This week's book giveaway is in the HTML Pages with CSS and JavaScript forum.
We're giving away four copies of Testing JavaScript Applications and have Lucas da Costa on-line!
See this thread for details.
Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Enable Security for JBoss + WS

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello JavaRanch,

I'm new here!
I'm using jboss-as-distribution-6.0.0.20100429-M3 + WS (axis 1.4)
I have to provide a secure way to transmit data from client to server. I've read that SSL with mutual authentication is a good way to provide it. But, if any body has a better sugestion on how to do it, let me know.
I'm trying to configure mutual authentication with BaseCertLoginModule
over SSL, but I'm getting the following errors:


**************************************************************************************
error at server side
17:19:26,812 DEBUG [org.apache.tomcat.util.net.JIoEndpoint] Handshake failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523) [:1.6]
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131) [:1.6]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:186)
at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1143)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
at java.lang.Thread.run(Thread.java:619) [:1.6.0_20]


error at client side
java.net.SocketException: Software caused connection abort: socket write error
**************************************************************************************

Here follows my configuration files

script to generate the keys
**************************************************************************************
set SERVER_DN="CN=server, OU=X, O=Y, L=Z, S=XY, C=YZ"
set CLIENT_DN="CN=client, OU=X, O=Y, L=Z, S=XY, C=YZ"
set KSDEFAULTS=-storepass changeit -storetype JKS
set KEYINFO=-keyalg RSA
keytool -genkey -dname %SERVER_DN% %KSDEFAULTS% -keystore server.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore server.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore client.ts -alias serverkey -noprompt
keytool -genkey -dname %CLIENT_DN% %KSDEFAULTS% -keystore client.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore client.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore server.ts -alias clientkey -noprompt
**************************************************************************************


file:${jboss.server.home.dir}/conf/server.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949e
Valid from: Mon Jan 17 17:12:30 BRST 2011 until: Sun Apr 17 16:12:30 BRT 2011
Certificate fingerprints:
MD5: 5A:56:DD:D8:5B:9E:94:55:77:7E:70:D3:AE:E5:0B:C5
SHA1: 14:B3:95:33:E7:D2:F3:BB:94:DA:E9:1C:38:8A:9F:03:1B:35:4E:8C
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file/${jboss.server.home.dir}/conf/server.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: clientkey
Creation date: 17/01/2011
Entry type: trustedCertEntry


Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949f
Valid from: Mon Jan 17 17:12:31 BRST 2011 until: Sun Apr 17 16:12:31 BRT 2011
Certificate fingerprints:
MD5: B2:C1:C8:9A:BB:84:F0:79:03:68:91:89:20:EC:85:CF
SHA1: C5:BC:7A:7D:E6:0E:5E:D4:1F:D9:BC:56:D3:91:20:A3:25:09:B2:2A
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file:c:/client.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a5
Valid from: Mon Jan 17 14:09:09 BRST 2011 until: Sun Apr 17 13:09:09 BRT 2011
Certificate fingerprints:
MD5: 91:57:82:07:38:34:C5:1F:AB:5C:0D:51:65:DB:5B:B0
SHA1: 7D:12:14:E1:75:78:E3:79:1B:62:B6:A3:17:A9:FA:11:51:A7:69:06
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file:c:/client.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: serverkey
Creation date: 17/01/2011
Entry type: trustedCertEntry


Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a4
Valid from: Mon Jan 17 14:09:08 BRST 2011 until: Sun Apr 17 13:09:08 BRT 2011
Certificate fingerprints:
MD5: 99:9F:51:27:BA:40:C1:91:14:B6:1B:36:EB:39:4F:57
SHA1: 7A:98:0E:B5:99:2A:4A:41:6D:CC:D3:90:4D:AB:3A:93:81:87:AE:B8
Signature algorithm name: SHA1withRSA
Version: 3
**************************************************************************************


file:${jboss.server.home.dir}/deploy/interligation-service.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/deploy/jbossweb.sar/server.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/conf/login-config.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/conf/props/interligation-users.properties
**************************************************************************************
CN\=server,\ OU\=X,\ O\=Y,\ L\=Z,\ ST\=XY,\ C\=YZ=JBossAdmin
admin=JBossAdmin
**************************************************************************************


file:${jboss.server.home.dir}/conf/props/interligation-roles.properties
**************************************************************************************
admin=JBossAdmin,HttpInvoker
**************************************************************************************


file:$webapp/WebContent/web.xml
**************************************************************************************

**************************************************************************************


file:$webapp/WebContent/jboss-web.xml
**************************************************************************************

**************************************************************************************


file:$clientapp/client-config.wsdd
**************************************************************************************

**************************************************************************************
Thanks for advice,
Alan
 
Alan Prado
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello again!!!
I was passing wrong port to server, than connector was redirecting to http instead of https.
But now I'm getting this following error:

server side:
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545289296 sessioncount 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545289296 sessioncount 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:39,765 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /datacenter/services/InterligationServiceController
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against POST /services/InterligationServiceController --> true
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against POST /services/InterligationServiceController --> true
15:41:39,765 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Redirecting to https://127.0.0.1:8443/datacenter/services/InterligationServiceController
15:41:39,781 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed hasUserDataPermission() test
15:41:49,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545309296 sessioncount 0
15:41:49,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:49,812 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_3] - TORecoveryModule - first pass
15:41:49,968 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - first pass
15:41:59,968 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_6] - TORecoveryModule - second pass
15:41:59,968 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.secondpass] Local XARecoveryModule - second pass

client-side:
(302)Moved Temporarily

Thanks for advice,
Alan
 
I am Arthur, King of the Britons. And this is a tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic