4 Replies Latest reply on Feb 16, 2016 11:33 AM by pvcastro

    Problem setting up XTS with SSL

    pvcastro

      Hi there!

       

      I'm trying to create a POC with XTS and SSL, with the following scenario:

       

      1. I've created an application with a Web Service, which is also an EJB, with the transaction attribute marked as mandatory.

      2. I've created another application, supposed to be the Web Service client, which has the handler chain configured with JaxWSTxOutboundBridgeHandler and JaxWSHeaderContextProcessor, like this:

       

      public void execute() {
              try {
                  ExampleJaxWSService service = new ExampleJaxWSService();
                  IExampleWS example = service.getExampleJaxWSPort();
                  ((BindingProvider) example).getBinding()
                          .setHandlerChain(Arrays.asList(new JaxWSTxOutboundBridgeHandler(), new JaxWSHeaderContextProcessor()));
                  TransactionManager ut = com.arjuna.ats.jta.TransactionManager.transactionManager();
                  ut.begin();
                  example.access();
                  ut.commit();
              } catch (Exception e) {
                  System.err.println(e.getMessage());
                  e.printStackTrace();
              }
          }
      
      
      

       

      Before setting up SSL, I deployed both applications on the same server, and I was able to verify that the Web Service was getting properly accessed.

       

      After this, I tried setting up SSL with an aproach similar to quickstart/XTS/ssl at 5.2.13.Final · jbosstm/quickstart · GitHub. The difference is that I used two different machines instead of two servers on the same machine. I also skipped some of the steps that were pertinent to the wsat-simple sample.

       

      I'm getting the error below. The only thing I was able to check is that the transaction ID 0:ffff7f000101:-7d8796eb:56c1d34e:22 is the same used on the client side, so I think the client is opening the transaction and the Web Service is getting it correctly. But I'm not sure what's causing the problem.

      2016-02-15 11:34:21,367 TRACE [org.jboss.jbossts.txbridge] (default task-2) OptionalJaxWSTxInboundBridgeHandler.handleMessage()

      2016-02-15 11:34:21,368 TRACE [org.jboss.jbossts.txbridge] (default task-2) JaxWSTxInboundBridgeHandler.handleInbound()

      2016-02-15 11:34:21,368 TRACE [org.jboss.jbossts.txbridge] (default task-2) InboundBridgeManager.getInboundBridge()

      2016-02-15 11:34:21,369 TRACE [org.jboss.jbossts.txbridge] (default task-2) InboundBridgeManager.createMapping(externalTxId=AtomicTransactionIdentifier: urn:0:ffff7f000101:-7d8796eb:56c1d34e:22)

      2016-02-15 11:34:21,370 TRACE [org.jboss.jbossts.txbridge] (default task-2) BridgeDurableParticipant.<ctor>(TxId=AtomicTransactionIdentifier: urn:0:ffff7f000101:-7d8796eb:56c1d34e:22, Xid=< 131080, 29, 64, 0000000000-1-112701151115901386-63-4512100012049, 0000000000000000000000000000000000000000000000000000000000000000 >)

      2016-02-15 11:34:21,466 INFO  [org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean] (default task-2) Creating Service {http://docs.oasis-open.org/ws-tx/wscoor/2006/06}RegistrationService from WSDL: jar:file:/home/pedro.castro/Servers/wildfly-9.0.2.Final/modules/system/layers/base/org/jboss/xts/main/jbossxts-5.0.6.Final.jar!/org/oasis_open/docs/ws_tx/wscoor/_2006/_06/wsdl/wscoor-registration-binding.wsdl

      2016-02-15 11:34:21,785 WARN  [org.jboss.ws.common] (default task-3) JBWS022061: Method invocation failed with exception: java.lang.reflect.InvocationTargetException

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.jboss.ws.common.invocation.AbstractInvocationHandlerJSE.invoke(AbstractInvocationHandlerJSE.java:108)

        at org.jboss.wsf.stack.cxf.JBossWSInvoker.performInvocation(JBossWSInvoker.java:185)

        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)

        at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:232)

        at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:69)

        at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:151)

        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)

        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

        at java.util.concurrent.FutureTask.run(FutureTask.java:266)

        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInvokerInterceptor.java:126)

        at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)

        at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:131)

        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)

        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)

        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:111)

        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:136)

        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)

        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)

        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)

        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)

        at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)

        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)

        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)

        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)

        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)

        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at java.lang.Thread.run(Thread.java:745)

      Caused by: javax.xml.ws.soap.SOAPFaultException: Sender

        at com.arjuna.wsc11.messaging.RegistrationCoordinatorProcessorImpl.register(RegistrationCoordinatorProcessorImpl.java:104)

        at com.arjuna.webservices11.wscoor.sei.RegistrationPortTypeImpl.registerOperation(RegistrationPortTypeImpl.java:57)

        ... 50 more

       

       

      2016-02-15 11:34:21,790 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-3) Application {http://docs.oasis-open.org/ws-tx/wscoor/2006/06}RegistrationService#{http://docs.oasis-open.org/ws-tx/wscoor/2006/06}RegisterOperation has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: Sender

        at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.createFault(AbstractJAXWSMethodInvoker.java:257)

        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:129)

        at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:232)

        at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:69)

        at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:151)

        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)

        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

        at java.util.concurrent.FutureTask.run(FutureTask.java:266)

        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInvokerInterceptor.java:126)

        at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)

        at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:131)

        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)

        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)

        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:111)

        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:136)

        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)

        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)

        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)

        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)

        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)

        at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)

        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)

        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)

        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)

        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)

        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at java.lang.Thread.run(Thread.java:745)

