1 Reply Latest reply on Feb 22, 2011 8:26 PM by kerryrward

    https web service hangs when using wssecurity

    kerryrward

      I am having a problem with JBoss-WS native and communicating with a web service using HTTPS.  I actually have two services that are having the problem.  I am running JBoss 5.1.0 and JDK 6 with jbossws-native-3.2.2.GA.  I have consumed the WSDL and am trying to run using wsrunclient.bat.  When I run wsrunclient.bat, I hang during communication. I referenced this example

       

       

      org.jboss.test.ws.interop.nov2007.wsse.UsernameTokenHTTPSTestCase
      
      


      Here is my code invoking the web service:

       

       

      ExtendedStatusService proxy = new ExtendedStatusService();
      ExtendedStatus webService = proxy.getExtendedStatus();
      System.out.println("Calling getPaymentStatus");
      ((StubExt)webService).setConfigName("Standard WSSecurity Client");
      System.setProperty("javax.net.ssl.trustStore", "C:/jdk1.6.0_24/jre/lib/security/cacerts");
      System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
      System.setProperty("javax.net.ssl.trustStoreType", "jks");
      System.setProperty("org.jboss.security.ignoreHttpsHost", "true");
      ExtendedStatusResponse result = webService.getPaymentStatus(statusQuery);
      System.out.println("Returned from Query webservice");
      
      

       

      Here is the debug output:

       

       

       

