Claudio Miranda [https://community.jboss.org/people/Claudio4J] created the discussion "Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side" To view the discussion, visit: https://community.jboss.org/message/723623#723623 -------------------------------------------------------------- Firefox answer: HTTP GET not supported I tried with soapUI The request POST http://localhost:8080/jaas-cert/PesquisarUsuarioEjbService HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "" User-Agent: Jakarta Commons-HttpClient/3.1 Host: localhost:8080 Content-Length: 2966    MIICTzCCAbigAwIBAgIET1e6ozANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJCUjELMAkGA1UECBMCREYxETAPBgNVBAcTCEJyYXNpbGlhMRIwEAYDVQQKDAltaW5fc2F1ZGUxEDAOBgNVBAsTB2RhdGFzdXMxFzAVBgNVBAMTDmpib3Nzd3MgY2xpZW50MB4XDTEyMDMwNzE5NDQzNVoXDTEyMDYwNTE5NDQzNVowbDELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAkRGMREwDwYDVQQHEwhCcmFzaWxpYTESMBAGA1UECgwJbWluX3NhdWRlMRAwDgYDVQQLEwdkYXRhc3VzMRcwFQYDVQQDEw5qYm9zc3dzIGNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhd2XAXxR0FGcyoVGAGW/1nUz33TBQBQBjkJm+hrN6/kUJz8yDueLnuFc5YcJVSPGOLubVaRYudt5o8+iKMHDZPvBywv2SpExKcW8MRpocYsAyrPTASoUX4Mj/Ca5PPIcBpaZqEniI7Zj8LkXnPtSAwOOvCPco1ibclndognp4YECAwEAATANBgkqhkiG9w0BAQUFAAOBgQBC4k6AAf6CwS8d3fNKB8XS4hiOrIGvwtNPjiWAV+ipORsNRiP0s4PjXJdWTK9RhHQc6/KyuYKFU7z1fzShJtYBP3gqBHTo+9kTVkRX/uwcDmIrHnCUlyz5eF1Aj/aFMhrAxidZSrGCcPEbWcJbpE2bF0Xde8UbdTtbqG1WLNOKCw==GVCdFu+VnbtIEdnHBr3p7iqT7/odF56knHdMCp6mpFTMUR+8gHLZoyzIlkxHHhR8S1ho8KVVH9ryg/e4qDiJ6X9Mvlf+DjF+K2lTk/xNeRqCKYwtcjlORvgpQide+yMamPUncyV/2dQD/mWQxq2/Vu7qWI+pkHYJKA5oEShuCx8=   JIwUK/+kt/RL0tV/s38N9/LpNgb7jRe6NUPRWY6lyOqI9Sz2WRtzGZDCEtp5gl/I2sS5b2KtG8h1 grhGfO9GzsZOXOo6q5ZM3rVeIdfOqBzOCdU1J66Omn0C/Ox9faNTgufViyzEkzdTyeIHpOgK96ke EaSTCM4oVhwO8K4pb77FejJtOe2rFXz7rJDw2T/wogPGasdGwzboXXFu4ZAoqAXvzxKEO4QSSzxi b5X7CSNwy0Ev28yF6y0LoX0lodk8MbAb9E6v0KEgoi4tgkwMvIbRHce7W7QWE6hvD8j1c4qZW0EJ auqyzFVfRT54Ys1lg8za3c687G7NDpW5q04RaOjHN4inQ1f14q7fbOBiBO0= The response HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 Content-Type: text/html;charset=utf-8 Content-Length: 1099 Date: Tue, 13 Mar 2012 21:58:13 GMT <html><head><title>JBoss Web/2.1.12.GA-patch-01 - Error report</title></head> <body><h1>*HTTP Status 401 - No client certificate chain in this request*</h1> <HR size="1" noshade="noshade"><p><b>type</b> Status report</p> <p><b>message</b> <u>*No client certificate chain in this request*</u></p><p><b>description</b> <u>*This request requires HTTP authentication (No client certificate chain in this request).*</u></p> <HR size="1" noshade="noshade"><h3>JBoss Web/2.1.12.GA-patch-01</h3></body></html> -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/723623#723623] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Claudio Miranda [https://community.jboss.org/people/Claudio4J] created the discussion "Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side" To view the discussion, visit: https://community.jboss.org/message/723765#723765 -------------------------------------------------------------- Also, the client code uses the Standard WSSecurity Client.         StubExt stubExt = (StubExt) wsPesq;         stubExt.setConfigName("Standard WSSecurity Client"); DEBUG [main] - Create new config [name=Standard Client,file=META-INF/standard-jaxws-client-config.xml] DEBUG [main] - getConfig: [name=Standard Client,url=META-INF/standard-jaxws-client-config.xml] DEBUG [main] - parse: file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/standard-jaxws-client-config.xml DEBUG [main] - Create new config [name=*Standard WSSecurity Client*,file=META-INF/standard-jaxws-client-config.xml] DEBUG [main] - getConfig: [name=*Standard WSSecurity Client*,url=*META-INF/standard-jaxws-client-config.xml*] DEBUG [main] - parse: *file:/home/claudio/alphaworks/projects/myapp/jaas/jaas-ms-client/bin/META-INF/standard-jaxws-client-config.xml* Is that incorrect ? I modified as below, but didn't work, the exception is the same. * * -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/723765#723765] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Claudio Miranda [https://community.jboss.org/people/Claudio4J] created the discussion "Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side" To view the discussion, visit: https://community.jboss.org/message/723808#723808 -------------------------------------------------------------- I see from the client log that "Standard WSSecurity Client" is picked up, see previous comment. Do you think there is something missing from the server side ? Thanks for your help. -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/723808#723808] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]

spyhunter99 [https://community.jboss.org/people/spyhunter99] created the discussion "Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side" To view the discussion, visit: https://community.jboss.org/message/724171#724171 -------------------------------------------------------------- can you verify the following? from the service side, confirm that there is a certificate that can be used by the service and that the trust store contains the issuing certificate authority for the certificate used by the client from the client side, confifrm  that there is a certificate that can be used by the client and that the trust store contains the issuing certificate authority for the certificate used by the service from login-config.xml of jboss, what does UserCertPolicy look like? the @SecurityDomain ties the security context back to the login-config.xml, useful for http authentication but I'm not sure what effect it would have for you, because you are trying to do message level authentication, not transport. I'd suggest commenting that out and trying again And what does this class look like? what does it do? br.com.myapp.jaas.spi.SubjectMapper -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/724171#724171] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]

spyhunter99 [https://community.jboss.org/people/spyhunter99] created the discussion "Re: @WS with CLIENT-CERT throws Invalid HTTP server response [401] - Unauthorized on client side" To view the discussion, visit: https://community.jboss.org/message/724442#724442 -------------------------------------------------------------- Alright, I have an idea download a copy of tcpmon here http://code.google.com/p/tcpmon/ http://code.google.com/p/tcpmon/ try directing the client at that. maybe you'll get some more information. I think the problem is with the server/service's configuration. You can try turning on remote debugging on your jboss server, attach to it and set break points at every entry point in your code, especially the authorization pieces. worse case scenario, download the source for your version of jbossws and then set break points with that. There's some example code/smoke tests in there as well that may help you model your service after for this specific task. In addition, I'd suggest you try searching the issue tracker to see if there is anything related to this and your version of jbossws. Make sure you're running the latest version supported by your container version -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/724442#724442] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]