0 Replies Latest reply on Dec 24, 2008 11:49 AM by Dejan Mratinkovic

    Ejb3 Consuming Web Services over SSL-(JBoss) issues

    Dejan Mratinkovic Newbie

      App sever jboss-4.2.3.GA - Ejb is consuming Web services using @WebServiceRef (from another application @WebServces bean, I am not sure is it relevant).

      1)I have both keystore and truststore set up in server.xml (clientauth=true)
      2)Communication with Web browsers works as expected
      3)Communication with java desktop application consuming web services started with

      -Djavax.net.ssl.keyStore ...
      works as expected
      4)Communication works fine over HTTP. But, when I switch WSDL address to https, I got error:

      ...
      SEND TLSv1 ALERT:
      [STDOUT] fatal,
      [STDOUT] description = certificate_unknown
      ...


      On "client" side log files I see (-Djavax.net.debug=ssl,handshake) "server" certificates as expected, but for for some reason they do not get authenticated.

      My latest tests are with running both "client" and "server" application on SAME jboss instance (so they are using the same trust/key stores, as they share server.xml), with the same result - "Client" does not trust "server" (itself?!)

      Does someone have similar configuration working? Any clue what might be wrong with my setup?

      If I run Jboss with:
      quote:-Djavax.net.ssl.keyStore=...


      I got service working. However, there are no certificates in request. The Same code triggered from desktop application brings results:
      MessageContext context = wsContext.getMessageContext();
       HttpServletRequest req = (HttpServletRequest)context.get(MessageContext.SERVLET_REQUEST) ;
       X509Certificate[] certificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
      


      Code:

      wsContext.getUserPrincipal()


      fires:

      No valid security context for the caller identity



      1)Why should I (again) provide the very same data to Jboss start up as I did on service.xml?

      2)Why is there no certificate data?

      Thanks.