Skip to Main Content
Forums

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

403 Forbidden error when invoking one-way SSL web service

843833Aug 7 2008
Hi,

I created a simple HelloWorld web service in Netbeans. I selected "Secure Web Service" from the properties window, and selected "Transport Security (SSL)" as its security mechanism.

I then created a Web Service Client for that service, and successfully introspected the web service. I also used code in the client to accept all certificates.

When I invoke the service, I get an exception:

com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 403: Forbidden

This shouldn't be, as this is supposed to be 1-way SSL. Here's my code, but I don't think the problem resides there (I'm just providing to demonstrate how I'm accepting all certs):


/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/

package ssltest;
import java.io.*;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.HttpsURLConnection;
import javax.xml.soap.*;
import javax.xml.ws.soap.*;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import com.sun.xml.ws.client.*;

/**
*
* @author tcantone
*/
public class SSLTest {
public static void main(String argv[]) {

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
System.out.println("In getAcceptedIssuers");
return null;
}
public void checkClientTrusted( X509Certificate[] certs,
String authType ) {
System.out.println("In checkClientTrusted");
}

public void checkServerTrusted( X509Certificate[] certs,
String authType) {
System.out.println("In checkServerTrusted");
}
}
};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname,
javax.net.ssl.SSLSession sslSession) {
System.out.println("Hostname is: " + hostname);

return true;
}
}
);


} catch (Exception e) {
e.printStackTrace();
}


try { // Call Web Service Operation
ssltest.HelloWorldSSLService service = new ssltest.HelloWorldSSLService();
ssltest.HelloWorldSSL port = service.getHelloWorldSSLPort();
// TODO process result here
java.lang.String result = port.sayHelloWorldOverSSL();
System.out.println("Result = "+result);
} catch( ClientTransportException cte ) {
System.err.println(cte);
} catch (Exception ex) {
// TODO handle custom exceptions here
ex.printStackTrace();
}


}
}
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 4 2008
Added on Aug 7 2008
#java-technologies-for-web-services
0 comments
263 views