9 Replies Latest reply on Jul 30, 2008 5:26 AM by Richard Opalka

    problem with calling ssl web service

    hugo arago Newbie

      Hello all,
      I've successfully deploy jboss web service using ssl. But when calling this ssl web service from standalone client, i got error at client side as follow:

      Exception in thread "main" javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:304)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:242)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
       at $Proxy10.sslMethod(Unknown Source)
       at jb.secure.ws.client.TestMain.main(TestMain.java:26)
      Caused by: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:192)
       at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
       at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:322)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:230)
       ... 4 more
      Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:332)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
       at org.jboss.remoting.Client.invoke(Client.java:1550)
       at org.jboss.remoting.Client.invoke(Client.java:530)
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:171)
       ... 7 more
      Caused by: org.jboss.ws.WSException: Invalid HTTP server response [401] - Unauthorized
       at org.jboss.ws.core.soap.SOAPMessageUnMarshaller.read(SOAPMessageUnMarshaller.java:72)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.readResponse(HTTPClientInvoker.java:472)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:304)
       ... 12 more
      


      what does it mean, and how to solve this? Please help me.
      Thanks.

        • 1. Re: problem with calling ssl web service
          Richard Opalka Master

          Hi,

          you have to setup stub properties:

          MyService port = (MyService)service.getPort(portName, MyService.class);
          Stub stub = (Stub)port;
          stub._setProperty(Stub.USERNAME_PROPERTY, USERNAME);
          stub._setProperty(Stub.PASSWORD_PROPERTY, PASSWORD);
          port.myMethodCall();
          


          Richard

          • 2. Re: problem with calling ssl web service
            hugo arago Newbie

            thanks, Richard!
            I've solved this problem...

            • 3. Re: problem with calling ssl web service
              Andrea Newbie

              hugo_th02 how did you manage to configure an ssl webservice?
              I tried to edit the jboss-beans.xml file at the following lines

              <property name="webServiceHost">${jboss.bind.address}</property>
              <property name="alwaysModifySOAPAddress">true</property>
              <property name="webServiceSecurePort">8443</property>
              <property name="webServicePort">8080</property>


              in any way, but my WSDL file always generates a sop:adress in http

              <service name="MyWebServiceBeanService">
               <port binding="tns:MyWebServiceBeanBinding" name="MyWebServiceBeanPort">
               <soap:address location="http://my_host_name:8080/MyWebServiceBean"/>
               </port>
              </service>


              I'd actually like to have

              <soap:address location="https://www.myserver.com:8443/MyWebServiceBean"/>


              I can hardcode www.myserver.com in the webServiceHost parameter, but no way to set https as protocol and port 8443

              Any ideas? Please help, it's urgent!

              Cheers,
              Andrea

              • 4. Re: problem with calling ssl web service
                Stathis Rouvas Newbie

                Place a transport-guarantee element in your web.xml, thus:

                <security-constraint>
                 <web-resource-collection>
                 <web-resource-name>All resources</web-resource-name>
                 <url-pattern>/YOUR_PATH</url-pattern>
                 </web-resource-collection>
                 <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                 </user-data-constraint>
                </security-constraint>
                


                in the above replace YOUR_PATH with the appropriate value for your case.

                -Stathis

                • 5. Re: problem with calling ssl web service
                  Andrea Newbie

                  Thank you for your quick answer!

                  However I am not sure to understand what to put in the url-pattern parameter. All my interfaces are accessible through:

                  https://myserver.com:8443/interfaces/InterfaceBean

                  I tried just to test with

                  <url-pattern>/interfaces/*</url-pattern>


                  and also specifically with

                  <url-pattern>/interfaces/InterfaceBean1</url-pattern>


                  leaving the jboss-beans.xml file as I posted before, but with no success..
                  what is it that I have to put in the url-pattern?

                  Thank you


                  • 6. Re: problem with calling ssl web service
                    Stathis Rouvas Newbie

                    You posted that your interfaces are accessible through

                    https://myserver.com:8443/interfaces/InterfaceBean
                    

                    but in the url-pattern you stated
                    /interfaces/InterfaceBean1
                    

                    see the "1" at the end?

