Jboss EAP 4.3 + Java 1.6 + WS Client over https does not work
fernando.rubbo Mar 4, 2010 9:40 AMHi,
I’m accessing a WS over HTTPS. The code is this:
System.setProperty("javax.net.ssl.keyStoreType", "TAC");
// the ‘javax.net.ssl.keyStore’ and ‘javax.net.ssl.KeyStorePassword’ properties are not required because we are using an HSM (Hardware Security Module) which has its own file configuration.
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore", "c:\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
final NfeConsulta wsNfeConsulta = retrieveNfeConsulta();
final NfeConsultaSoap port = wsNfeConsulta. getNfeConsultaSoap()
return port.nfeConsultaNF(nfeCabecMsg, nfeDadosMsg);
// these classes were generated from the WSDL file using jboss wstools
The interesting point is that:
when I execute this code in the Java SE 1.6.0_17 environment, everything works. It goes to the WS over HTTPS and returns the data accordingly. However, when the same code is put on Jboss EAP 4.3 (inside an EJB stateless) it stops to work. The exception is the following:
javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:307)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:245)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
at $Proxy17.nfeConsultaNF(Unknown Source)
at br.com.zaffari.nfe.server.facade.NFeSefazFacade.nfeConsultaNF(NFeSefazFacade.java:93)
at br.com.zaffari.nfe.server.facade.ChecaConectividadeURLSefazTest.testURL_HOM_RS(ChecaConectividadeURLSefazTest.java:318)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.junit.internal.runners.TestMethodRunner.executeMethodBody(TestMethodRunner.java:99)
at org.junit.internal.runners.TestMethodRunner.runUnprotected(TestMethodRunner.java:81)
at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
at org.junit.internal.runners.TestMethodRunner.runMethod(TestMethodRunner.java:75)
at org.junit.internal.runners.TestMethodRunner.run(TestMethodRunner.java:45)
at org.junit.internal.runners.TestClassMethodsRunner.invokeTestMethod(TestClassMethodsRunner.java:66)
at org.junit.internal.runners.TestClassMethodsRunner.run(TestClassMethodsRunner.java:35)
at org.junit.internal.runners.TestClassRunner$1.runUnprotected(TestClassRunner.java:42)
at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
at org.junit.internal.runners.TestClassRunner.run(TestClassRunner.java:52)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:38)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
Caused by: java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:210)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:233)
... 25 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker. Invalid HTTP server response [403] - Forbidden. Response: Forbidden/403.
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:368)
at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:148)
at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:141)
at org.jboss.remoting.Client.invoke(Client.java:1858)
at org.jboss.remoting.Client.invoke(Client.java:718)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:189)
... 28 more
Caused by: org.jboss.ws.WSException: Invalid HTTP server response [403] - Forbidden
at org.jboss.ws.core.soap.SOAPMessageUnMarshaller.read(SOAPMessageUnMarshaller.java:77)
at org.jboss.remoting.transport.http.HTTPClientInvoker.readResponse(HTTPClientInvoker.java:548)
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:322)
... 33 more
That is a little obscure because in Java SE the code runs successfully. And inside of jboss it give me an exception saying HTTP 403. The question is: If my code is incorrect or may certificate is not valid, why I don’t have the same problem in pure Java SE environment? For me it seems that I’m lacking some Jboss configuration, but I’ve already tried the following (with no success, of course):
1) Set wsse properties, but had no success.
System.setProperty("org.jboss.ws.wsse.keyStoreType", "TAC");
System.setProperty("org.jboss.ws.wsse.trustStoreType", "JKS");
System.setProperty("org.jboss.ws.wsse.trustStore", trustStoreFile);
System.setProperty("org.jboss.ws.wsse.trustStorePassword", "changeit");
2) Deployed jboss-wsse-client.xml into the jar META-INF (along with jboss.xml file), but had no success
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/
jboss-ws-security_1_0.xsd">
<key-store-type>TAC</key-store-type>
<trust-store-file>c:\cacerts</trust-store-file>
<trust-store-password>changeit</trust-store-password>
<trust-store-type>jks</trust-store-type>
</jboss-ws-security>
// in the code I’ve added the following lines to Jboss use the file above
List<Handler> chain = new ArrayList<Handler>();
chain.add(new org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient());
((BindingProvider)port).getBinding().setHandlerChain(chain);
I think it is important to say that I could reproduce the error in the Java SE 1.6.0_17 environment setting the system property
-Djava.endorsed.dirs="C:\Desenv\Siz\jboss-eap.4.3\lib\endorsed"
Note that I’ve followed the bellow procedure, which could be found in the issue https://jira.jboss.org/jira/browse/JBPAPP-1272:
“JavaSE 6 includes includes support for JAX-WS, Version 2.1. Before starting your server, you need replace the APIs included in JDK 6 with the JBossWS jars by simply copying the following jars to
${JBOSS_HOME}/lib/endorsed from ${JBOSS_HOME}/server/production/lib:• jboss-jaxrpc.jar • jboss-jaxws.jar • jboss-saaj.jar”
It seems that some of the jars into jboss endorsed are making all this problem. But what should I do????
Any though will be appreciated,
Thanks in advanced
Fernando Rubbo