aspose file tools*
The moose likes Oracle/OAS and the fly likes OC4J 10g StandAlone using HTTPS Tunneling Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Oracle/OAS
Bookmark "OC4J 10g StandAlone using HTTPS Tunneling Problem" Watch "OC4J 10g StandAlone using HTTPS Tunneling Problem" New topic
Author

OC4J 10g StandAlone using HTTPS Tunneling Problem

Jessica Tan
Greenhorn

Joined: Mar 01, 2005
Posts: 11
Dear Sir,

I in urgent to seek solution to solve below problem. Hope some one can help.

Firstly I had config 2 port for OC4J (with/without SSL), if using browser I able access as:
http://localhost:8888/ (without SSL)
https://localhost:4443/ (with SSL)

And I also had success setting http tunneling for OC4J 10g (version 9.0.4)
env.put(Context.PROVIDER_URL,"http rmi://localhost:8888/SSOApiEJB");
Context initial = new InitialContext(env);
Object objref = initial.lookup("SSOapiBean");

However when I using https tunneling:
env.put(Context.PROVIDER_URL,"https rmi://localhost:4443/SSOApiEJB");

During lookup will face problem.

At server side, the SSL seem is working. But at client side will face RMI connection disconnect problem as show in below:
05/03/02 10:01:33 java.lang.InstantiationException: Error communicating with server: Disconnected: RMIConnection Disconnected
05/03/02 10:01:34 at com.evermind.server.ApplicationClientContext.createContext(ApplicationClientContext.java:61)
05/03/02 10:01:34 at com.evermind.server.ApplicationClientInitialContextFactory.getInitialContext(ApplicationClientInitialContextFa
05/03/02 10:01:34 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
05/03/02 10:01:34 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
05/03/02 10:01:34 at javax.naming.InitialContext.init(InitialContext.java:219)
05/03/02 10:01:34 at javax.naming.InitialContext.<init>(InitialContext.java:195)
05/03/02 10:01:34 at _aacmtest._jspService(_aacmtest.java:96)
05/03/02 10:01:34 at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
05/03/02 10:01:34 at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:347)
05/03/02 10:01:34 at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
05/03/02 10:01:34 at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
05/03/02 10:01:34 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
05/03/02 10:01:34 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:765)
05/03/02 10:01:34 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:317)
05/03/02 10:01:34 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:790)
05/03/02 10:01:34 at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:270)
05/03/02 10:01:34 at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:112)
05/03/02 10:01:34 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
05/03/02 10:01:34 at java.lang.Thread.run(Thread.java:534)

