jboss 6.1 and duplicated web services requests
kgoedert Mar 14, 2012 7:26 PMI have several mule services exposed as web services on a jboss 6.1.0 server. It is working. Now I need that the access to these web services be secured by a certificate.
So in jboss a configured a base cert login module like thishttp://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/index.html#sect-BaseCertLoginModule
and the application's web.xml looks like this:
<web-app
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee web-app_2_4.xsd"
version="2.4">
<context-param>
<param-name>org.mule.config</param-name>
<param-value>
//xml files with configs
</param-value>
</context-param>
<listener>
<listener-class>org.mule.config.builders.MuleXmlBuilderContextListener</listener-class>
</listener>
<servlet>
<servlet-name>muleServlet</servlet-name>
<servlet-class>org.mule.transport.servlet.MuleReceiverServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>muleServlet</servlet-name>
<url-pattern>/myapp/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>wsdl</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xsd</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>action</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<description></description>
<role-name>myrole</role-name>
</security-role>
</web-app>
If I try to access any of the web services I get this stack trace on jboss, and 4 requests are made to my web service:
13:49:24,538 WARN [org.apache.tomcat.util.net.jsse.JSSESocketFactory] SSL renegotiation is disabled, closing connection
13:49:24,595 WARN [org.apache.tomcat.util.net.jsse.JSSESocketFactory] SSL renegotiation is disabled, closing connection
13:49:24,597 INFO [org.apache.tomcat.util.net.jsse.JSSESupport] SSL Error getting client Certs: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Socket closed
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1293) [:1.6]
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65) [:1.6]
at java.io.InputStream.read(InputStream.java:85) [:1.6.0_26]
at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java:162) [:6.1.0.Final]
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:138) [:6.1.0.Final]
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1144) [:6.1.0.Final]
at org.apache.coyote.Request.action(Request.java:352) [:6.1.0.Final]
at org.apache.catalina.connector.Request.getCertificateChain(Request.java:1112) [:6.1.0.Final]
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:132) [:6.1.0.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.1.0.Final]
at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.1.0.Final]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:159) [:6.1.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.1.0.Final]
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.1.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.1.0.Final]
at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.1.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.1.0.Final]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.1.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.1.0.Final]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_26]
Caused by: javax.net.ssl.SSLException: java.net.SocketException: Socket closed
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1612) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1576) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1521) [:1.6]
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:86) [:1.6]
... 22 more
Caused by: java.net.SocketException: Socket closed
at java.net.SocketInputStream.socketRead0(Native Method) [:1.6.0_26]
at java.net.SocketInputStream.read(SocketInputStream.java:129) [:1.6.0_26]
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) [:1.6]
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:798) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:755) [:1.6]
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75) [:1.6]
... 22 more
If I remove the security part of the web.xml only one request is made, but I get no security constraints of course.
Can anybody help?
Kelly