0 Replies Latest reply on Mar 14, 2012 7:26 PM by kgoedert

    jboss 6.1 and duplicated web services requests

    kgoedert
    kgoedert Mar 14, 2012 7:26 PM

      I have several mule services exposed as web services on a jboss 6.1.0 server. It is working. Now I need that the access to these web services be secured by a certificate.

      So in jboss a configured a base cert login module like thishttp://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/index.html#sect-BaseCertLoginModule

      and the application's web.xml looks like this:

       

      <web-app
          xmlns="http://java.sun.com/xml/ns/j2ee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee web-app_2_4.xsd"
          version="2.4">

          <context-param>
              <param-name>org.mule.config</param-name>
              <param-value>
                  //xml files with configs
              </param-value>
          </context-param>

          <listener>
              <listener-class>org.mule.config.builders.MuleXmlBuilderContextListener</listener-class>
          </listener>

          <servlet>
              <servlet-name>muleServlet</servlet-name>
              <servlet-class>org.mule.transport.servlet.MuleReceiverServlet</servlet-class>
              <load-on-startup>1</load-on-startup>
          </servlet>

          <servlet-mapping>
              <servlet-name>muleServlet</servlet-name>
              <url-pattern>/myapp/*</url-pattern>
          </servlet-mapping>

          <mime-mapping>
              <extension>wsdl</extension>
              <mime-type>text/xml</mime-type>
          </mime-mapping>

          <mime-mapping>
              <extension>xsd</extension>
              <mime-type>text/xml</mime-type>
          </mime-mapping>

          <security-constraint>
              <web-resource-collection>
                  <web-resource-name>action</web-resource-name>
                  <url-pattern>/*</url-pattern>
                  <http-method>HEAD</http-method>
                  <http-method>GET</http-method>
                  <http-method>POST</http-method>
                  <http-method>PUT</http-method>
                  <http-method>DELETE</http-method>
              </web-resource-collection>
              <auth-constraint>
                  <role-name>myrole</role-name>
              </auth-constraint>
              <user-data-constraint>
                  <description>no description</description>
                  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
          </security-constraint>

          <login-config>
              <auth-method>CLIENT-CERT</auth-method>
          </login-config>

          <security-role>
              <description></description>
              <role-name>myrole</role-name>
          </security-role>

      </web-app>


       

       

       

       

       

      If I try to access any of the web services I get this stack trace on jboss, and 4 requests are made to my web service:

       

      13:49:24,538 WARN  [org.apache.tomcat.util.net.jsse.JSSESocketFactory] SSL renegotiation is disabled, closing connection
      13:49:24,595 WARN  [org.apache.tomcat.util.net.jsse.JSSESocketFactory] SSL renegotiation is disabled, closing connection
      13:49:24,597 INFO  [org.apache.tomcat.util.net.jsse.JSSESupport] SSL Error getting client Certs: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Socket closed
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1293) [:1.6]
                at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65) [:1.6]
                at java.io.InputStream.read(InputStream.java:85) [:1.6.0_26]
                at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java:162) [:6.1.0.Final]
                at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:138) [:6.1.0.Final]
                at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1144) [:6.1.0.Final]
                at org.apache.coyote.Request.action(Request.java:352) [:6.1.0.Final]
                at org.apache.catalina.connector.Request.getCertificateChain(Request.java:1112) [:6.1.0.Final]
                at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:132) [:6.1.0.Final]
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.1.0.Final]
                at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
                at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
                at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.1.0.Final]
                at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:159) [:6.1.0.Final]
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.1.0.Final]
                at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.1.0.Final]
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.1.0.Final]
                at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.1.0.Final]
                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.1.0.Final]
                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.1.0.Final]
                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.1.0.Final]
                at java.lang.Thread.run(Thread.java:662) [:1.6.0_26]
      Caused by: javax.net.ssl.SSLException: java.net.SocketException: Socket closed
                at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) [:1.6]
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649) [:1.6]
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1612) [:1.6]
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1576) [:1.6]
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1521) [:1.6]
                at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:86) [:1.6]
                ... 22 more
      Caused by: java.net.SocketException: Socket closed
                at java.net.SocketInputStream.socketRead0(Native Method) [:1.6.0_26]
                at java.net.SocketInputStream.read(SocketInputStream.java:129) [:1.6.0_26]
                at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) [:1.6]
                at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) [:1.6]
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798) [:1.6]
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:755) [:1.6]
                at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75) [:1.6]
                ... 22 more

       

      If I remove the security part of the web.xml only one request is made, but I get no security constraints of course.

      Can anybody help?

      Kelly