[jboss-user] [Security & JAAS/JBoss] - HTTP/1.1 400 No client certificate chain in this request
JGBedell
do-not-reply at jboss.com
Wed Nov 19 15:27:14 EST 2008
Our setup:
We have an Axis2 1.3 web service client hitting a 3rd party web service running on a JBoss server w/ Apache Coyote. We do not know what package(s) were used to developer the server-side.
We need to connect via SSL using certificate authentication.
The basic payload of the web service is a series of updates. Our client code runs once per day, grabs any updates in our system since the last run, and sends them on to the server's web service. We can have anywhere from 0 to a few hundred updates to send.
The problem comes with the amount of updates we have to send. If we only have a few (1-3) everything runs fine. We send our data up, we authenticate properly and receive a successful return from the server. At around 4 or 5 updates (depending on the actual amount of data in the updates) or rather once we cross 4096 bytes in the request body, we start receiving errors. If we up it a bit more, say 10 or more updates, we receive a different error. We've done some investigation and found several suggestions to turn off HTTP Chunking in the request. We've done that and we still get the error. We've also tried swapping to HTTP 1.0, as well as increasing the maxHttpHeaderSize on the server-side JBoss Connector. All with no luck. We attempted to use TCPMON to watch the transactions go across, but when we turned SSL and Certificate Authentication off (as we understand is needed for TCPMON to work), everything worked fine.
We do have a local copy of the 3rd party server that we are testing against and can make configuration changes to Coyote/JBoss if needed for testing. However, we have no access to the server-side web service code, other than through decompliation.
Any help or pointers anyone can offer would be greatly appreciated.
Results with 4-5 updates
The header:
| 2008/11/18 16:33:58:081 EST [DEBUG] header - << "HTTP/1.1 500 Internal Server Error[\r][\n]"
| 2008/11/18 16:33:58:081 EST [DEBUG] header - << "Server: Apache-Coyote/1.1[\r][\n]"
| 2008/11/18 16:33:58:081 EST [DEBUG] header - << "X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
| [\r][\n]"
| 2008/11/18 16:33:58:081 EST [DEBUG] header - << "Content-Type: text/xml;charset=utf-8[\r][\n]"
| 2008/11/18 16:33:58:081 EST [DEBUG] header - << "Transfer-Encoding: chunked[\r][\n]"
| 2008/11/18 16:33:58:081 EST [DEBUG] header - << "Date: Tue, 18 Nov 2008 21:32:38 GMT[\r][\n]"
| 2008/11/18 16:33:58:081 EST [DEBUG] header - << "Connection: close[\r][\n]"
|
The body:
| <S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
| <faultcode>S:Server</faultcode>
| <faultstring>javax.xml.soap.SOAPException: com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block in start tag
| [\n] at [row,col {unknown-source}]: [1,4096]</faultstring>
| <detail>
| <ns2:exception xmlns:ns2="http://jax-ws.dev.java.net/" class="javax.xml.ws.WebServiceException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
| <message>javax.xml.soap.SOAPException: com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block in start tag
| [\n] at [row,col {unknown-source}]: [1,4096]</message>
| <ns2:stackTrace><ns2:frame class="com.sun.xml.ws.handler.SOAPMessageContextImpl" file="SOAPMessageContextImpl.java" line="81" method="getMessage"/>
| <ns2:frame class="com.theirpackage.utils.logging.SOAPLoggingHandler" file="SOAPLoggingHandler.java" line="73" method="log"/>
| ...
| <ns2:cause class="javax.xml.soap.SOAPException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
| <message>com.ctc.wstx.exc.WstxEOFException: Unexpected end of input block in start tag
| [\n] at [row,col {unknown-source}]: [1,4096]</message>
| <ns2:stackTrace>
| <ns2:frame class="com.sun.xml.ws.message.AbstractMessageImpl" file="AbstractMessageImpl.java" line="195" method="readAsSOAPMessage"/>
|
| <ns2:frame class="com.sun.xml.ws.handler.SOAPMessageContextImpl" file="SOAPMessageContextImpl.java" line="79" method="getMessage"/>
| <ns2:frame class="com.theirpackage.utils.logging.SOAPLoggingHandler" file="SOAPLoggingHandler.java" line="73" method="log"/>
| ...
| <ns2:cause class="org.xml.sax.SAXParseException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
| <message>Unexpected end of input block in start tag
| [\n] at [row,col {unknown-source}]: [1,4096]</message>
| <ns2:stackTrace>
| <ns2:frame class="com.sun.xml.ws.message.stream.StreamMessage" file="StreamMessage.java" line="378" method="writePayloadTo"/>
| <ns2:frame class="com.sun.xml.ws.message.stream.StreamMessage" file="StreamMessage.java" line="459" method="writeTo"/>
| <ns2:frame class="com.sun.xml.ws.message.AbstractMessageImpl" file="AbstractMessageImpl.java" line="193" method="readAsSOAPMessage"/>
| <ns2:frame class="com.sun.xml.ws.handler.SOAPMessageContextImpl" file="SOAPMessageContextImpl.java" line="79" method="getMessage"/>
| <ns2:frame class="com.theirpackage.utils.logging.SOAPLoggingHandler" file="SOAPLoggingHandler.java" line="73" method="log"/>
| ...
|
Results with 6+ updates
The header:
| 2008/11/18 16:44:36:596 EST [DEBUG] header - << "HTTP/1.1 400 No client certificate chain in this request[\r][\n]"
| 2008/11/18 16:44:36:596 EST [DEBUG] header - << "Server: Apache-Coyote/1.1[\r][\n]"
| 2008/11/18 16:44:36:596 EST [DEBUG] header - << "Content-Type: text/html;charset=utf-8[\r][\n]"
| 2008/11/18 16:44:36:596 EST [DEBUG] header - << "Content-Length: 1094[\r][\n]"
| 2008/11/18 16:44:36:596 EST [DEBUG] header - << "Date: Tue, 18 Nov 2008 21:43:17 GMT[\r][\n]"
| 2008/11/18 16:44:36:596 EST [DEBUG] header - << "Connection: close[\r][\n]"
|
The body:
| <html>
| <head>
| <title>JBossWeb/2.0.1.GA - Error report</title>
| <style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
| </head>
| <body>
| <h1>HTTP Status 400- No client certificate chain in this request</h1>
| <HR size="1" noshade="noshade">
| <p><b>type</b> Status report</p>
| <p><b>message</b><u>No client certificate chain in this request</u></p>
| <p><b>description</b>
| <u>The request sent by the client was syntactically incorrect (No client certificate chain in this request).</u>
| </p>
| <HR size="1" noshade="noshade">
| <h3>JBossWeb/2.0.1.GA</h3>
| </body>
| </html>
|
Obviously the return body on the 6+ case is unparsable and throws an error in Axis2 when it tries to parse that response:
| 2008/11/18 16:44:36:643 EST [INFO] BuilderUtil - OMException in getSOAPBuilder <org.apache.axiom.soap.SOAPProcessingException: First Element must contain the local name, Envelope , but found html>org.apache.axiom.soap.SOAPProcessingException: First Element must contain the local name, Envelope , but found html
| at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.constructNode(StAXSOAPModelBuilder.java:219)
| at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.createOMElement(StAXSOAPModelBuilder.java:177)
| at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:163)
| at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
| at org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
| ...
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190626#4190626
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190626
More information about the jboss-user
mailing list