13 Replies Latest reply on Jan 16, 2009 10:17 AM by jaikiran

    JBoss 5 SSL

    venuwin

      Hi,

      We have a simple war file deployed on Jboss 5.
      It runs on default configuration.

      The issue is that when i switch from HTTP page to HTTPS page, it is not able to connect and throws "Data transfer interrupted". From the failed URL, i can see that it tries to connect to 8443 when i had configured for 443.

      Server.xml code block:

       <!-- A HTTP/1.1 Connector on port 8080 -->
       <Connector protocol="HTTP/1.1" port="80" address="${jboss.bind.address}"
       connectionTimeout="20000" redirectPort="443" />
      
       <!-- Add this option to the connector to avoid problems with
       .NET clients that don't implement HTTP/1.1 correctly
       restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
       -->
      
       <!-- A AJP 1.3 Connector on port 8009 -->
       <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
       redirectPort="8443" />
      
       <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
       <Connector protocol="HTTP/1.1" SSLEnabled="true"
       port="443" address="${jboss.bind.address}"
       scheme="https" secure="true" clientAuth="false"
       keystoreFile="/mnt/opt/jboss-5.0.0.GA/server/default/conf/chap8.keystore"
       keystorePass="rmi+ssl" sslProtocol = "TLS" />


      When i alter the URL in the browser to point to 443 for the same HTTPs url, it works.

      Please help

      Thanks
      Venu



        • 1. Re: JBoss 5 SSL
          venuwin

          Hi,

          This issue prevails only for Jboss5. Not for JBoss 4.
          In case of JBoss 5 - On windows machine it works, but not on linux box.

          Any idea ?

          • 2. Re: JBoss 5 SSL
            jaikiran

             

            The issue is that when i switch from HTTP page to HTTPS page

            How do you do that? Through code? Through configuration? I might be asking a dumb question, but sorry i am not good at this :)


            • 3. Re: JBoss 5 SSL
              venuwin

              Hi jaikiran,

              I could not get your question. Please elaborate

              • 4. Re: JBoss 5 SSL
                jaikiran

                I meant how do you switch from HTTP page to HTTPS page?

                • 5. Re: JBoss 5 SSL
                  venuwin

                  Jai,

                  Please see this below :

                  
                   <security-constraint>
                   <web-resource-collection>
                   <web-resource-name>Protected Area</web-resource-name>
                   <url-pattern>/app/secure</url-pattern>
                   <http-method>GET</http-method>
                   <http-method>POST</http-thod>
                   </web-resource-collection>
                   <user-data-constraint>
                   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                   </user-data-constraint>
                   </security-constraint>


                  The web server will automatically make the URL use HTTPS if it finds this URL pattern

                  • 6. Re: JBoss 5 SSL
                    jaikiran

                    Thanks, that helps understand the flow :)

                    And now based on your configuration:

                    <!-- A HTTP/1.1 Connector on port 8080 -->
                     <Connector protocol="HTTP/1.1" port="80" address="${jboss.bind.address}"
                     connectionTimeout="20000" redirectPort="443" />
                    


                    The redirectPort here, says that if a

                    redirectPort: Names the TCP/IP port number to which a request should be redirected, if it comes in on a non-SSL port, and is subject to a security constraint with a transport guarantee that requires SSL.


                    So when you are moving from HTTP to HTTPS, it should have redirected to 443 instead of 8443.

                    Can you post the relevant part from the console logs which shows log messages like this just when the server has started:

                    17:33:03,218 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
                    17:33:03,238 INFO [AjpProtocol] Starting Coyote AJP/1.3 on ajp-0.0.0.0-8009
                    17:33:03,259 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8443
                    17:33:03,269 INFO [ServerImpl] JBoss (Microcontainer) [5.0.0.GA (build: SVNTag=JBoss_5_0_0_GA date=200812041714)] Started in 40s:150ms


                    And more importantly, are you using the ServiceBindingManager to change the default port configurations which JBoss uses?

                    • 7. Re: JBoss 5 SSL
                      venuwin

                      Jaikiran,

                      this is the log

                      2009-01-16 01:32:34,646 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatService] (main) Saw org.jboss.system.server.started notification, starting connectors
                      2009-01-16 01:32:34,657 INFO [org.apache.coyote.http11.Http11Protocol] (main) Starting Coyote HTTP/1.1 on http-10.253.194.4-80
                      2009-01-16 01:32:34,698 INFO [org.apache.coyote.ajp.AjpProtocol] (main) Starting Coyote AJP/1.3 on ajp-10.253.194.4-8009
                      2009-01-16 01:32:34,967 INFO [org.apache.coyote.http11.Http11Protocol] (main) Starting Coyote HTTP/1.1 on http-10.253.194.4-443
                      2009-01-16 01:32:34,982 INFO [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontainer) [5.0.0.GA (build: SVNTag=JBoss_5_0_0_GA date=200812041714)] Started in 3m:2s:959ms
                      


                      I am not using ServiceBindingManager . I have not used it in Jboss4 also. But still it works.

                      Please throw some light on it .

                      Thanks
                      Venu

                      • 8. Re: JBoss 5 SSL
                        jaikiran

                         

                        "venuwin" wrote:

                        In case of JBoss 5 - On windows machine it works, but not on linux box.



                        Looks like an iptable issue then? I am not great at Linux or networking, you might want get in touch with your network administrator who might be able to figure out if the port is being redirected.

                        • 9. Re: JBoss 5 SSL
                          venuwin

                          Jai,

                          You mmmmannnnnnnnnn, lightning fast replies. Thanks for the support.
                          Let me check with some linux fundu guys and get back to you.

                          Thanks
                          Venu

                          • 10. Re: JBoss 5 SSL
                            venuwin

                            Jaikiran,

                            saw in some forums that you have discussed about port configuration on jboss.
                            None of the references that i came across helped.

                            Can u let me know the best way to control ports in Jboss 5 and samples/help docs if any.

                            thanks

                            • 12. Re: JBoss 5 SSL
                              venuwin

                              Though it is not relevant to this thread, could you please tell me why we have to bind the server to an IP address if we have to access from remote computer in case of Jboss 4.2 and later.

                              In Jboss4.0, just "sh run.sh" would start the server and still i can access it from a remote computer.

                              In Jboss 4.2 and later, if i do the above, i can only access the application from the local machine but not from remote. Any clue?

                              • 13. Re: JBoss 5 SSL
                                jaikiran