1 Reply Latest reply on Jun 30, 2008 5:46 AM by Alessio Soldano

    Need help: Errors during SSL connection

    Daniel Behrwind Newbie

      Hi,

      I'm using Seam 2.0.2.SP1 on JBossAS 4.2.2.GA and want to publish some web services. Communication shall be encrypted using SSL. So I'm trying to follow the instructions at http://jbws.dyndns.org/mediawiki/index.php?title=Secure_transport.

      After finally getting the server running with SSL, my client is now unable to connect.

      If I configure the SSL connector in the server.xml as suggested in the article:

      <Connector port="8443" address="${jboss.bind.address}"
       maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
       scheme="https" secure="true" clientAuth="want"
       keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore"
       keystorePass="symtaweb"
       truststoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore"
       truststorePass="symtaweb"
       sslProtocol = "TLS" />

      the result is:
      Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
       at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119)
       at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:128)
       at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
       at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581)
       at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540)
       at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525)
       at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422)
       at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235)
       at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
       at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
       at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
       at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
       at $Proxy29.login(Unknown Source)
       at com.symtavision.test.jbossws.Test.main(Test.java:32)
      Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
       at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:107)
       ... 13 more
      Caused by: java.io.EOFException: SSL peer shut down incorrectly
       at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
       ... 21 more
      


      And when using the default configuration:
      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS"
       keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\.keystore"
       keystorePass="symtaweb" />

      I get this:

      Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized
       at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197)
       at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137)
       at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
       at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581)
       at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540)
       at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525)
       at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422)
       at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235)
       at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
       at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
       at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
       at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
       at $Proxy29.login(Unknown Source)
       at com.symtavision.test.jbossws.Test.main(Test.java:32)


      I'm setting the required system properties programmatically instead of using XML configuration:

      public static void main(String[] args) {
      
       System.setProperty("javax.net.ssl.keyStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore");
       System.setProperty("javax.net.ssl.trustStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore");
       System.setProperty("javax.net.ssl.keyStorePassword", "symtaweb");
       System.setProperty("javax.net.ssl.trustStorePassword", "symtaweb");
       System.setProperty("javax.net.ssl.keyStoreType", "jks");
       System.setProperty("javax.net.ssl.trustStoreType", "jks");
      
       // obtain proxy
       LoginService loginService = new LoginServiceService()
       .getLoginServicePort();
      
       // maintain Session
       ((BindingProvider) loginService).getRequestContext().put(
       BindingProvider.SESSION_MAINTAIN_PROPERTY, true);
      
       // *** regular method calls *** //
      
       System.out.println("logging in... \n \t success: "
       + loginService.login("daniel", ""));
      
       System.out.println("still logged in?\n\t" + loginService.isLoggedin());
      
       System.out.println("logging out... \n \t success: "
       + loginService.logout());
      
       System.out.println("still logged in?\n\t" + loginService.isLoggedin());
      
       }


      And I was not able to set the @SecurityDomain("JBossWS") annotation in the server class. (I don't know which jar to import ...)

      Tanks for any help!