WebServiceTemplate and SSL

[TylerColes]

My question is basically whether or not configuration of an XwsSecurityInterceptor and KeyStoreCallbackHandler is necessary in my situation, and if that could solve the issue I have.

I am using Spring WS (1.0.1, I think) in my app to interface with a credit card processor's SOAP web service. Naturally, the connection has to be SSL-secured. Generally this works well, but I sometimes run into the below exception (partial stack trace provided, there's a ton more if anyone really wants to see it).

The problem starts if I redeploy the application in the server, but goes away after I restart the server. My thought is that without the key store explicitly defined in the Spring config, maybe Spring WS is not automatically picking up the server's key store on redeploys? The config I'm using is given below, as well as a snippet of code that actually sends the request, though it's nothing special.

Normally I would just try it out and see if it works, but I'm very confused as to why this even works (when it does) if such configuration is required. Thanks for your help!

Exception:

Code:

org.springframework.ws.client.WebServiceIOException: I/O error: sun.security.validator.ValidatorException: No trusted certificate found; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Caused by:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:839)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
        at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:71)
        at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(AbstractSenderConnection.java:93)
        at org.springframework.ws.transport.TransportOutputStream.getOutputStream(TransportOutputStream.java:41)
        at org.springframework.ws.transport.TransportOutputStream.close(TransportOutputStream.java:48)
        at org.springframework.ws.transport.AbstractWebServiceConnection.send(AbstractWebServiceConnection.java:40)
        at org.springframework.ws.client.core.WebServiceTemplate.sendRequest(WebServiceTemplate.java:539)
        at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:397)
        at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:350)
        at org.springframework.ws.client.core.WebServiceTemplate.sendSourceAndReceiveToResult(WebServiceTemplate.java:296)
        at org.springframework.ws.client.core.WebServiceTemplate.sendSourceAndReceiveToResult(WebServiceTemplate.java:287)

Web Service Config:

Code:

<bean id="wsTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
  <property name="messageFactory">
    <bean class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />
  </property>
  <property name="messageSender">
    <bean id="messageSender" class="org.springframework.ws.transport.http.HttpUrlConnectionMessageSender" />	
  </property>
  <property name="defaultUri" value="${service.url}" />
</bean>

Code Snippet:

Code:

DOMSource source = new DOMSource(doc);
DOMResult result = new DOMResult();
getWebServiceTemplate().sendSourceAndReceiveToResult(source, usernameTokenCallback, result);

[jonnio]

What app server are you using? It would be strange that redeploy wouldn't work while restart would...that points to a resourcing issue for the certificate store, I think. Everything else should be 'static' or stateless.

[TylerColes]

It's Sun App Server EE 8.1. It just seems strange that everything's fine if the application has already been deployed when the server starts up, but if I redeploy it dies.