Need help: Errors during SSL connection
oggmeister Jun 27, 2008 9:09 AMHi,
I'm using Seam 2.0.2.SP1 on JBossAS 4.2.2.GA and want to publish some web services. Communication shall be encrypted using SSL. So I'm trying to follow the instructions at http://jbws.dyndns.org/mediawiki/index.php?title=Secure_transport.
After finally getting the server running with SSL, my client is now unable to connect.
If I configure the SSL connector in the server.xml as suggested in the article:
<Connector port="8443" address="${jboss.bind.address}" maxThreads="100" minSpareThreads="5" maxSpareThreads="15" scheme="https" secure="true" clientAuth="want" keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore" keystorePass="symtaweb" truststoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore" truststorePass="symtaweb" sslProtocol = "TLS" />
the result is:
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119) at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:128) at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74) at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581) at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540) at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525) at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422) at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235) at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210) at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103) at $Proxy29.login(Unknown Source) at com.symtavision.test.jbossws.Test.main(Test.java:32) Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:107) ... 13 more Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789) ... 21 more
And when using the default configuration:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\.keystore" keystorePass="symtaweb" />
I get this:
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197) at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137) at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74) at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581) at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540) at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525) at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422) at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235) at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210) at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103) at $Proxy29.login(Unknown Source) at com.symtavision.test.jbossws.Test.main(Test.java:32)
I'm setting the required system properties programmatically instead of using XML configuration:
public static void main(String[] args) { System.setProperty("javax.net.ssl.keyStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore"); System.setProperty("javax.net.ssl.trustStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "symtaweb"); System.setProperty("javax.net.ssl.trustStorePassword", "symtaweb"); System.setProperty("javax.net.ssl.keyStoreType", "jks"); System.setProperty("javax.net.ssl.trustStoreType", "jks"); // obtain proxy LoginService loginService = new LoginServiceService() .getLoginServicePort(); // maintain Session ((BindingProvider) loginService).getRequestContext().put( BindingProvider.SESSION_MAINTAIN_PROPERTY, true); // *** regular method calls *** // System.out.println("logging in... \n \t success: " + loginService.login("daniel", "")); System.out.println("still logged in?\n\t" + loginService.isLoggedin()); System.out.println("logging out... \n \t success: " + loginService.logout()); System.out.println("still logged in?\n\t" + loginService.isLoggedin()); }
And I was not able to set the @SecurityDomain("JBossWS") annotation in the server class. (I don't know which jar to import ...)
Tanks for any help!