[jboss-user] [EJB 3.0] - Re: EJB with SSL does not work with JBoss AS 4.2.2
jaikiran
do-not-reply at jboss.com
Mon May 5 12:21:45 EDT 2008
"jthinaka" wrote : Jaikiran,
| Thanks for your reply, however we need to have 0.0.0.0 set because our server has multiple addresses and needs to be accessible by all of them. So even if the fix worked, it would not really work for us.
|
| Dave,
| Thanks for posting, if it helps, your experience is exactly like mine, which in some way or form is heartening. Let's hope the Jboss dev group finds a resolution soon.
|
| Cheers to both of you.
| TJ
I was able to reproduce this on my local JBoss-4.2.2 setup and even able to get it working after knowing what was going wrong (atleast in my case).
Steps to reproduce this exception:
1) Start with this guide http://docs.jboss.org/ejb3/app-server/reference/build/reference/en/html/transport.html. I guess, everyone in this thread too has followed the same.
2) My SLSB looks like this:
| package org.myapp.ejb.impl;
|
| import javax.annotation.Resource;
| import javax.ejb.Remote;
| import javax.ejb.Stateless;
| import javax.persistence.EntityManager;
|
| import org.jboss.annotation.ejb.RemoteBinding;
| import org.jboss.annotation.ejb.RemoteBindings;
| import org.myapp.ejb.AppManager;
|
| @Stateless
| @Remote ({AppManager.class})
| @RemoteBindings({
| @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="AppManagerBeanSSL"),
| @RemoteBinding(jndiBinding="AppManagerBeanNormal")
| })
| public class AppManagerBean implements AppManager {
|
|
| public String getVersion() {
|
| return "1.0";
| }
|
|
| }
|
3) Modified the jboss-service.xml in %JBOSS_HOME%\server\< serverName>\deploy\ejb3.deployer\ejb3.deployer\META-INF folder to add (as mentioned in that doc):
| <mbean code="org.jboss.remoting.transport.Connector"
| name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
| <depends>jboss.aop:service=AspectDeployer</depends>
| <attribute name="InvokerLocator">sslsocket://${jboss.bind.address}:3843</attribute>
| <attribute name="Configuration">
| <handlers>
| <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
| </handlers>
| </attribute>
| </mbean>
4) Created the keystore and truststore files and started JBoss passing it the keystore filename and password:
| run.bat -c jaikiran -b 0.0.0.0 -Djavax.net.ssl.keyStore=C:\jdk1.5.0_07\bin\localhost.keystore -Djavax.net.ssl.keyStorePassword=opensource
5) Wrote a simple standalone client to use the AppManagerBean:
| package org.myapp.core;
|
| import javax.naming.Context;
| import javax.naming.InitialContext;
|
| import org.myapp.ejb.AppManager;
|
| public class SSLBeanLookup {
|
| public static void main(String args[]) {
| try {
|
|
| Context ctx = new InitialContext();
|
| AppManager appManagerSSL = (AppManager) ctx.lookup("AppManagerBeanSSL");
| System.out.println("AppManager : " + appManagerSSL);
| System.out.println("AppManager version returned is : " + appManagerSSL.getVersion());
|
| } catch(Exception e) {
| e.printStackTrace();
| }
| }
|
| }
|
6) Ran this standalone client without passing any parameters:
java org.myapp.core.SSLBeanLookup
The client failed with the exact same exception as mentioned in this thread. The server side also showed the similar exception:
| 2008-05-05 20:19:44,569 ERROR [org.jboss.remoting.transport.socket.ServerThread] Worker thread initialization failure
| java.lang.reflect.InvocationTargetException
| at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
| at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
| at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
| at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
| at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
| at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
| at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
| Caused by: java.net.SocketException: Socket Closed
| at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
| at java.net.Socket.setSoTimeout(Socket.java:988)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:1971)
| at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
| at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:171)
| at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
| at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
| ... 7 more
|
I then downloaded the JBossRemoting source code and a bit of debugging and modification to the code (to print out the exception) showed exactly what was going wrong. I changed the ClientSocketWrapper to catch and print out the exception:
try
| {
| out = createOutputStream(serializationType, socket, marshaller);
| in = createInputStream(serializationType, socket, unmarshaller);
| } catch (Exception e) {
| //Jaikiran: Added this catch block for debugging
| System.out.println("Exception caught " + e);
| e.printStackTrace();
| }
| finally
| {
| setTimeout(savedTimeout);
| log.debug("reset timeout: " + savedTimeout);
| }
Turns out, the root cause of this exception is this:
| 2008-05-05 20:19:44,569 ERROR [org.jboss.remoting.transport.socket.ServerThread] Worker thread initialization failure
| java.lang.reflect.InvocationTargetException
| at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
| at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
| at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
| at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
| at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
| at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
| at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
| Caused by: java.net.SocketException: Socket Closed
| at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
| at java.net.Socket.setSoTimeout(Socket.java:988)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:1971)
| at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
| at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:171)
| at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
| at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
| ... 7 more
|
| .................
| .................
| 2008-05-05 20:20:34,711 INFO [STDOUT] Exception caught javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
| 2008-05-05 20:20:36,149 ERROR [STDERR] javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
| 2008-05-05 20:20:36,149 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
| 2008-05-05 20:20:36,149 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
| 2008-05-05 20:20:36,149 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.ObjectOutputStream$BlockDataOutputStream.flush(ObjectOutputStream.java:1628)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.ObjectOutputStream.flush(ObjectOutputStream.java:666)
| 2008-05-05 20:20:36,164 ERROR [STDERR] at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:90)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:72)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ClientSocketWrapper.createOutputStream(ClientSocketWrapper.java:207)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:163)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
| 2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
| 2008-05-05 20:20:36,196 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
| 2008-05-05 20:20:36,196 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
|
This exception provides enough clues.
How to fix this:
Pass the truststore file and truststore password -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword arguments when running the standalone client:
| java org.myapp.core.SSLBeanLookup -Djavax.net.ssl.trustStore=C:\jdk1.5.0_07\bin\localhost.truststore -Djavax.net.ssl.trustStorePassword=opensource
That's it. With these arguments passed to the client, i got my expected output without any exceptions.
The whole confusion is because of the original exception stacktrace not being clear enough.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4148646#4148646
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4148646
More information about the jboss-user
mailing list