1 Reply Latest reply on Jul 21, 2014 6:52 AM by miromiro

    eap 6.3.0.Alpha - SSL file upload problem

    miromiro
    miromiro Jul 4, 2014 6:49 AM

      Hello,

      we have upgraded our application platform from jboss-4.2.3.GA to eap 6.3.0.Alpha and are experiencing errors during file upload (multipart POST request) via https.

      We use jboss seam 2.3.1 and richfaces 3.3.4.

      Uploading via http works fine, I have tried to upload a 20MB file with no problem.

      However when uploading files larger than 5KB via https we're getting this server log:

       

      14:48:24,532 DEBUG [org.apache.coyote.http11] (http-/0.0.0.0:8443-63) JBWEB003064: Error during blocking read: java.io.IOException: JBWEB002048: Unable to unwrap data, invalid status BUFFER_OVERFLOW

              at org.apache.tomcat.util.net.jsse.SecureNioChannel.unwrap(SecureNioChannel.java:591) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.tomcat.util.net.jsse.SecureNioChannel.readBytes(SecureNioChannel.java:134) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.InternalNioInputBuffer.blockingRead(InternalNioInputBuffer.java:504) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.InternalNioInputBuffer.fill0(InternalNioInputBuffer.java:449) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.InternalNioInputBuffer.fill(InternalNioInputBuffer.java:417) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.AbstractInternalInputBuffer.parseHeader(AbstractInternalInputBuffer.java:466) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.AbstractInternalInputBuffer.parseHeaders(AbstractInternalInputBuffer.java:446) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:324) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:911) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.tomcat.util.net.NioEndpoint$ChannelProcessor.run(NioEndpoint.java:920) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [rt.jar:1.7.0_55]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [rt.jar:1.7.0_55]

              at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_55]

      14:48:24,533 DEBUG [org.apache.catalina.authenticator] (http-/0.0.0.0:8443-63) Security checking request PET /dbmcntdb/dbm/images/background-gray-gradient.png

      14:48:24,533 DEBUG [org.apache.catalina.realm] (http-/0.0.0.0:8443-63)   Checking constraint 'SecurityConstraint[dbmcntdb]' against PET /dbm/images/background-gray-gradient.png --> true

      14:48:24,533 DEBUG [org.apache.catalina.realm] (http-/0.0.0.0:8443-63)   Checking constraint 'SecurityConstraint[dbmcntdb]' against PET /dbm/images/background-gray-gradient.png --> true

       

      where the mysterious PET request shows with different resources...

       

      Maybe this DEBUG log -which is quite similar to the previous one- is worth mentioning (it is logged after every HTTP request)  (it's caused by not having client certificate allegedly):

      15:21:09,866 DEBUG [org.apache.tomcat.util] (http-/0.0.0.0:8443-50) Error getting client certs: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

              at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) [jsse.jar:1.7.0_55]

              at org.apache.tomcat.util.net.jsse.NioJSSESupport.getX509Certificates(NioJSSESupport.java:125) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.tomcat.util.net.jsse.NioJSSESupport.getPeerCertificateChain(NioJSSESupport.java:112) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.Http11NioProcessor.requestSSLAttr(Http11NioProcessor.java:647) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.Http11NioProcessor.action(Http11NioProcessor.java:830) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.Request.action(Request.java:362) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.catalina.connector.Request.getAttribute(Request.java:1133) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.catalina.connector.Request.getAttributeNames(Request.java:1187) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.catalina.connector.RequestFacade.getAttributeNames(RequestFacade.java:279) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at com.sun.faces.application.WebappLifecycleListener.requestDestroyed(WebappLifecycleListener.java:108) [jsf-impl-2.1.27-jbossorg-2.jar:]

              at com.sun.faces.config.ConfigureListener.requestDestroyed(ConfigureListener.java:348) [jsf-impl-2.1.27-jbossorg-2.jar:]

              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:175) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:353) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:911) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at org.apache.tomcat.util.net.NioEndpoint$ChannelProcessor.run(NioEndpoint.java:920) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]

              at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [rt.jar:1.7.0_55]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [rt.jar:1.7.0_55]

              at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_55]

       

      I have tried:

      web.xml

      <multipart-config>

        <max-file-size>31457280</max-file-size>

        <max-request-size>31457280</max-request-size>

      </multipart-config>


      components.xml

      <component class="org.jboss.seam.web.MultipartFilter">

        <property name="createTempFiles">false</property>

        <property name="maxRequestSize">0</property>

      </component>


      standalone.xml subsystem config:

      <subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">

        <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443" max-post-size="10485760" max-save-post-size="10485760" />

        <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" max-post-size="10485760" max-save-post-size="10485760" >

                     <ssl name="xyz-ssl"  key-alias="xyz" password="***"

                           certificate-key-file="${jboss.server.config.dir}/xyz.keystore"

                           protocol="TLSv1"/>

        </connector>


      We also have tried to generate a new certificate...

      Thank you!