2

I have a spring web application which has the following http header interceptor.

import org.springframework.ws.transport.context.TransportContext;
import org.springframework.ws.transport.context.TransportContextHolder;
import org.springframework.ws.transport.http.HttpUrlConnection;

public boolean handleRequest(MessageContext messageContext) throws WebServiceClientException {
    TransportContext context = TransportContextHolder.getTransportContext();
    HttpUrlConnection connection = (HttpUrlConnection) context
            .getConnection();

    String userCredentials = username + ":" + password;
    String basicAuth = "Basic " + new String(new Base64().encode(userCredentials.getBytes()));

    connection.getConnection().addRequestProperty("Authorization", basicAuth);

    return true;
}

How can I modify my code to ignore ssl certificates?

Shubham Sharma
  • 175
  • 2
  • 16
  • why do you need to ignore certificate? is it invalid/untrusted? Maybe this helps [How to disable SSL certificate checking with Spring RestTemplate?](https://stackoverflow.com/questions/23504819/how-to-disable-ssl-certificate-checking-with-spring-resttemplate) – pirho Oct 24 '17 at 06:42
  • Was trying to access an API which was accessible within the VPN. The certificates did not exist and the curls were working fine with **-k** flag. Was looking for ways to do it in code (WebServiceTemplate). – Shubham Sharma Oct 24 '17 at 07:03

1 Answers1

3

So Apparently I figured out a solution. I was using WebServiceTemplate to marshalSendAndReceive the response. Here's what I did in code:-

HttpsUrlConnectionMessageSender sender = new HttpsUrlConnectionMessageSender();
sender.setTrustManagers(new TrustManager[] { new UnTrustworthyTrustManager() });
webServiceTemplate.setMessageSender(sender);
response = webServiceTemplate.marshalSendAndReceive(object);

Following the UnTrustworthyTrustManager function

class UnTrustworthyTrustManager
        implements X509TrustManager
{
    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
    public void checkServerTrusted(X509Certificate[] arg0, String arg1)throws CertificateException {}
    public X509Certificate[] getAcceptedIssuers() { return null; }
}

By this the SSL certificates got ignored and i got rid of the error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Shubham Sharma
  • 175
  • 2
  • 16