12 Replies Latest reply on Feb 13, 2016 10:38 PM by max batin

    I can't start the demo-policy-securty-wss-username project.

    max batin Newbie

      I tried to start demo-policy-securty-wss-username.

      I deployed the application and run WorkServiceBean.main

      But, I caughed the error :

      main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      Exception in thread "main" java.lang.AssertionError: Exception invoking HTTP endpoint 'https://localhost:8443/policy-security-wss-username/WorkService': sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at org.junit.Assert.fail(Assert.java:88)

        at org.switchyard.component.test.mixins.http.HTTPMixIn.execute(HTTPMixIn.java:405)

        at org.switchyard.component.test.mixins.http.HTTPMixIn.postString(HTTPMixIn.java:222)

        at org.switchyard.quickstarts.demo.policy.security.wss.username.WorkServiceMain.invokeWorkService(WorkServiceMain.java:53)

        at org.switchyard.quickstarts.demo.policy.security.wss.username.WorkServiceMain.main(WorkServiceMain.java:95)

       

      I supposed the problem is in invalid Certificate.

      I issued new cerificate with the same alias "tomcat"

      But the error is not resolved.

       

      what is the problem?

      Please help start the project.

      thanks

        • 1. Re: I can't start the demo-policy-securty-wss-username project.
          Tom Cunningham Master

          Hi Max,

           

          What version of SwitchYard and EAP are you using?   My guess would be that connector.jks might be corrupted or not in the right place, but it'd be easier to tell if I could try to reproduce this on my own.

          • 2. Re: I can't start the demo-policy-securty-wss-username project.
            max batin Newbie

            Tom, I uses EAP 6.3.0 and SY 2.0.0 Final.

            I used demo in jboss-switchyard/quickstarts: Quickstarts f... - GitHub

            Connector.jks which was located in project.

            • 3. Re: I can't start the demo-policy-securty-wss-username project.
              Tom Cunningham Master

              Max,

               

              I believe the issue here might be the version of EAP you are using.    SwitchYard 2.0.0.Final should be used with EAP 6.4.0 :

               

              https://developer.jboss.org/en/switchyard/blog/2015/06/04/switchyard-200final-now-available

               

              I just tried myself with 6.4 and saw no issues.

              • 4. Re: I can't start the demo-policy-securty-wss-username project.
                max batin Newbie

                Hi, Tom!

                 

                Sorry for late answer.

                I used   switchYard 2.0.0.Final and EAP 6.4.0 as you adviced.

                21:59:15,980 INFO  [org.jboss.as] (MSC service thread 1-7) JBAS015899: JBoss EAP 6.4.0.GA (AS 7.5.0.Final-redhat-21) starting

                21:59:17,089 INFO  [org.switchyard] (ServerService Thread Pool -- 5) SwitchYard version 2.0.0.Final



                Now I have another problem with project. I see in logs that application doesn't start on 8443. Error is appeared when I started main application,

                Exception invoking HTTP endpoint 'https://localhost:8443/policy-security-wss-username/WorkService': Connect to localhost:8443


                Then  I run project on JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) and SwitchYard version 2.0.0.Alpha3 and the application started on 8443 port successfully:

                22:12:26,927 INFO  [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) JBWEB003000: Coyote HTTP/1.1 starting on: http-/0.0.0.0:844


                But when I run main application I have the same error as I wrote earlier:

                PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


                I did everything out of the box.

                Where is the problem, Tom?



                 

                • 5. Re: I can't start the demo-policy-securty-wss-username project.
                  Tom Cunningham Master

                  What OS are you using?  Are you sure you installed with :

                   

                  mvn -Pdeploy install

                   

                  And are you sure you added the user?   I just tried again with a fresh install of switchyard-2.0.0.Final on top of EAP 6.4.0 and I see no errors.