For server side the console message as below:
05/03/02 10:01:37 HttpRequestHandler-30987167, READ: SSLv3 Change Cipher Spec, length = 1
05/03/02 10:01:37 JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
05/03/02 10:01:37 HttpRequestHandler-30987167, READ: SSLv3 Handshake, length = 64
05/03/02 10:01:37 Padded plaintext after DECRYPTION: len = 64
0000: 14 00 00 24 FD C2 97 86 42 AD 39 09 AC 24 44 B1 ...$....B.9..$D.
0010: 7C 8F BA 47 2C 5D D5 84 49 4B 84 2C 84 D3 49 75 ...G,]..IK.,..Iu
0020: B4 42 A8 47 B3 AD 88 80 BF 9F 80 DD 5C 10 98 27 .B.G........\..'
0030: 05 07 0C 97 BE 61 DF 6F CC 80 EB 08 03 03 03 03 .....a.o........
05/03/02 10:01:37 *** Finished
05/03/02 10:01:37 verify_data: { 253, 194, 151, 134, 66, 173, 57, 9, 172, 36, 68, 177, 124, 143, 186, 71, 44, 93, 213, 132, 73, 75, 132, 44, 132, 211, 73, 117,
05/03/02 10:01:37 ***
05/03/02 10:01:37 [read] MD5 and SHA1 hashes: len = 40
0000: 14 00 00 24 FD C2 97 86 42 AD 39 09 AC 24 44 B1 ...$....B.9..$D.
0010: 7C 8F BA 47 2C 5D D5 84 49 4B 84 2C 84 D3 49 75 ...G,]..IK.,..Iu
0020: B4 42 A8 47 B3 AD 88 80 .B.G....
05/03/02 10:01:38 HttpRequestHandler-30987167, WRITE: SSLv3 Change Cipher Spec, length = 1
05/03/02 10:01:38 JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
05/03/02 10:01:38 *** Finished
05/03/02 10:01:38 verify_data: { 200, 34, 161, 68, 164, 239, 51, 17, 4, 89, 130, 104, 93, 208, 154, 108, 39, 18, 237, 109, 33, 186, 64, 184, 21, 188, 181, 203,
05/03/02 10:01:38 ***
05/03/02 10:01:38 [write] MD5 and SHA1 hashes: len = 40
0000: 14 00 00 24 C8 22 A1 44 A4 EF 33 11 04 59 82 68 ...$.".D..3..Y.h
0010: 5D D0 9A 6C 27 12 ED 6D 21 BA 40 B8 15 BC B5 CB ]..l'..m!.@.....
0020: 89 1D 6F 58 C4 44 7F 58 ..oX.D.X
05/03/02 10:01:38 Padded plaintext before ENCRYPTION: len = 64
0000: 14 00 00 24 C8 22 A1 44 A4 EF 33 11 04 59 82 68 ...$.".D..3..Y.h
0010: 5D D0 9A 6C 27 12 ED 6D 21 BA 40 B8 15 BC B5 CB ]..l'..m!.@.....
0020: 89 1D 6F 58 C4 44 7F 58 94 F2 00 BA E6 1C 7A 65 ..oX.D.X......ze
0030: F0 0A 23 73 DE D7 7A 1B 74 8D 12 BD 03 03 03 03 ..#s..z.t.......
05/03/02 10:01:38 HttpRequestHandler-30987167, WRITE: SSLv3 Handshake, length = 64
05/03/02 10:01:38 %% Cached server session: [Session-3, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
05/03/02 10:01:38 HttpRequestHandler-30987167, READ: SSLv3 Application Data, length = 272
05/03/02 10:01:38 Padded plaintext after DECRYPTION: len = 272
0000: 50 4F 53 54 20 2F 6A 32 65 65 2F 69 6E 76 6F 6B POST /j2ee/invok
0010: 65 2E 74 75 6E 6E 65 6C 72 6D 69 70 20 48 54 54 e.tunnelrmip HTT
0020: 50 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 6C 6F 63 P/1.1..Host: loc
0030: 61 6C 68 6F 73 74 3A 34 34 34 33 0D 0A 43 6F 6E alhost:4443..Con
0040: 6E 65 63 74 69 6F 6E 3A 20 54 45 0D 0A 54 45 3A nection: TE..TE:
0050: 20 74 72 61 69 6C 65 72 73 2C 20 64 65 66 6C 61 trailers, defla
0060: 74 65 2C 20 67 7A 69 70 2C 20 63 6F 6D 70 72 65 te, gzip, compre
0070: 73 73 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 ss..User-Agent:
0080: 52 50 54 2D 48 54 54 50 43 6C 69 65 6E 74 2F 30 RPT-HTTPClient/0
0090: 2E 33 2D 33 0D 0A 41 63 63 65 70 74 2D 45 6E 63 .3-3..Accept-Enc
00A0: 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 78 2D 67 oding: gzip, x-g
00B0: 7A 69 70 2C 20 63 6F 6D 70 72 65 73 73 2C 20 78 zip, compress, x
00C0: 2D 63 6F 6D 70 72 65 73 73 0D 0A 43 6F 6E 74 65 -compress..Conte
00D0: 6E 74 2D 74 79 70 65 3A 20 74 65 78 74 2F 70 6C nt-type: text/pl
00E0: 61 69 6E 0D 0A 43 6F 6E 74 65 6E 74 2D 6C 65 6E ain..Content-len
00F0: 67 74 68 3A 20 35 37 0D 0A 0D 0A A6 15 D1 7B C5 gth: 57.........
0100: 53 D5 05 6D 1C AF 65 30 2D 7A 38 FE 5E E3 B1 00 S..m..e0-z8.^...
05/03/02 10:01:39 Padded plaintext before ENCRYPTION: len = 160
0000: 48 54 54 50 2F 31 2E 31 20 31 30 30 20 43 6F 6E HTTP/1.1 100 Con
0010: 74 69 6E 75 65 0D 0A 53 65 72 76 65 72 3A 20 4F tinue..Server: O
0020: 72 61 63 6C 65 20 41 70 70 6C 69 63 61 74 69 6F racle Applicatio
0030: 6E 20 53 65 72 76 65 72 20 43 6F 6E 74 61 69 6E n Server Contain
0040: 65 72 73 20 66 6F 72 20 4A 32 45 45 20 31 30 67 ers for J2EE 10g
0050: 20 28 39 2E 30 2E 34 2E 30 2E 30 29 0D 0A 44 61 (9.0.4.0.0)..Da
0060: 74 65 3A 20 57 65 64 2C 20 30 32 20 4D 61 72 20 te: Wed, 02 Mar
0070: 32 30 30 35 20 30 32 3A 30 31 3A 33 38 20 47 4D 2005 02:01:38 GM