      DEBUG [main] (Logger.java:228) - Configure SOAPBinding
      DEBUG [main] (Logger.java:228) - initHandlerChain: PRE
      DEBUG [main] (Logger.java:228) - initHandlerChain: ENDPOINT
      DEBUG [main] (Logger.java:228) - initHandlerChain: POST
      DEBUG [main] (Logger.java:228) - getHandlerChain: [type=PRE,info=[service={https://www.asite.gov/pay/service}ExtendedStatusService,por
      t={https://www.asite.gov/pay/service}ExtendedStatus,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
      DEBUG [main] (Logger.java:228) - getHandlerChain: [type=POST,info=[service={https://www.asite.gov/pay/service}ExtendedStatusService,po
      rt={https://www.asite.gov/pay/service}ExtendedStatus,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
      DEBUG [main] (Logger.java:228) - getHandlerChain: [type=ENDPOINT,info=[service={https://www.asite.gov/pay/service}ExtendedStatusServic
      e,port={https://www.asite.gov/pay/service}ExtendedStatus,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
      DEBUG [main] (Logger.java:228) - setHandlerChain: []
      DEBUG [main] (Logger.java:228) - No port configuration for: {https://www.asite.gov/pay/service}ExtendedStatus
      Calling pay getPaymentStatus
      DEBUG [main] (Logger.java:228) - Create new config [name=Standard WSSecurity Client,file=META-INF/standard-jaxws-client-config.xml]
      DEBUG [main] (Logger.java:228) - getConfig: [name=Standard WSSecurity Client,url=META-INF/standard-jaxws-client-config.xml]
      DEBUG [main] (Logger.java:228) - parse: jar:file:/C:/jboss-5.1.0.GA/client/jbossws-native-client.jar!/META-INF/standard-jaxws-client-config.
      xml
      DEBUG [main] (Logger.java:228) - Created parser: org.apache.xerces.jaxp.SAXParserImpl@1d162212, isNamespaceAware: true, isValidating: true,
      isXIncludeAware: true
      DEBUG [main] (Logger.java:228) - http://xml.org/sax/features/validation set to: true
      DEBUG [main] (Logger.java:228) - http://xml.org/sax/features/namespaces set to: true
      DEBUG [main] (Logger.java:228) - http://apache.org/xml/features/validation/dynamic set to: true
      DEBUG [main] (Logger.java:228) - http://xml.org/sax/features/validation set to: true
      DEBUG [main] (Logger.java:228) - http://apache.org/xml/features/validation/schema set to: true
      DEBUG [main] (Logger.java:228) - Created parser: org.apache.xerces.jaxp.SAXParserImpl@1d162212, isNamespaceAware: true, isValidating: true,
      isXIncludeAware: true
      DEBUG [main] (Logger.java:228) - resolveEntity: [pub=null,sysid=file:///c:/signer.ark/src/schema/jaxws-config_2_0.xsd]
      DEBUG [main] (Logger.java:228) - resolveEntity: [pub=null,sysid=file:///c:/signer.ark/src/schema/javaee_web_services_1_2.xsd]
      DEBUG [main] (Logger.java:228) - resolveEntity: [pub=null,sysid=file:///c:/signer.ark/src/schema/javaee_5.xsd]
      DEBUG [main] (Logger.java:228) - resolveEntity: [pub=null,sysid=http://www.w3.org/2001/xml.xsd]
      DEBUG [main] (Logger.java:228) - resolveEntity: [pub=null,sysid=file:///c:/signer.ark/src/schema/javaee_web_services_client_1_2.xsd]
      DEBUG [main] (Logger.java:228) - Configure EndpointMetaData
      DEBUG [main] (Logger.java:228) - Added 0 PRE handlers
      DEBUG [main] (Logger.java:228) - Added 0 ENDPOINT handlers
      DEBUG [main] (Logger.java:228) - Added 1 POST handlers
      DEBUG [main] (Logger.java:228) - initHandlerChain: PRE
      DEBUG [main] (Logger.java:228) - initHandlerChain: ENDPOINT
      DEBUG [main] (Logger.java:228) - initHandlerChain: POST
      DEBUG [main] (Logger.java:228) - addHandler:
      HandlerMetaDataJAXWS:
       type=POST
       name=WSSecurityHandlerOutbound
       class=class org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient
       params=[]
       protocols=##SOAP11_HTTP ##SOAP11_HTTP_MTOM
       services=null
       ports=null
      DEBUG [main] (Logger.java:228) - getHandlerChain: [type=PRE,info=[service={https://www.asite.gov/pay/service}ExtendedStatusService,por
      t={https://www.asite.gov/pay/service}ExtendedStatus,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
      DEBUG [main] (Logger.java:228) - getHandlerChain: [type=POST,info=[service={https://www.asite.gov/pay/service}ExtendedStatusService,po
      rt={https://www.asite.gov/pay/service}ExtendedStatus,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
      DEBUG [main] (Logger.java:228) - getHandlerChain: [type=ENDPOINT,info=[service={https://www.asite.gov/pay/service}ExtendedStatusServic
      e,port={https://www.asite.gov/pay/service}ExtendedStatus,binding=http://schemas.xmlsoap.org/wsdl/soap/http]]
      DEBUG [main] (Logger.java:228) - setHandlerChain: []
      DEBUG [main] (Logger.java:228) - pushMessageContext: org.jboss.ws.core.jaxws.handler.SOAPMessageContextJAXWS@1d6b6c55 (Thread main)
      DEBUG [main] (Logger.java:228) - setRequestParamValue: [name={https://www.asite.gov/pay/service}statusQueryBean,value=com.asite.gov
      pay.extendedstatus.StatusQuery]
      DEBUG [main] (Logger.java:228) - bindRequestMessage: {https://www.asite.gov/pay/service}getPaymentStatus
      DEBUG [main] (Logger.java:228) - getRequestParamValue: {https://www.asite.gov/pay/service}statusQueryBean
      DEBUG [main] (Logger.java:228) - transformPayloadValue: com.asite.pay.extendedstatus.StatusQuery -> com.asite.pay.extendedstatus
      .StatusQuery
      DEBUG [main] (Logger.java:228) - Create a handler executor: []
      DEBUG [main] (Logger.java:228) - Create a handler executor: []
      DEBUG [main] (Logger.java:228) - Create a handler executor: [WSSecurityHandlerOutbound]
      DEBUG [main] (Logger.java:228) - Enter: handleOutBoundMessage
      DEBUG [main] (Logger.java:228) - Exit: handleOutBoundMessage with status: true
      DEBUG [main] (Logger.java:228) - Could not find keystore url.  Can not find store file for url because store url is null.
      DEBUG [main] (Logger.java:228) - -----------------------------------
      DEBUG [main] (Logger.java:228) - Transitioning from OBJECT_VALID to XML_VALID
      DEBUG [main] (Logger.java:228) - getXMLFragment from Object [xmlType={https://www.asite.gov/pay/service}StatusQuery,javaType=class com
      .asite.pay.extendedstatus.StatusQuery]
      DEBUG [main] (Logger.java:228) - serialize: [xmlName={https://www.asite.gov/pay/service}statusQueryBean,xmlType={https://www.asite.
      gov/pay/service}StatusQuery]
      DEBUG [main] (Logger.java:228) - serialized: <statusQueryBean xmlns="https://www.asite.gov/pay/service"><affiliateHashId xmlns:xsi="ht
      tp://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><orderId xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><out
      erUniqueId xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><remoteOrderId>F_100_100</remoteOrderId><serviceId xmlns:xs
      i="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><vendorId xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"
      /></statusQueryBean>
      DEBUG [main] (Logger.java:228) - xmlFragment: [source=<statusQueryBean xmlns="https://www.asite.gov/pay/service"><affiliateHashId xmln
      s:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><orderId xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="tr
      ue"/><outerUniqueId xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><remoteOrderId>F_100_100</remoteOrderId><serviceId
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><vendorId xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:n
      il="true"/></statusQueryBean>]
      DEBUG [main] (Logger.java:228) - -----------------------------------
      Terminate batch job (Y/N)? n
      