                   

                  DEPLOYED:

                  13:55:45,021 INFO  [org.switchyard.common.camel.SwitchYardCamelContextImpl] (MSC service thread 1-3) Route: direct:{urn:switchyard-quickstart-demo:policy-security-wss-username:0.1.0}WorkService started and consuming from: Endpoint[direct://%7Burn:switchyard-quickstart-demo:policy-security-wss-username:0.1.0%7DWorkService]

                  13:55:45,080 INFO  [org.switchyard] (MSC service thread 1-3) Addressing [enabled = false, required = false]

                  13:55:45,081 INFO  [org.switchyard] (MSC service thread 1-3) MTOM [enabled = false, threshold = 0]

                  13:55:45,155 INFO  [org.jboss.ws.cxf.metadata] (MSC service thread 1-3) JBWS024061: Adding service endpoint metadata: id=WorkService

                  address=http://localhost:8080/policy-security-wss-username/WorkService

                  implementor=org.switchyard.component.soap.endpoint.BaseWebService

                  serviceName={urn:switchyard-quickstart-demo:policy-security-wss-username:0.1.0}WorkService

                  portName={urn:switchyard-quickstart-demo:policy-security-wss-username:0.1.0}WorkServicePort

                  annotationWsdlLocation=null

                  wsdlLocationOverride=vfs:/content/switchyard-demo-policy-security-wss-username.jar/META-INF/WorkService.wsdl

                  mtomEnabled=false

                  13:55:45,528 INFO  [org.apache.cxf.service.factory.ReflectionServiceFactoryBean] (MSC service thread 1-3) Creating Service {urn:switchyard-quickstart-demo:policy-security-wss-username:0.1.0}WorkService from WSDL: vfs:/content/switchyard-demo-policy-security-wss-username.jar/META-INF/WorkService.wsdl

                  13:55:45,762 INFO  [org.apache.cxf.endpoint.ServerImpl] (MSC service thread 1-3) Setting the server's publish address to be http://localhost:8080/policy-security-wss-username/WorkService

                  13:55:45,798 INFO  [org.jboss.ws.cxf.deployment] (MSC service thread 1-3) JBWS024074: WSDL published to: file:/Users/cunningt/jboss-eap-6.4/standalone/data/wsdl/policy-security-wss-username.deployment/WorkService.wsdl

                  13:55:45,802 INFO  [org.jboss.as.webservices] (MSC service thread 1-5) JBAS015539: Starting service jboss.ws.port-component-link

                  13:55:45,803 INFO  [org.jboss.as.webservices] (MSC service thread 1-5) JBAS015539: Starting service jboss.ws.endpoint."policy-security-wss-username.deployment".WorkService

                  13:55:45,873 INFO  [org.jboss.as.server] (management-handler-thread - 4) JBAS015859: Deployed "switchyard-demo-policy-security-wss-username.jar" (runtime-name : "switchyard-demo-policy-security-wss-username.jar")


                  RUN (last command listed in Readme) :

                  13:56:10,714 INFO  [org.switchyard.quickstarts.demo.policy.security.wss.username.WorkServiceBean] (http-/127.0.0.1:8443-1) :: WorkService :: Received work command => CMD-1454957769817 (caller principal=kermit, in roles? 'friend'=true 'enemy'=false)

                   

                  • 6. Re: I can't start the demo-policy-securty-wss-username project.
                    max batin Newbie

                    I'am using Windows 7 X64.

                    I added user kermit by add-user.bat utility.

                     

                    Earlier I tried to start project in eclipse.

                    But now I start project in command line

                    mvn -Pdeploy install


                    and I see error:

                     

                     

                     

                     

                    22:05:29,908 ERROR [org.apache.tomcat.util] (MSC service thread 1-4) JBWEB003002: Failed to load keystore type JKS with path D:\J2EE\jboss-eap-6.4/quickstarts/demos/policy-security-wss-username/connector.jks due t

                    o D:\J2EE\jboss-eap-6.4\quickstarts\demos\policy-security-wss-username\connector.jks (╤шёЄхьх эх єфрхЄё  эрщЄш єърчрээ√щ яєЄ№)

                    22:05:29,909 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) JBWEB003043: Error initializing endpoint: java.io.FileNotFoundException: D:\J2EE\jboss-eap-6.4\quickstarts\demos\policy-securit

                    y-wss-username\connector.jks (╤шёЄхьх эх єфрхЄё  эрщЄш єърчрээ√щ яєЄ№)

