[jbossws-users] [JBossWS] - Need help: Errors during SSL connection

d.behrwind do-not-reply at jboss.com
Fri Jun 27 09:09:41 EDT 2008 

Hi,

I'm using Seam 2.0.2.SP1 on JBossAS 4.2.2.GA and want to publish some web services. Communication shall be encrypted using SSL. So I'm trying to follow  the instructions at http://jbws.dyndns.org/mediawiki/index.php?title=Secure_transport.

After finally getting the server running with SSL, my client is now unable to connect. 

If I configure the SSL connector in the server.xml as suggested in the article:
<Connector port="8443" address="${jboss.bind.address}"
  |         maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
  |         scheme="https" secure="true" clientAuth="want"
  |         keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore" 
  |         keystorePass="symtaweb"
  |         truststoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\wsse.keystore" 
  |         truststorePass="symtaweb"
  |         sslProtocol = "TLS" /> 
the result is:
Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
  | 	at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119)
  | 	at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:128)
  | 	at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422)
  | 	at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235)
  | 	at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
  | 	at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
  | 	at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
  | 	at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
  | 	at $Proxy29.login(Unknown Source)
  | 	at com.symtavision.test.jbossws.Test.main(Test.java:32)
  | Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
  | 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
  | 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
  | 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
  | 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
  | 	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
  | 	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
  | 	at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
  | 	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
  | 	at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:107)
  | 	... 13 more
  | Caused by: java.io.EOFException: SSL peer shut down incorrectly
  | 	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
  | 	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
  | 	... 21 more
  | 

And when using the default configuration:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  |                maxThreads="150" scheme="https" secure="true"
  |                clientAuth="false" sslProtocol="TLS"
  | 		   keystoreFile="C:\Entwicklung\jboss-4.2.2.GA\server\default\conf\keystores\.keystore" 
  | 		   keystorePass="symtaweb" />
I get this: 

Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: request requires HTTP authentication: Unauthorized
  | 	at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:197)
  | 	at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:137)
  | 	at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:74)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:581)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:540)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:525)
  | 	at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:422)
  | 	at com.sun.xml.internal.ws.client.Stub.process(Stub.java:235)
  | 	at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:120)
  | 	at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:230)
  | 	at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:210)
  | 	at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:103)
  | 	at $Proxy29.login(Unknown Source)
  | 	at com.symtavision.test.jbossws.Test.main(Test.java:32)

I'm setting the required system properties programmatically instead of using XML configuration:

public static void main(String[] args) {
  | 
  | 		System.setProperty("javax.net.ssl.keyStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore");
  | 		System.setProperty("javax.net.ssl.trustStore", "C:/Entwicklung/jboss-4.2.2.GA/server/default/conf/keystores/.keystore");
  | 		System.setProperty("javax.net.ssl.keyStorePassword", "symtaweb");
  | 		System.setProperty("javax.net.ssl.trustStorePassword", "symtaweb"); 
  | 		System.setProperty("javax.net.ssl.keyStoreType", "jks");
  | 		System.setProperty("javax.net.ssl.trustStoreType", "jks");
  | 
  | 		// obtain proxy
  | 		LoginService loginService = new LoginServiceService()
  | 				.getLoginServicePort();
  | 
  | 		// maintain Session
  | 		((BindingProvider) loginService).getRequestContext().put(
  | 				BindingProvider.SESSION_MAINTAIN_PROPERTY, true);
  | 
  | 		// *** regular method calls *** //
  | 
  | 		System.out.println("logging in... \n \t success: "
  | 				+ loginService.login("daniel", ""));
  | 
  | 		System.out.println("still logged in?\n\t" + loginService.isLoggedin());
  | 
  | 		System.out.println("logging out... \n \t success: "
  | 				+ loginService.logout());
  | 
  | 		System.out.println("still logged in?\n\t" + loginService.isLoggedin());
  | 
  | 	}

And I was not able to set the @SecurityDomain("JBossWS") annotation in the server class. (I don't know which jar to import ...)

Tanks for any help!

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4161151#4161151

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4161151

More information about the jbossws-users mailing list