axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stadelmann Josef" <josef.stadelm...@axa-winterthur.ch>
Subject AW: AW: [Axis2/Rampart] 1.6.1 interop issues
Date Thu, 01 Dec 2011 14:15:11 GMT
[INFO] DeploymentEngine - Deploying Web service: ut-over-https.aar -
file:/C:/Program Files/Apache Software Foundation/Apache Tomcat
6.0.26/webapps/axis2/WEB-INF/services/ut-over-https.aar

01.12.2011 15:02:46 org.apache.catalina.core.StandardWrapperValve invoke

SCHWERWIEGEND: Servlet.service() for servlet AxisServlet threw exception

javax.servlet.ServletException: https is forbidden

      at
org.apache.axis2.transport.http.AxisServlet.preprocessRequest(AxisServle
t.java:637)

      at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:132)

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

      at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:290)

      at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:206)

      at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:233)

      at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:191)

      at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:127)

      at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:102)

      at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:109)

      at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:2
98)

      at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:85
2)

      at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(
Http11Protocol.java:588)

      at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

      at java.lang.Thread.run(Thread.java:662)

 

 

By default, in axis2.xml is only one AxisServletListener defined. 

This leads to the error above when samples policy ut-over-https shall
run.

(even https perfectly set) 

 

The reason is given in the axis2.xml 

 

<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener"/>

 

BUT if you have tow transport protocols you need

 

<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener">

    <parameter name="port">8080</parameter>

</transportReceiver>

 

<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">

    <parameter name="port">8443</parameter>

</transportReceiver>

 

perectly given/explained at
http://axis.apache.org/axis2/java/core/docs/servlet-transport.html

but nowhere referenced in the Rampart samples policy ut-over-https
README; 

 

and maybe this is not only relevant for samples! J

 

Josef

 

 

Von: Afkham Azeez [mailto:afkham@gmail.com] 
Gesendet: Mittwoch, 30. November 2011 16:30
An: java-user@axis.apache.org
Betreff: Re: AW: [Axis2/Rampart] 1.6.1 interop issues

 

So one of your primary problems is setting UP HTTPS on Tomcat? If so,
please read the Tomcat docs. It is a very simple thing.

On Nov 30, 2011 8:47 PM, "Stadelmann Josef"
<josef.stadelmann@axa-winterthur.ch> wrote:

 

You might be correct. 

 

But is just delivering the service.jks file via 

$ ant copy.keys 

sufficient to an installation of Apache Tomcat which is to run on a
Windows Vista System AND was never setup for HTTPS? 

Setup for HTTPS by server.xml is definitely done. But they way approach
to make it HTTPS aware, as given in the README 

is absolute insufficient and does not make tomcat listen on port 8443. 

 

I guess not!

 

Without having Tomcat setup to use a certificate (even a wrong one) you
will be unable to use it's https connector at port 8443

 

and that is an issue the axis2/rampart/sample-tomcat/README file does
not address.

 

I am just about to learn about web service security !

 

For me it is unclear 

do I need a certificate for tomcat; I would guess yes

what type of certificate does tomcat running on windows vista use?
Question for the tomcat windows vista community, I know

 

In short : I am a bit unhappy that tomcat- (or any other AS-)
prerequisites on setup 

or in case there are NONE are not clearly stated by the Rampart
installation.

 

Josef - lost at the moment

 

 

 

 

Von: Afkham Azeez [mailto:afkham@gmail.com] 
Gesendet: Mittwoch, 30. November 2011 14:05
An: java-user@axis.apache.org
Betreff: Re: [Axis2/Rampart] 1.6.1 interop issues

 

As per the stacktrace below, it looks like the System properties needed
for talking to the server via HTTPS have not been properly set.  

	 

	$ ant create.and.run.client

	produces

	 

	check.tomcat:

	clean:

	Deleting directory
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build

	create.and.run.client:

	Created dir:
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build

	Created dir:
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build\t
emp_client

	Created dir:
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build\c
lient_repository

	Created dir:
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build\c
lient_repository\conf

	Created dir:
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build\c
lient_repository\modules

	Copying 1 file to
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build\c
lient_repository\modules

	Copying 1 file to
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build\c
lient_repository\modules

	Compiling 2 source files to
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build\t
emp_client

	Note:
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\src\org
\apache\rampart\tomcat\sample\PWCBHandler.java uses or overrides a
deprecated API.

	Note: Recompile with -Xlint:deprecation for details.

	Copying 1 file to
E:\Users\C770817\SW-PROJEKTE\RampartSamples\policy\sample-tomcat\build

	log4j:WARN No appenders could be found for logger
(org.apache.axis2.deployment.FileSystemConfigurator).

	log4j:WARN Please initialize the log4j system properly.

	Exception in thread "main" org.apache.axis2.AxisFault:
Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

	      at
org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)

	      at
org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessage
Formatter.java:78)

	      at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisReque
stEntity.java:84)

	      at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequest
Body(EntityEnclosingMethod.java:499)

	      at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase
.java:2114)

	      at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java
:1096)

	      at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMe
thodDirector.java:398)

	      at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMetho
dDirector.java:171)

	      at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
97)

	      at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(Abstrac
tHTTPSender.java:621)

	      at
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:1
93)

	      at
org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)

	      at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageW
ithCommons(CommonsHTTPTransportSender.java:404)

	      at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(Common
sHTTPTransportSender.java:231)

	      at
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)

	      at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper
ation.java:406)

	      at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInA
xisOperation.java:229)

	      at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165
)

	      at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555
)

	      at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531
)

	      at org.apache.rampart.tomcat.sample.Client.main(Unknown
Source)

	Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been
shutdown: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

	      at
com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:16
92)

	      at
com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288)

	      at
org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStrea
mWriterWrapper.java:46)

	      at
org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.j
ava:188)

	      at
org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:
844)

	      at
org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessage
Formatter.java:74)

	      ... 19 more

	Caused by: javax.net.ssl.SSLException: Connection has been
shutdown: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

	      at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1
293)

	      at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java
:1305)

	      at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:
43)

	      at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

	      at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

	      at
java.io.FilterOutputStream.flush(FilterOutputStream.java:123)

	      at
org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStr
eam.java:191)

	      at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99)

	      at
com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)

	      at
com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:194)

	      at
com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:16
90)

	      ... 24 more

	Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

	      at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

	      at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649
)

	      at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)

	      at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)

	      at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:1206)

	      at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHands
haker.java:136)

	      at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)

	      at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:5
29)

	      at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
:893)

	      at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
cketImpl.java:1138)

	      at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.jav
a:632)

	      at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:
59)

	      at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

	      at
java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

	      at
java.io.FilterOutputStream.flush(FilterOutputStream.java:123)

	      at
org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStr
eam.java:191)

	      at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99)

	      at
com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)

	      at
com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)

	      at
org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStrea
mWriterWrapper.java:50)

	      at
org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.j
ava:198)

	      at
org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:
842)

	      ... 20 more

	Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

	      at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)

	      at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:2
17)

	      at
sun.security.validator.Validator.validate(Validator.java:218)

	      at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustMana
gerImpl.java:126)

	      at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:209)

	      at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:249)

	      at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:1185)

	      ... 37 more

	Caused by:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

	      at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPat
hBuilder.java:174)

	      at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)

	      at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)

	      ... 43 more

	Java Result: 1

	BUILD SUCCESSFUL (total time: 3 seconds)


Mime
View raw message