                            at java.io.FileInputStream.open(Native Method) [rt.jar:1.7.0_67]

                            at java.io.FileInputStream.<init>(FileInputStream.java:146) [rt.jar:1.7.0_67]

                            at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:343) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:265) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:480) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:417) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:180) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:973) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:174) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.apache.catalina.connector.Connector.init(Connector.java:986) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]

                            at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]

                            at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

                            at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

                            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_67]

                            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_67]

                            at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_67]

                     

                     

                    22:05:29,922 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBA

                    S018007: Error starting web connector

                            at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:393)

                            at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

                            at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

                            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_67]

                            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_67]

                            at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_67]

                    Caused by: LifecycleException:  JBWEB000023: Protocol handler initialization failed

                            at org.apache.catalina.connector.Connector.init(Connector.java:989)

                            at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318)

                            ... 5 more

                     

                     

                    22:05:29,925 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) JBAS014612: Operation ("add") failed - address: ([

                        ("subsystem" => "web"),

                        ("connector" => "https")

                    ]) - failure description: {"JBAS014671: Failed services" => {"jboss.web.connector.https" => "org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector

                        Caused by: LifecycleException:  JBWEB000023: Protocol handler initialization failed"}}

                    22:05:29,930 INFO  [org.jboss.as.controller] (management-handler-thread - 2) JBAS014774: Service status report

                    JBAS014777:   Services which failed to start:      service jboss.web.connector.https

                    • 7. Re: I can't start the demo-policy-securty-wss-username project.
                      Tom Cunningham Master

                      Does D:\J2EE\jboss-eap-6.4\quickstarts\demos\policy-security-wss-username\connector.jks exist?   Is it a shared drive or something?    That's very strange.  

                      • 8. Re: I can't start the demo-policy-securty-wss-username project.
                        max batin Newbie

                        Tom , thanks!

                        I resolved  that problem.The folder of the project was out of the home directory of jboss-eap 6.4 and copied that folder into the jboss-eap6.4 and executed mvn install .

                         

                        I created user kermit by add-user.bat

                        Application-roles.properties

                             kermit=friend

                        Application-users.properties

                             kermit=a2fd9c14cb4e8bd101140eee75743542.

                         

                        and executed test:

                        mvn exec:java -Dexec.args="confidentiality clientAuthentication" -Djavax.net.ssl.trustStore=connector.jks

                         

                        And I can't see in the log excepted result:

                        :: WorkService :: Received work command => CMD-1398262803294 (caller principal=kermit, in roles? 'friend'=true 'enemy'=false)

                         

                        instead of this is the next error:

                         

                        21:43:12,391 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/0.0.0.0:8443-1) Interceptor for {urn:switchyard-quickstart-demo:policy-security-wss-username:0.1.0}WorkService#{urn:switchyard-quickstart-demo:policy-security-wss-username:0.1.0}doWork has thrown exception, unwinding now: java.lang.SecurityException: JBWS024057: Failed Authentication : Subject has not been created

                        .....

                        Caused by: java.lang.SecurityException: JBWS024047: Authentication failed, principal=kermit

                        • 9. Re: I can't start the demo-policy-securty-wss-username project.
                          Tom Cunningham Master

                          Max - Did you use "the-frog-1" as the password for kermit?   

                          • 10. Re: I can't start the demo-policy-securty-wss-username project.
                            max batin Newbie

                            I reinstalled project and started it by command line.

                            It works.

                            I made something wrong when I tryed to start it in eclipse.

                            Tom, thank you for your help.

                            But I would  like to start it in eclipse. Project deploys but the https(https://localhost:8443) is in down.

                            It is very strange.

                            Could  you resolve this issue?

                            • 11. Re: I can't start the demo-policy-securty-wss-username project.
                              Tom Cunningham Master

                              Max,

                               

                              I'd just use the server that you reinstalled into and that you know works - just configure that as a EAP server within Eclipse.

                              • 12. Re: I can't start the demo-policy-securty-wss-username project.
                                max batin Newbie

                                Tom, I can deployed project in eclipse.

                                Thanks!