0080: 54 0D 0A 0D 0A 15 DC 8F 6C F6 E8 41 93 90 6A 17 T.......l..A..j.
0090: A2 1C 2E 43 6C 81 30 20 8C 06 06 06 06 06 06 06 ...Cl.0 ........
05/03/02 10:01:39 HttpRequestHandler-30987167, WRITE: SSLv3 Application Data, length = 160
05/03/02 10:01:39 setSoTimeout(0) called
05/03/02 10:01:39 HttpRequestHandler-30987167, READ: SSLv3 Application Data, length = 80
05/03/02 10:01:39 Padded plaintext after DECRYPTION: len = 80
0000: 4B 4C 67 41 41 41 41 3D 3D 0D 0A 65 58 63 64 46 KLgAAAA==..eXcdF
0010: 67 41 61 55 6B 31 4A 51 32 39 75 62 6D 56 6A 64 gAaUk1JQ29ubmVjd
0020: 47 6C 76 62 69 42 45 61 58 4E 6A 62 32 35 75 5A GlvbiBEaXNjb25uZ
0030: 57 4E 30 5A 57 51 3D 0D 0A E9 D7 6E 6C A2 E9 16 WN0ZWQ=....nl...
0040: F8 14 5F A1 27 29 30 1E 86 EC CA AF C7 02 02 02 .._.')0.........
05/03/02 10:01:39 Padded plaintext before ENCRYPTION: len = 616
0000: 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK.
0010: 0A 44 61 74 65 3A 20 57 65 64 2C 20 30 32 20 4D .Date: Wed, 02 M
0020: 61 72 20 32 30 30 35 20 30 32 3A 30 31 3A 33 38 ar 2005 02:01:38
0030: 20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 4F 72 GMT..Server: Or
0040: 61 63 6C 65 20 41 70 70 6C 69 63 61 74 69 6F 6E acle Application
0050: 20 53 65 72 76 65 72 20 43 6F 6E 74 61 69 6E 65 Server Containe
0060: 72 73 20 66 6F 72 20 4A 32 45 45 20 31 30 67 20 rs for J2EE 10g
0070: 28 39 2E 30 2E 34 2E 30 2E 30 29 0D 0A 43 6F 6E (9.0.4.0.0)..Con
0080: 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 33 35 37 tent-Length: 357
0090: 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 43 6C ..Connection: Cl
00A0: 6F 73 65 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 ose..Content-Typ
00B0: 65 3A 20 74 65 78 74 2F 70 6C 61 69 6E 0D 0A 4F e: text/plain..O
00C0: 72 61 63 6C 65 2D 54 75 6E 6E 65 6C 2D 4D 6F 64 racle-Tunnel-Mod
00D0: 65 3A 20 6E 6F 72 6D 61 6C 0D 0A 44 75 6D 6D 79 e: normal..Dummy
00E0: 3A 20 6E 6F 72 6D 61 6C 0D 0A 0D 0A 4B 57 67 45 : normal....KWgE
00F0: 41 41 41 3D 3D 0D 0A 34 77 30 4B 44 51 6F 41 41 AAA==..4w0KDQoAA
0100: 51 41 41 41 48 5A 4A 62 6E 5A 68 62 47 6C 6B 49 QAAAHZJbnZhbGlkI
0110: 48 42 79 62 33 52 76 59 32 39 73 49 48 5A 6C 63 HByb3RvY29sIHZlc
0120: 6D 6C 6D 61 57 4E 68 64 47 6C 76 62 69 77 67 61 mlmaWNhdGlvbiwga
0130: 57 78 73 5A 57 64 68 62 43 42 50 55 6B 31 4A 49 WxsZWdhbCBPUk1JI
0140: 48 4A 6C 0D 0A 63 58 56 6C 63 33 51 67 62 33 49 HJl..cXVlc3Qgb3I
0150: 67 63 6D 56 78 64 57 56 7A 64 43 42 77 5A 58 4A gcmVxdWVzdCBwZXJ
0160: 6D 62 33 4A 74 5A 57 51 67 64 32 6C 30 61 43 42 mb3JtZWQgd2l0aCB
0170: 68 62 69 42 70 62 6D 4E 76 62 58 42 68 64 47 6C hbiBpbmNvbXBhdGl
0180: 69 62 47 55 67 64 6D 56 79 63 32 6C 76 62 69 42 ibGUgdmVyc2lvbiB
0190: 76 0D 0A 5A 69 42 30 61 47 6C 7A 49 48 42 79 62 v..ZiB0aGlzIHByb
01A0: 33 52 76 59 32 39 73 46 67 42 32 53 57 35 32 59 3RvY29sFgB2SW52Y
01B0: 57 78 70 5A 43 42 77 63 6D 39 30 62 32 4E 76 62 WxpZCBwcm90b2Nvb
01C0: 43 42 32 5A 58 4A 70 5A 6D 6C 6A 59 58 52 70 62 CB2ZXJpZmljYXRpb
01D0: 32 34 73 49 47 6C 73 62 47 56 6E 59 57 77 67 0D 24sIGlsbGVnYWwg.
01E0: 0A 54 31 4A 4E 53 53 42 79 5A 58 46 31 5A 58 4E .T1JNSSByZXF1ZXN
01F0: 30 49 47 39 79 49 48 4A 6C 63 58 56 6C 63 33 51 0IG9yIHJlcXVlc3Q
0200: 67 63 47 56 79 5A 6D 39 79 62 57 56 6B 49 48 64 gcGVyZm9ybWVkIHd
0210: 70 64 47 67 67 59 57 34 67 61 57 35 6A 62 32 31 pdGggYW4gaW5jb21
0220: 77 59 58 52 70 59 6D 78 6C 49 48 5A 6C 0D 0A 63 wYXRpYmxlIHZl..c
0230: 6E 4E 70 62 32 34 67 62 32 59 67 64 47 68 70 63 nNpb24gb2YgdGhpc
0240: 79 42 77 63 6D 39 30 62 32 4E 76 62 41 3D 3D 0D yBwcm90b2NvbA==.
0250: 0A F2 33 7C A9 B1 83 4C CB 16 77 ED 0A 40 D7 E0 ..3....L..w..@..
0260: EA F5 AE 49 BB 02 02 02 ...I....
05/03/02 10:01:40 HttpRequestHandler-30987167, WRITE: SSLv3 Application Data, length = 616
05/03/02 10:01:40 HttpRequestHandler-30987167, called close()
05/03/02 10:01:40 HttpRequestHandler-30987167, called closeInternal(true)
05/03/02 10:01:40 HttpRequestHandler-30987167, SEND SSLv3 ALERT: warning, description = close_notify
05/03/02 10:01:40 Padded plaintext before ENCRYPTION: len = 24
0000: 01 00 12 E4 BD 2A CD 68 A5 30 B3 09 10 97 09 7E .....*.h.0......
0010: 5E 84 55 ED 0A 39 01 01 ^.U..9..
05/03/02 10:01:40 HttpRequestHandler-30987167, WRITE: SSLv3 Alert, length = 24
05/03/02 10:01:40 HttpRequestHandler-30987167, called close()
05/03/02 10:01:40 HttpRequestHandler-30987167, called closeInternal(true)

