[jboss-user] [Security & JAAS/JBoss] - Ejb3 Consuming Web Services over SSL-(JBoss) issues

dejanmr do-not-reply at jboss.com
Wed Dec 24 11:49:40 EST 2008 

App sever jboss-4.2.3.GA - Ejb is consuming Web services using @WebServiceRef (from another application @WebServces bean, I am not sure is it relevant).

1)I have both keystore and truststore set up in server.xml (clientauth=true)
2)Communication with Web browsers works as expected
3)Communication with java desktop application consuming web services started with anonymous wrote : -Djavax.net.ssl.keyStore ...  works as expected
4)Communication works fine over HTTP. But, when I switch WSDL address to https, I got error:

anonymous wrote : ...
  | SEND TLSv1 ALERT:
  | [STDOUT] fatal,
  | [STDOUT] description = certificate_unknown
  | ...

On "client" side log files I see (-Djavax.net.debug=ssl,handshake) "server" certificates as expected, but for for some reason they do not get authenticated.

My latest tests are with running both "client" and "server" application on SAME jboss instance (so they are using the same trust/key stores, as they share server.xml), with the same result - "Client" does not trust "server" (itself?!)

Does someone have similar configuration working? Any clue what might be wrong with my setup? 

If I run Jboss with:
anonymous wrote :     quote:-Djavax.net.ssl.keyStore=... 

I got service working. However, there are no certificates in request. The  Same code triggered from desktop application brings results:
MessageContext context = wsContext.getMessageContext();
  |  HttpServletRequest req = (HttpServletRequest)context.get(MessageContext.SERVLET_REQUEST) ;
  |     X509Certificate[] certificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
  | 

Code:

    wsContext.getUserPrincipal() 

fires:

anonymous wrote : No valid security context for the caller identity


1)Why should I (again) provide the very same data to Jboss start up as I did on service.xml?

2)Why is there no certificate data? 

Thanks.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4198474#4198474

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4198474

More information about the jboss-user mailing list