aspose file tools*
The moose likes Security and the fly likes Enable Security for JBoss + WS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Enable Security for JBoss + WS" Watch "Enable Security for JBoss + WS" New topic
Author

Enable Security for JBoss + WS

Alan Prado
Greenhorn

Joined: Jan 20, 2011
Posts: 2
Hello JavaRanch,

I'm new here!
I'm using jboss-as-distribution-6.0.0.20100429-M3 + WS (axis 1.4)
I have to provide a secure way to transmit data from client to server. I've read that SSL with mutual authentication is a good way to provide it. But, if any body has a better sugestion on how to do it, let me know.
I'm trying to configure mutual authentication with BaseCertLoginModule
over SSL, but I'm getting the following errors:


**************************************************************************************
error at server side
17:19:26,812 DEBUG [org.apache.tomcat.util.net.JIoEndpoint] Handshake failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523) [:1.6]
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147) [:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131) [:1.6]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:186)
at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1143)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
at java.lang.Thread.run(Thread.java:619) [:1.6.0_20]


error at client side
java.net.SocketException: Software caused connection abort: socket write error
**************************************************************************************

Here follows my configuration files

script to generate the keys
**************************************************************************************
set SERVER_DN="CN=server, OU=X, O=Y, L=Z, S=XY, C=YZ"
set CLIENT_DN="CN=client, OU=X, O=Y, L=Z, S=XY, C=YZ"
set KSDEFAULTS=-storepass changeit -storetype JKS
set KEYINFO=-keyalg RSA
keytool -genkey -dname %SERVER_DN% %KSDEFAULTS% -keystore server.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore server.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore client.ts -alias serverkey -noprompt
keytool -genkey -dname %CLIENT_DN% %KSDEFAULTS% -keystore client.ks %KEYINFO% -keypass changeit
keytool -export -file temp$.cer %KSDEFAULTS% -keystore client.ks
keytool -import -file temp$.cer %KSDEFAULTS% -keystore server.ts -alias clientkey -noprompt
**************************************************************************************


file:${jboss.server.home.dir}/conf/server.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949e
Valid from: Mon Jan 17 17:12:30 BRST 2011 until: Sun Apr 17 16:12:30 BRT 2011
Certificate fingerprints:
MD5: 5A:56D8:5B:9E:94:55:77:7E:703:AE:E5:0B:C5
SHA1: 14:B3:95:33:E72:F3:BB:94A:E9:1C:38:8A:9F:03:1B:35:4E:8C
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file/${jboss.server.home.dir}/conf/server.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: clientkey
Creation date: 17/01/2011
Entry type: trustedCertEntry


Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d34949f
Valid from: Mon Jan 17 17:12:31 BRST 2011 until: Sun Apr 17 16:12:31 BRT 2011
Certificate fingerprints:
MD5: B2:C1:C8:9A:BB:84:F0:79:03:68:91:89:20:EC:85:CF
SHA1: C5:BC:7A:7D:E6:0E:5E4:1F9:BC:563:91:20:A3:25:09:B2:2A
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file:c:/client.ks
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: mykey
Creation date: 17/01/2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=client, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a5
Valid from: Mon Jan 17 14:09:09 BRST 2011 until: Sun Apr 17 13:09:09 BRT 2011
Certificate fingerprints:
MD5: 91:57:82:07:38:34:C5:1F:AB:5C:0D:51:65B:5B:B0
SHA1: 7D:12:14:E1:75:78:E3:79:1B:62:B6:A3:17:A9:FA:11:51:A7:69:06
Signature algorithm name: SHA1withRSA
Version: 3




**************************************************************************************


file:c:/client.ts
**************************************************************************************
Keystore type: JKS
Keystore provider: SUN


Your keystore contains 1 entry


Alias name: serverkey
Creation date: 17/01/2011
Entry type: trustedCertEntry


Owner: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Issuer: CN=server, OU=X, O=Y, L=Z, ST=XY, C=YZ
Serial number: 4d3469a4
Valid from: Mon Jan 17 14:09:08 BRST 2011 until: Sun Apr 17 13:09:08 BRT 2011
Certificate fingerprints:
MD5: 99:9F:51:27:BA:40:C1:91:14:B6:1B:36:EB:39:4F:57
SHA1: 7A:98:0E:B5:99:2A:4A:41:6D:CC3:90:4D:AB:3A:93:81:87:AE:B8
Signature algorithm name: SHA1withRSA
Version: 3
**************************************************************************************


file:${jboss.server.home.dir}/deploy/interligation-service.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/deploy/jbossweb.sar/server.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/conf/login-config.xml
**************************************************************************************

**************************************************************************************


file:${jboss.server.home.dir}/conf/props/interligation-users.properties
**************************************************************************************
CN\=server,\ OU\=X,\ O\=Y,\ L\=Z,\ ST\=XY,\ C\=YZ=JBossAdmin
admin=JBossAdmin
**************************************************************************************


file:${jboss.server.home.dir}/conf/props/interligation-roles.properties
**************************************************************************************
admin=JBossAdmin,HttpInvoker
**************************************************************************************


file:$webapp/WebContent/web.xml
**************************************************************************************

**************************************************************************************


file:$webapp/WebContent/jboss-web.xml
**************************************************************************************

**************************************************************************************


file:$clientapp/client-config.wsdd
**************************************************************************************

**************************************************************************************
Thanks for advice,
Alan
Alan Prado
Greenhorn

Joined: Jan 20, 2011
Posts: 2
Hello again!!!
I was passing wrong port to server, than connector was redirecting to http instead of https.
But now I'm getting this following error:

server side:
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545289296 sessioncount 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545289296 sessioncount 0
15:41:29,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:39,765 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /datacenter/services/InterligationServiceController
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against POST /services/InterligationServiceController --> true
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against POST /services/InterligationServiceController --> true
15:41:39,765 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
15:41:39,765 DEBUG [org.apache.catalina.realm.RealmBase] Redirecting to https://127.0.0.1:8443/datacenter/services/InterligationServiceController
15:41:39,781 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed hasUserDataPermission() test
15:41:49,296 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1295545309296 sessioncount 0
15:41:49,296 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
15:41:49,812 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_3] - TORecoveryModule - first pass
15:41:49,968 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.firstpass] Local XARecoveryModule - first pass
15:41:59,968 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] [com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_6] - TORecoveryModule - second pass
15:41:59,968 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.info.secondpass] Local XARecoveryModule - second pass

client-side:
(302)Moved Temporarily

Thanks for advice,
Alan
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Enable Security for JBoss + WS
 
Similar Threads
Error Mutual Certificates Security
Invalid keystore format error
Problem in accessing webservice over https with auth cert enabled...Urgent
How to config Tomcat to avoid 403
Setup SSL in jboss Application server