       

      Now if I edit wsrunclient.bat and remove jbossws-native-client.jar, jbossws-native-core.jar, and the lib/endorsed files then the call is successful.  Here is the changes I made to the wsrunclient.bat

       

       

      rem set WSRUNCLIENT_CLASSPATH=%WSRUNCLIENT_CLASSPATH%;%JBOSS_HOME%/client/jbossws-native-client.jar
      rem set WSRUNCLIENT_CLASSPATH=%WSRUNCLIENT_CLASSPATH%;%JBOSS_HOME%/client/jbossws-native-core.jar
      rem "%JAVA%" %JAVA_OPTS% -Djava.endorsed.dirs="%JBOSS_ENDORSED_DIRS%" -classpath "%WSRUNCLIENT_CLASSPATH%" %ARGS%
      "%JAVA%" %JAVA_OPTS% -classpath "%WSRUNCLIENT_CLASSPATH%" %ARGS%
      


      I also have to comment out the following line in the code:

       

       

      ((StubExt)webService).setConfigName("Standard WSSecurity Client");
      

       

      Here is my successful log:

       

      Calling pay getPaymentStatus
      Returned from Query webservice
      

       

      I believe I'm not getting DEBUG statements here because I'm really not going through the JBoss wsse code.  But I don't believe I need any WS Security invoked - I'm not doing authentication or any other additional security features.  I just need https.  I have another service that I did with JBoss 4.2.3.GA and JDK 5 that uses https and is working just fine.  I tried to connect to it using JBoss 5.1.0.GA and JDK 6 and it has the same problem as my new service.

       

      I need to connect to this service from within the JBoss AS, so I don't want to manipulate jbossws classpaths the way I have done when running as a client. 

       

      I have run this in the debugger and can give more details about where it is hanging if necessary, but I think it is more a configuration thing, and wanted to get this out since time is passing by.  Any help would be appreciated.

        • 1. Re: https web service hangs when using wssecurity
          kerryrward

          This statement is false:

           

          I have another service that I did with JBoss 4.2.3.GA and JDK 5 that uses https and is working just fine.  I tried to connect to it using JBoss 5.1.0.GA and JDK 6 and it has the same problem as my new service.


          Somewhere along the way I got wires crossed.  The existing web service call is working in JBoss 5.1.0.GA and JDK 6.  So now I just need to concentrate on my new service.

           

          I added the environment variable  -Djavax.net.debug=all and shortly before hanging I get this output

           

           

          New I/O client worker #1-1, fatal error: 46: General SSLEngine problem
          sun.security.validator.ValidatorException: Violated path length constraints
          New I/O client worker #1-1, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
          New I/O client worker #1-1, WRITE: TLSv1 Alert, length = 2
          New I/O client worker #1-1, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem
          [Raw write]: length = 7
          0000: 15 03 01 00 02 02 2E                               .......
          New I/O client worker #1-1, called closeOutbound()
          New I/O client worker #1-1, closeOutboundInternal()
          Keep-Alive-Timer, called close()
          Keep-Alive-Timer, called closeInternal(true)
          Keep-Alive-Timer, SEND TLSv1 ALERT:  warning, description = close_notify
          
          


          I checked the WSDL location (https://x.asite.org/pay/service/ExtendedStatus?WSDL) and the certificate checks out.  It is named *.asite.org and signed by DigiCert.  My debug also shows that DigiCert is in my truststore.  However, the wsdl references

          targetNamespace="https://www.bsite.gov/pay/service.  When I go here in the browser I get a certificate error - it is using the same *.asite.org certificate at www.bsite.gov, which is clearly wrong. 

           

           

          Will JBossWS trip up on a targetnamespace, where other tools do not?  I've notified the producer of the service of the inconsistency, but I am wondering if there is a way to quickly test/confirm the issue without having to wait for them to fix things on their side?