Version service error with clean Axis2 install on Tomcat

2
votes

I am an engineering student doing an internship. I must create a web service. It must:

  • use HTTPS
  • use Gzip in order to compress HTTPS data
  • use SOAP/ WSDL

I've never developed a web service before. I have chosen Tomcat + Axis for developing this project.

My OS is Windows 7, I have installed Tomcat 6.0 and configured HTTPS, and it works fine when I try to access Tomcat with a browser. I also configured the server for Gzip compression.

Next, I tried to install Axis, so I downloaded axis1.5.4.war and deployed it on the server. With my browser, I was able to access the Axis "welcome page" successfully, but when I clicked on "Validate," I got this:

There was a problem in Axis2 version service , may be the service not available or some thing has gone wrong. But this does not mean system is not working ! Try to upload some other service and check to see whether it is working. [sic]

To address this, I modified the Axis conf file on my server per this documentation.

I got this on my Eclipse console:

[INFO] Unable to sendViaPost to url[https://localhost/axis2/services/Version] org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How do I resolve this?

4
tomcatsslaxis2

4 Answers

1
votes

First off, the problem is almost certainly that the certificate you used to secure Tomcat is not signed by a standard CA. This can cost, but it's really not much and it makes the clients work much better. If you're using SSL in client-certificate mode (not the default, but easy to turn on) then you must also configure Tomcat to know about the signer (or signers) of the client certificates — well, unless they use standard CAs.

Perhaps it's easier if I explain it this way. When one end of an SSL (or HTTPS) connection uses a cryptographic certificate to prove who they are — servers always do this, and can request that clients do too — the other end gets a whole bag of signed assertions about who it is, but still needs to independently check that those assertions are true. This is done by checking who signed the assertions (and a few other things); if it was signed by someone who is trusted, i.e., a Certificate Authority, then the receiver of the crypto identity can know who they are really talking to.

That's an oversimplification though: certificates expire, there are usage restrictions, there can be chains of trust, and for HTTPS there are additional checks too. Yet ultimately it's all got to come down to “who am I talking to, and do I really trust them?” Cryptography helps a lot with that, but that does mean the trust root is required. By default, it's the client that needs the trust root (or roots), but with client-authenticated SSL it's both sides.

1
votes

The version service error is pretty common, and I encountered the exact same problem on my fresh install of axis2 & tomcat too.

Anways, to fix the Version Service error, open the axis2-web/HappyAxis.jsp and find the following line of code:

OMNamespace omNs = fac.createOMNamespace("http://axisversion.sample/xsd", "ns1");

Modify the above line to the following:

OMNamespace omNs = fac.createOMNamespace("http://axisversion.sample", "ns1");
0
votes

Refer Link: http://axis.apache.org/axis2/java/core/docs/servlet-transport.html

For each protocol (HTTP and/or HTTPS), an AxisServletListener instance must be declared in axis2.xml. If only a single protocol is used, no further configuration is required. For example, if only HTTP is used, the following declaration must be present in axis2.xml:

<transportReceiver name="http" class="org.apache.axis2.transport.http.AxisServletListener"/>

If both HTTP and HTTPS are used, then things become a bit more complicated. The reason is that in order to expose WSDLs with correct endpoint URIs, AxisServlet must know the ports used by HTTP and HTTPS. Unfortunately the servlet API doesn't allow a Web application to discover all configured protocols. It only provides information about the protocol, host name and port for the current request. If only a single AxisServletListener is configured, then this information is enough to let AxisServlet auto-detect the port number. If both HTTP and HTTPS are used (or if WSDLs are retrieved through transports other than AxisServlet), then AxisServlet has no way of knowing the port numbers until it has processed at least one request for each protocol. To make WSDL generation predictable in this scenario, it is necessary to explicitly configure the port numbers in axis2.xml, such as in the following example:

<transportReceiver name="http" class="org.apache.axis2.transport.http.AxisServletListener">
    <parameter name="port">80</parameter>
</transportReceiver>

<transportReceiver name="https" class="org.apache.axis2.transport.http.AxisServletListener">
    <parameter name="port">443</parameter>
</transportReceiver>
0
votes

You get this because the certificate you used to secure the axis2 service is not trusted. You need to import that public certificate or the CA cert that signed it to a key store and set the following two system properties - in your client code

System.setProperty("javax.net.ssl.trustStore", "path/to/keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "keystore_password");