    }
}

Open in new window

vbalajittl

ASKER

Dear User,
Thanks for you immediate reply on our issue.
We copied this program and pasted into our development. We added one jar
apache-httpcomponents-httpclient.jar but still giving some errors.
Pls go thro' the attached and guide us, refer both sub sheet(Error and Program we used)

Regards,
Kalpana
Error-we-got.xlsx

mccarl

The code I gave you is correct, those errors are due to the changes that you have made. Make sure that you add the apache httpclient jar that is at least version 4.1 (and it's dependencies)

vbalajittl

ASKER

Hi,
We removed the comments from the original code and updated the jar as you suggested.
But still facing the same issue. Pls refer the attached and guide us.
Is there any other way to call web service?FYI, We don't have IBM HTTP Server.

Regards,
Kalpana
Error-we-got-15-Jun-2013.xlsx

mccarl

Again, still NOT the code that I gave you.... And again, the errors are the result. Just Copy and Paste the ENTIRE code that I have you into a file called FakeSSLSocketFactory.java (and set your package correctly if you want in a specific package)

As just one example, your code has some TODO lines but if you look above, no where will you find the word TODO.

vbalajittl

ASKER

Hi,
Your current class working properly, we don't want to use SSL certificate and its still showing error about the SSL Certificate. Is there any method so we can access this web service without any client authentication or without SSL certificate?

Please help us and refer the attached.

Regards,
Kalpana
Error-and-code-17-jun-2013.xlsx

ASKER CERTIFIED SOLUTION

mccarl

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

vbalajittl

ASKER

Hi,

We already tried these commented lines of code, same error message displayed that I already share you on yesterday. I already tried to set those system properties but it wont work.

Thanks,
Kalpana

mccarl

Are you sure when you tried setting the other system properties that the changes were properly applied? Because at worst you should have received a "different" error message. If you received the same AxisProperties error "XXXX doesn't implement YYYY" then the code mustn't have changed because it was still trying to set the AxisProperties.

Oh, unless I wasn't clear, I meant to use ONLY the System.setProperty lines ie. have the AxisProperties.setProperty line commented out, you don't need that one!

Otherwise, I am at a loss... And I can't really debug further as I don't have YOUR actual environment!

vbalajittl

ASKER

Hi,

Thanks for your replay,

See, when we set AxisProperties.setProperty then it gives error message like "XXXX doesn't implement YYYY" but if we set System.setProperty then it just give SSL certificate error. We use your above code with AxisProperties.setProperty and it works properly because this time it not give error like "XXXX doesn't implement YYYY".

I have read about IBM WAS server, they have there own Jre means they customize the whole jre, they dont support some security classes that default provided by Oracle Jre.

Thats why I also tried the IBM Class that they are used in AXIS jar.

---> AxisProperties.setProperty("axis.socketSecureFactory",
"org.apache.axis.components.net.IBMFakeTrustSocketFactory");

But its didn't work its also display SSL Certificate error.

At the end, when any program executes properly it will ask for SSL Certificate.

Is there any way, we can run our program without any SSL Certificate, because we are using IBM Web application server not IBM HTTP server.

On the net I have read all the SSL configuration/settings is available for the IBM HTTP server and not for the IBM application server.

Thanks,
Kalpana

vbalajittl

ASKER

I've requested that this question be closed as follows:

Accepted answer: 0 points for vbalajittl's comment #a39269250

for the following reason:

This solution helped us

vbalajittl

ASKER

Hello team,
With the help of last suggestion and we did some configuration setting in WAS for certificate we got the expected solution.

Regards,
Kalpana

vbalajittl

ASKER

Thanks

Regards,
Kalpana

vbalajittl

ASKER

It helped us to achieve the solution.

Regards,
Kalpana