      Caused by: javax.xml.ws.soap.SOAPFaultException: Sender

        at com.arjuna.wsc11.messaging.RegistrationCoordinatorProcessorImpl.register(RegistrationCoordinatorProcessorImpl.java:104)

        at com.arjuna.webservices11.wscoor.sei.RegistrationPortTypeImpl.registerOperation(RegistrationPortTypeImpl.java:57)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at org.jboss.ws.common.invocation.AbstractInvocationHandlerJSE.invoke(AbstractInvocationHandlerJSE.java:108)

        at org.jboss.wsf.stack.cxf.JBossWSInvoker.performInvocation(JBossWSInvoker.java:185)

        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)

        ... 43 more

       

       

      2016-02-15 11:34:21,794 SEVERE [com.sun.xml.messaging.saaj.soap.ver1_1] (default task-3) SAAJ0303: Operation getFaultSubcodes not supported by SOAP 1.1

      2016-02-15 11:34:21,950 ERROR [org.jboss.jbossts.txbridge] (default task-2) com.arjuna.wst.UnknownTransactionException

      2016-02-15 11:34:21,952 TRACE [org.jboss.jbossts.txbridge] (default task-2) OptionalJaxWSTxInboundBridgeHandler.close()

       

      These are the commands I'm using to start each server:

       

      1. Client (using eclipse tool):

       

      -mp "/media/discoD/wildfly-9.0.2.Final/modules" -jaxpmodule javax.xml.jaxp-provider -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -b localhost --server-config=standalone-xts.xml -Djboss.server.base.dir=/media/discoD/wildfly-9.0.2.Final/standalone

      "-Dprogram.name=JBossTools: WildFly  9.x " -server -Xms64m -Xmx512m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Djava.net.preferIPv4Stack=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true "-Dorg.jboss.boot.log.file=/media/discoD/wildfly-9.0.2.Final/standalone/log/boot.log" "-Dlogging.configuration=file:/media/discoD/wildfly-9.0.2.Final/standalone/configuration/logging.properties" "-Djboss.home.dir=/media/discoD/wildfly-9.0.2.Final" -Dorg.jboss.logmanager.nocolor=true -Djboss.bind.address.management=localhost -Djavax.net.ssl.trustStore=/media/discoD/wildfly-9.0.2.Final/standalone/configuration/server.keystore -Djavax.net.ssl.trustStorePassword=client -Dorg.jboss.security.ignoreHttpsHost=true -Djavax.net.ssl.keyStore=/media/discoD/wildfly-9.0.2.Final/standalone/configuration/server.keystore -Djavax.net.ssl.keyStorePassword=client

       

      2. Server (using command line):

       

      ./bin/standalone.sh -c standalone-xts.xml -Djavax.net.ssl.trustStore=./standalone/configuration/server.keystore -Djavax.net.ssl.trustStorePassword=secret -Dorg.jboss.security.ignoreHttpsHost=true -Djavax.net.ssl.keyStore=./standalone/configuration/server.keystore -Djavax.net.ssl.keyStorePassword=secret

        • 1. Re: Problem setting up XTS with SSL
          mchoma

          Try to use property -Djavax.net.debug-all. It will show you SSL handsake details. But I suppose SSL connection was established succesfully. Error you get is from underlying protocol (SOAP). Does your solution work without SSL? Also consider changing -Djboss.bind.address.management=localhost and -b localhost to public IP of machine.

          • 2. Re: Problem setting up XTS with SSL
            pvcastro

            Hi Martin, thanks for your suggestion! It's working OK now.

             

            I'm also updating the attachments with the working version of standalone-xts for client and server, and the parameters to start each one were:

             

            Client:

             

            -mp "/media/discoD/wildfly-9.0.2.Final/modules" -jaxpmodule javax.xml.jaxp-provider -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -b 10.1.3.21 --server-config=standalone-xts.xml -Djboss.server.base.dir=/media/discoD/wildfly-9.0.2.Final/standalone

             

            "-Dprogram.name=JBossTools: WildFly  9.x " -server -Xms64m -Xmx512m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Djava.net.preferIPv4Stack=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true "-Dorg.jboss.boot.log.file=/media/discoD/wildfly-9.0.2.Final/standalone/log/boot.log" "-Dlogging.configuration=file:/media/discoD/wildfly-9.0.2.Final/standalone/configuration/logging.properties" "-Djboss.home.dir=/media/discoD/wildfly-9.0.2.Final" -Dorg.jboss.logmanager.nocolor=true -Djboss.bind.address.management=10.1.3.21 -Djavax.net.ssl.trustStore=/media/discoD/wildfly-9.0.2.Final/standalone/configuration/server.keystore -Djavax.net.ssl.trustStorePassword=client -Dorg.jboss.security.ignoreHttpsHost=true -Djavax.net.ssl.keyStore=/media/discoD/wildfly-9.0.2.Final/standalone/configuration/server.keystore -Djavax.net.ssl.keyStorePassword=client -Djavax.net.debug-all

            Server:

             

            ./bin/standalone.sh -c standalone-xts.xml -Djavax.net.ssl.trustStore=./standalone/configuration/server.keystore -Djavax.net.ssl.trustStorePassword=secret -Dorg.jboss.security.ignoreHttpsHost=true -Djavax.net.ssl.keyStore=./standalone/configuration/server.keystore -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.debug=all

            • 3. Re: Problem setting up XTS with SSL
              ctomc

              There was a typo in Martin's comment. to debug network property is

              -Djavax.net.debug=all not -Djavax.net.debug-all

              1 of 1 people found this helpful
              • 4. Re: Problem setting up XTS with SSL
                pvcastro

                Corrected, thanks Tomaz!