Any help on that? Why RMI Connection will disconnect on Client side when using https tunneling?

Pls help.

Thanks

Rgds,
Jessica
Jessica Tan
Greenhorn

Joined: Mar 01, 2005
Posts: 11
I just find out the solution from Oracle metalink (p_id=236967.1):

Symptom(s) ~~~~~~~~~~
+ You have configured the web listener of a standalone OC4J instance for SSL
+ You have an EJB client programming running outside the OC4J container and are tunneling RMI across HTTPS, using a provider URL like: java.naming.provider.url=https rmi://<host>:<ssl_port>/<app name>
+ The client returns the following error stack: javax.naming.NamingException: Disconnected: RMIConnection Disconnected

Cause ~~~~~
As an RMI session is both stateful and persistent whereas HTTP/HTTPS connections are not, a HTTP/HTTPS session variable is established to maintain the persistent connection. It is therefore necessary to associate the tunneled RMI request back to the HTTP/HTTPS session where it's persistent RMI connection is being maintained. When using HTTP, OC4J stores the "JSESSIONID" value, used for routing requests to their session data, as a cookie or URL encoded value. However, as browsers normally tend to hold SSL connections open longer than HTTP (due to performance benefits) by default OC4J relies on the id of the SSL connection for it's session routing. However, since HTTPS tunneling over RMI would require session routing data to be maintained for longer than can be relied upon by a single HTTPS connections. Therefore it is necessary to use the SHARED="TRUE" configuration directive to modifies the way that session routing information is handled by the web application running the RMI tunneling servlet.

Fix ~~~~
+ Modify the <default-web-app> tag in the configuration file for the SSL enabled listener (e.g. secure-site.xml) and define an attribute: shared="true"
<default-web-app
application="default"
name="defaultWebApp"
shared="true" />



Rgds,
Jessica
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30918
    
158

Jessica,
Thanks for posting the solution and welcome to JavaRanch!


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: OC4J 10g StandAlone using HTTPS Tunneling Problem