                    I've managed to get it working using the following settings:

                    file ${JBOSS_HOME}/server/default/deploy/jboss-web.deployer/server.xml

                    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                     maxThreads="150" scheme="https" secure="true"
                     clientAuth="false" sslProtocol="TLS"
                     keystoreFile="${jboss.server.home.dir}/server.keystore"
                     keystorePass="welcome"
                     />
                    


                    and in my web.xml

                    <?xml version="1.0" encoding="UTF-8"?>
                    <web-app>
                    
                     <servlet>
                     <servlet-name>adder</servlet-name>
                     <servlet-class>gr.rouvas.adder</servlet-class>
                     </servlet>
                     <servlet-mapping>
                     <servlet-name>adder</servlet-name>
                     <url-pattern>/adder</url-pattern>
                     </servlet-mapping>
                    
                    <security-constraint>
                     <web-resource-collection>
                     <web-resource-name>All resources</web-resource-name>
                     <url-pattern>/adder</url-pattern>
                     </web-resource-collection>
                     <user-data-constraint>
                     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                     </user-data-constraint>
                    </security-constraint>
                    
                    </web-app>
                    


                    in my case, it is a POJO web service.

                    -Stathis

                    • 7. Re: problem with calling ssl web service
                      Andrea Newbie

                      The '1' is not a mistake, it was just an example to tell you that I have different webservices under different paths with the same root:

                      /interfaces/InterfaceBean1
                      /interfaces/InterfaceBean2
                      etc.


                      I am not sure whether this was clear, but that those are webservices listening to SOAP calls and the problem is that the associated wsdl files are not correctly generated by JBoss.

                      I also have the same configuration in server.xml, and I also have a redirection from http://...:8080 to https://...:8443, which works correctly for my web client.

                      I was actually wondering if the configuration is possible through jws annotations... Let me post you some more code, maybe this will help...
                      Here one of the interface beans:

                      import javax.ejb.Stateless;
                      import javax.jws.WebMethod;
                      import javax.jws.WebParam;
                      import javax.jws.WebService;
                      import javax.jws.soap.SOAPBinding;
                      
                      @Stateless
                      @WebService
                      @SOAPBinding(style = SOAPBinding.Style.RPC)
                      public class GenericInterfaceAgentBean implements GenericInterfaceAgent {
                      
                       @WebMethod
                       public String sessionLogin(
                       @WebParam(name = "pUsername")String user,
                       @WebParam(name = "pPassword")String pass
                       ) { ... }
                      
                      ....
                      
                      }
                      


                      When I restart JBoss, a wsdl file is generated under the path:

                      jboss\server\myconf\data\wsdl\myapp.ear\myapp.jar\GenericInterfaceAgentBeanServiceXXX.wsdl


                      and the wsdl file contains (useful pieces of code)
                      (srv11 is the hostname of my server)


                      <?xml version="1.0" encoding="UTF-8"?>
                      <definitions name="GenericInterfaceAgentBeanService"
                      targetNamespace="http://beans.generic.interfaces.system.myserver.com/"
                      xmlns:tns="http://beans.generic.interfaces.system.myserver.com/"
                      xmlns:ns1="http://jaxb.dev.java.net/array"
                      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                      xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
                      xmlns="http://schemas.xmlsoap.org/wsdl/">
                      
                      ...
                      
                       <service name="GenericInterfaceAgentBeanService">
                       <port name="GenericInterfaceAgentBeanPort" binding="tns:GenericInterfaceAgentBeanBinding">
                       <soap:address location="http://srv11:8080/interfaces/GenericInterfaceAgentBean"/>
                       </port>
                       </service>
                      
                      


                      but what I would like is

                      
                      ...
                      
                       <service name="GenericInterfaceAgentBeanService">
                       <port name="GenericInterfaceAgentBeanPort" binding="tns:GenericInterfaceAgentBeanBinding">
                       <soap:address location="https://www.myserver.com:8443/interfaces/GenericInterfaceAgentBean"/>
                       </port>
                       </service>
                      
                      


                      • 8. Re: problem with calling ssl web service
                        Joan Pujol Espinar Newbie

                        I've the same problem. Someone has any workarround?

                        I submitted a bug in the JIRA:
                        http://jira.jboss.org/jira/browse/JBWS-2216

                        • 9. Re: problem with calling ssl web service
                          Richard Opalka Master

                          See JBWS-2216 last comment if still confused how to correctly set up everything.