• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Enable Security for JBoss + WS

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello JavaRanch,

I'm new here!
I'm using jboss-as-distribution-6.0.0.20100429-M3 + WS (axis 1.4)
I have to provide a secure way to transmit data from client to server. I've read that SSL with mutual authentication is a good way to provide it. But, if any body has a better sugestion on how to do it, let me know.
I'm trying to configure mutual authentication with BaseCertLoginModule
over SSL, but I'm getting the following errors:


**************************************************************************************
error at server side
17:19:26,812 DEBUG [org.apache.tomcat.util.net.JIoEndpoint] Handshake failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523) [:1.6]
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131) [:1.6]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:186)
at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1143)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
at java.lang.Thread.run(Thread.java:619) [:1.6.0_20]


error at client side
java.net.SocketException: Software caused connection abort: socket write error
**************************************************************************************

Here follows my configuration files

script to generate the keys
**************************************************************************************
set SERVER_DN="CN=server, OU=X, O=Y, L=Z, S=XY, C=YZ"
set CLIENT_DN="CN=client, OU=X, O=Y, L=Z, S=XY, C=YZ"
set KSDEFAULTS=-storepass changeit -storetype JKS
set KEYINFO=-keyalg RSA
keytool -genkey -dname %SERVER_DN% %KSDEFAULTS% -keystore server.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore server.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore client.ts -alias serverkey -noprompt
keytool -genkey -dname %CLIENT_DN% %KSDEFAULTS% -keystore client.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore client.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore server.ts -alias clientkey -noprompt
**************************************************************************************


file:${jboss.server.home.dir}/conf/server.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949e
Valid from: Mon Jan 17 17:12:30 BRST 2011 until: Sun Apr 17 16:12:30 BRT 2011
Certificate fingerprints:
MD5: 5A:56:DD:D8:5B:9E:94:55:77:7E:70:D3:AE:E5:0B:C5
SHA1: 14:B3:95:33:E7:D2:F3:BB:94:DA:E9:1C:38:8A:9F:03:1B:35:4E:8C
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file/${jboss.server.home.dir}/conf/server.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: clientkey
Creation date: 17/01/2011
Entry type: trustedCertEntry


Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949f
Valid from: Mon Jan 17 17:12:31 BRST 2011 until: Sun Apr 17 16:12:31 BRT 2011
Certificate fingerprints:
MD5: B2:C1:C8:9A:BB:84:F0:79:03:68:91:89:20:EC:85:CF
SHA1: C5:BC:7A:7D:E6:0E:5E:D4:1F:D9:BC:56:D3:91:20:A3:25:09:B2:2A
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file:c:/client.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a5
Valid from: Mon Jan 17 14:09:09 BRST 2011 until: Sun Apr 17 13:09:09 BRT 2011
Certificate fingerprints:
MD5: 91:57:82:07:38:34:C5:1F:AB:5C:0D:51:65:DB:5B:B0
SHA1: 7D:12:14:E1:75:78:E3:79:1B:62:B6:A3:17:A9:FA:11:51:A7:69:06
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file:c:/client.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: serverkey
Creation date: 17/01/2011
Entry type: trustedCertEntry


Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a4
Valid from: Mon Jan 17 14:09:08 BRST 2011 until: Sun Apr 17 13:09:08 BRT 2011
Certificate fingerprints:
MD5: 99:9F:51:27:BA:40:C1:91:14:B6:1B:36:EB:39:4F:57
SHA1: 7A:98:0E:B5:99:2A:4A:41:6D:CC:D3:90:4D:AB:3A:93:81:87:AE:B8
Signature algorithm name: SHA1withRSA
Version: 3
**************************************************************************************


file:${jboss.server.home.dir}/deploy/interligation-service.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/deploy/jbossweb.sar/server.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/conf/login-config.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/conf/props/interligation-users.properties
**************************************************************************************
CN\=server,\ OU\=X,\ O\=Y,\ L\=Z,\ ST\=XY,\ C\=YZ=JBossAdmin
admin=JBossAdmin
**************************************************************************************


file:${jboss.server.home.dir}/conf/props/interligation-roles.properties
**************************************************************************************
admin=JBossAdmin,HttpInvoker
**************************************************************************************


file:$webapp/WebContent/web.xml
**************************************************************************************

**************************************************************************************


file:$webapp/WebContent/jboss-web.xml
**************************************************************************************

**************************************************************************************


file:$clientapp/client-config.wsdd
**************************************************************************************

**************************************************************************************
Thanks for advice,
Alan
 
Alan Prado
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello again!!!
I was passing wrong port to server, than connector was redirecting to http instead of https.
But now I'm getting this following error:

server side:
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545289296 sessioncount 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545289296 sessioncount 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:39,765 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /datacenter/services/InterligationServiceController
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against POST /services/InterligationServiceController --> true
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against POST /services/InterligationServiceController --> true
15:41:39,765 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Redirecting to https://127.0.0.1:8443/datacenter/services/InterligationServiceController
15:41:39,781 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed hasUserDataPermission() test
15:41:49,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545309296 sessioncount 0
15:41:49,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:49,812 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_3] - TORecoveryModule - first pass
15:41:49,968 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - first pass
15:41:59,968 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_6] - TORecoveryModule - second pass
15:41:59,968 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.secondpass] Local XARecoveryModule - second pass

client-side:
(302)Moved Temporarily

Thanks for advice,
Alan
reply
    Bookmark Topic Watch Topic
  • New Topic