9 Replies Latest reply on Jul 30, 2008 5:26 AM by ropalka

    problem with calling ssl web service

    hugo_th02

      Hello all,
      I've successfully deploy jboss web service using ssl. But when calling this ssl web service from standalone client, i got error at client side as follow:

      Exception in thread "main" javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:304)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:242)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
       at $Proxy10.sslMethod(Unknown Source)
       at jb.secure.ws.client.TestMain.main(TestMain.java:26)
      Caused by: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:192)
       at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
       at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:322)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:230)
       ... 4 more
      Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:332)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
       at org.jboss.remoting.Client.invoke(Client.java:1550)
       at org.jboss.remoting.Client.invoke(Client.java:530)
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:171)
       ... 7 more
      Caused by: org.jboss.ws.WSException: Invalid HTTP server response [401] - Unauthorized
       at org.jboss.ws.core.soap.SOAPMessageUnMarshaller.read(SOAPMessageUnMarshaller.java:72)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.readResponse(HTTPClientInvoker.java:472)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:304)
       ... 12 more
      


      what does it mean, and how to solve this? Please help me.
      Thanks.

        • 1. Re: problem with calling ssl web service
          ropalka

          Hi,

          you have to setup stub properties:

          MyService port = (MyService)service.getPort(portName, MyService.class);
          Stub stub = (Stub)port;
          stub._setProperty(Stub.USERNAME_PROPERTY, USERNAME);
          stub._setProperty(Stub.PASSWORD_PROPERTY, PASSWORD);
          port.myMethodCall();
          


          Richard

          • 2. Re: problem with calling ssl web service
            hugo_th02

            thanks, Richard!
            I've solved this problem...

            • 3. Re: problem with calling ssl web service
              rapowder

              hugo_th02 how did you manage to configure an ssl webservice?
              I tried to edit the jboss-beans.xml file at the following lines

              <property name="webServiceHost">${jboss.bind.address}</property>
              <property name="alwaysModifySOAPAddress">true</property>
              <property name="webServiceSecurePort">8443</property>
              <property name="webServicePort">8080</property>


              in any way, but my WSDL file always generates a sop:adress in http

              <service name="MyWebServiceBeanService">
               <port binding="tns:MyWebServiceBeanBinding" name="MyWebServiceBeanPort">
               <soap:address location="http://my_host_name:8080/MyWebServiceBean"/>
               </port>
              </service>


              I'd actually like to have

              <soap:address location="https://www.myserver.com:8443/MyWebServiceBean"/>


              I can hardcode www.myserver.com in the webServiceHost parameter, but no way to set https as protocol and port 8443

              Any ideas? Please help, it's urgent!

              Cheers,
              Andrea

              • 4. Re: problem with calling ssl web service
                rouvas

                Place a transport-guarantee element in your web.xml, thus:

                <security-constraint>
                 <web-resource-collection>
                 <web-resource-name>All resources</web-resource-name>
                 <url-pattern>/YOUR_PATH</url-pattern>
                 </web-resource-collection>
                 <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                 </user-data-constraint>
                </security-constraint>
                


                in the above replace YOUR_PATH with the appropriate value for your case.

                -Stathis

                • 5. Re: problem with calling ssl web service
                  rapowder

                  Thank you for your quick answer!

                  However I am not sure to understand what to put in the url-pattern parameter. All my interfaces are accessible through:

                  https://myserver.com:8443/interfaces/InterfaceBean

                  I tried just to test with

                  <url-pattern>/interfaces/*</url-pattern>


                  and also specifically with

                  <url-pattern>/interfaces/InterfaceBean1</url-pattern>


                  leaving the jboss-beans.xml file as I posted before, but with no success..
                  what is it that I have to put in the url-pattern?

                  Thank you


                  • 6. Re: problem with calling ssl web service
                    rouvas

                    You posted that your interfaces are accessible through

                    https://myserver.com:8443/interfaces/InterfaceBean
                    

                    but in the url-pattern you stated
                    /interfaces/InterfaceBean1
                    

                    see the "1" at the end?

                    I've managed to get it working using the following settings:

                    file ${JBOSS_HOME}/server/default/deploy/jboss-web.deployer/server.xml

                    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                     maxThreads="150" scheme="https" secure="true"
                     clientAuth="false" sslProtocol="TLS"
                     keystoreFile="${jboss.server.home.dir}/server.keystore"
                     keystorePass="welcome"
                     />
                    


                    and in my web.xml

                    <?xml version="1.0" encoding="UTF-8"?>
                    <web-app>
                    
                     <servlet>
                     <servlet-name>adder</servlet-name>
                     <servlet-class>gr.rouvas.adder</servlet-class>
                     </servlet>
                     <servlet-mapping>
                     <servlet-name>adder</servlet-name>
                     <url-pattern>/adder</url-pattern>
                     </servlet-mapping>
                    
                    <security-constraint>
                     <web-resource-collection>
                     <web-resource-name>All resources</web-resource-name>
                     <url-pattern>/adder</url-pattern>
                     </web-resource-collection>
                     <user-data-constraint>
                     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                     </user-data-constraint>
                    </security-constraint>
                    
                    </web-app>
                    


                    in my case, it is a POJO web service.

                    -Stathis

                    • 7. Re: problem with calling ssl web service
                      rapowder

                      The '1' is not a mistake, it was just an example to tell you that I have different webservices under different paths with the same root:

                      /interfaces/InterfaceBean1
                      /interfaces/InterfaceBean2
                      etc.


                      I am not sure whether this was clear, but that those are webservices listening to SOAP calls and the problem is that the associated wsdl files are not correctly generated by JBoss.

                      I also have the same configuration in server.xml, and I also have a redirection from http://...:8080 to https://...:8443, which works correctly for my web client.

                      I was actually wondering if the configuration is possible through jws annotations... Let me post you some more code, maybe this will help...
                      Here one of the interface beans:

                      import javax.ejb.Stateless;
                      import javax.jws.WebMethod;
                      import javax.jws.WebParam;
                      import javax.jws.WebService;
                      import javax.jws.soap.SOAPBinding;
                      
                      @Stateless
                      @WebService
                      @SOAPBinding(style = SOAPBinding.Style.RPC)
                      public class GenericInterfaceAgentBean implements GenericInterfaceAgent {
                      
                       @WebMethod
                       public String sessionLogin(
                       @WebParam(name = "pUsername")String user,
                       @WebParam(name = "pPassword")String pass
                       ) { ... }
                      
                      ....
                      
                      }
                      


                      When I restart JBoss, a wsdl file is generated under the path:

                      jboss\server\myconf\data\wsdl\myapp.ear\myapp.jar\GenericInterfaceAgentBeanServiceXXX.wsdl


                      and the wsdl file contains (useful pieces of code)
                      (srv11 is the hostname of my server)


                      <?xml version="1.0" encoding="UTF-8"?>
                      <definitions name="GenericInterfaceAgentBeanService"
                      targetNamespace="http://beans.generic.interfaces.system.myserver.com/"
                      xmlns:tns="http://beans.generic.interfaces.system.myserver.com/"
                      xmlns:ns1="http://jaxb.dev.java.net/array"
                      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                      xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
                      xmlns="http://schemas.xmlsoap.org/wsdl/">
                      
                      ...
                      
                       <service name="GenericInterfaceAgentBeanService">
                       <port name="GenericInterfaceAgentBeanPort" binding="tns:GenericInterfaceAgentBeanBinding">
                       <soap:address location="http://srv11:8080/interfaces/GenericInterfaceAgentBean"/>
                       </port>
                       </service>
                      
                      


                      but what I would like is

                      
                      ...
                      
                       <service name="GenericInterfaceAgentBeanService">
                       <port name="GenericInterfaceAgentBeanPort" binding="tns:GenericInterfaceAgentBeanBinding">
                       <soap:address location="https://www.myserver.com:8443/interfaces/GenericInterfaceAgentBean"/>
                       </port>
                       </service>
                      
                      


                      • 8. Re: problem with calling ssl web service
                        lujop

                        I've the same problem. Someone has any workarround?

                        I submitted a bug in the JIRA:
                        http://jira.jboss.org/jira/browse/JBWS-2216

                        • 9. Re: problem with calling ssl web service
                          ropalka

                          See JBWS-2216 last comment if still confused how to correctly set up everything.