eap 6.3.0.Alpha - SSL file upload problem
miromiro Jul 4, 2014 6:49 AMHello,
we have upgraded our application platform from jboss-4.2.3.GA to eap 6.3.0.Alpha and are experiencing errors during file upload (multipart POST request) via https.
We use jboss seam 2.3.1 and richfaces 3.3.4.
Uploading via http works fine, I have tried to upload a 20MB file with no problem.
However when uploading files larger than 5KB via https we're getting this server log:
14:48:24,532 DEBUG [org.apache.coyote.http11] (http-/0.0.0.0:8443-63) JBWEB003064: Error during blocking read: java.io.IOException: JBWEB002048: Unable to unwrap data, invalid status BUFFER_OVERFLOW
at org.apache.tomcat.util.net.jsse.SecureNioChannel.unwrap(SecureNioChannel.java:591) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.tomcat.util.net.jsse.SecureNioChannel.readBytes(SecureNioChannel.java:134) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.InternalNioInputBuffer.blockingRead(InternalNioInputBuffer.java:504) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.InternalNioInputBuffer.fill0(InternalNioInputBuffer.java:449) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.InternalNioInputBuffer.fill(InternalNioInputBuffer.java:417) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.AbstractInternalInputBuffer.parseHeader(AbstractInternalInputBuffer.java:466) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.AbstractInternalInputBuffer.parseHeaders(AbstractInternalInputBuffer.java:446) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:324) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:911) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.tomcat.util.net.NioEndpoint$ChannelProcessor.run(NioEndpoint.java:920) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [rt.jar:1.7.0_55]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [rt.jar:1.7.0_55]
at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_55]
14:48:24,533 DEBUG [org.apache.catalina.authenticator] (http-/0.0.0.0:8443-63) Security checking request PET /dbmcntdb/dbm/images/background-gray-gradient.png
14:48:24,533 DEBUG [org.apache.catalina.realm] (http-/0.0.0.0:8443-63) Checking constraint 'SecurityConstraint[dbmcntdb]' against PET /dbm/images/background-gray-gradient.png --> true
14:48:24,533 DEBUG [org.apache.catalina.realm] (http-/0.0.0.0:8443-63) Checking constraint 'SecurityConstraint[dbmcntdb]' against PET /dbm/images/background-gray-gradient.png --> true
where the mysterious PET request shows with different resources...
Maybe this DEBUG log -which is quite similar to the previous one- is worth mentioning (it is logged after every HTTP request) (it's caused by not having client certificate allegedly):
15:21:09,866 DEBUG [org.apache.tomcat.util] (http-/0.0.0.0:8443-50) Error getting client certs: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) [jsse.jar:1.7.0_55]
at org.apache.tomcat.util.net.jsse.NioJSSESupport.getX509Certificates(NioJSSESupport.java:125) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.tomcat.util.net.jsse.NioJSSESupport.getPeerCertificateChain(NioJSSESupport.java:112) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.Http11NioProcessor.requestSSLAttr(Http11NioProcessor.java:647) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.Http11NioProcessor.action(Http11NioProcessor.java:830) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.Request.action(Request.java:362) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.catalina.connector.Request.getAttribute(Request.java:1133) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.catalina.connector.Request.getAttributeNames(Request.java:1187) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.catalina.connector.RequestFacade.getAttributeNames(RequestFacade.java:279) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at com.sun.faces.application.WebappLifecycleListener.requestDestroyed(WebappLifecycleListener.java:108) [jsf-impl-2.1.27-jbossorg-2.jar:]
at com.sun.faces.config.ConfigureListener.requestDestroyed(ConfigureListener.java:348) [jsf-impl-2.1.27-jbossorg-2.jar:]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:175) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:353) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:911) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.tomcat.util.net.NioEndpoint$ChannelProcessor.run(NioEndpoint.java:920) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [rt.jar:1.7.0_55]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [rt.jar:1.7.0_55]
at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_55]
I have tried:
web.xml
<multipart-config>
<max-file-size>31457280</max-file-size>
<max-request-size>31457280</max-request-size>
</multipart-config>
components.xml
<component class="org.jboss.seam.web.MultipartFilter">
<property name="createTempFiles">false</property>
<property name="maxRequestSize">0</property>
</component>
standalone.xml subsystem config:
<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443" max-post-size="10485760" max-save-post-size="10485760" />
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" max-post-size="10485760" max-save-post-size="10485760" >
<ssl name="xyz-ssl" key-alias="xyz" password="***"
certificate-key-file="${jboss.server.config.dir}/xyz.keystore"
protocol="TLSv1"/>
</connector>
We also have tried to generate a new certificate...
Thank you!