cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Pell <ja...@pellcorp.com>
Subject Re: How to Disable SSLv2 client hello in CXF?
Date Mon, 27 Oct 2014 11:23:11 GMT
Hi,

Here is a sample of using your own custom version of the jetty factory in
your spring context.  It is pretty invasive, so its actually better to wait
for 2.7.14 and take advantage of the code already there.  I use this code
for other reasons though, as it allows me to configure the trust / key
stores via spring properties.

https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java/com/pellcorp/server/jetty



A sample spring context:

https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/resources/META-INF/samlApplicationContext.xml




On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <jason@pellcorp.com> wrote:

> That setting won't actually control what protocols jetty will actually
> use. I think it just controls what the highest protocol is used.
>
> The excluded protocols list needs to include the sslv2 setting.
>
> we actually overrode the jetty factory jetty engine and one other class to
> get access to the SSL context to configure the excluded protocols. Not
> pretty but we can't wait for 2.7.14.
>
> If you are interested I shall post our classes to my git repo.
>
> Let me know
> On 27/10/2014 8:14 PM, "Andrei Shakirin" <ashakirin@talend.com> wrote:
>
>> Hi,
>>
>> I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
>>
>> As far as I can see this parameter is used for creating
>> java.net.ssl.SSLContext:
>>         String protocol = parameters.getSecureSocketProtocol() != null ?
>> parameters
>>             .getSecureSocketProtocol() : "TLS";
>>
>> The setting should work. How you apply conduit settings: programmatically
>> or via spring configuration?
>> Could you past the code snapshot?
>>
>> Regards,
>> Andrei.
>>
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Freitag, 24. Oktober 2014 17:46
>> > To: users@cxf.apache.org
>> > Subject: RE: How to Disable SSLv2 client hello in CXF?
>> >
>> > Hello again.
>> >
>> > I've dug further into the CXF documentation and found that it is
>> possible to
>> > programmatically set the SSL protocols on the TLSProperties object of
>> the
>> > Conduit.
>> >
>> > I've created the TLS properties and set the SSL protocols to TLS1, but
>> this does
>> > not change the SSL behavior, which still starts with TLSv1.2 then sends
>> the hello
>> > with SSLv2 which is then dropped on the client end.  Is there another
>> switch that
>> > has to be set to over-ride the default SSL behavior?
>> >
>> > David
>> >
>> > -----Original Message-----
>> > From: David Roytenberg (Consultant)
>> > [mailto:David.Roytenberg@optimalpayments.com]
>> > Sent: Thursday, October 23, 2014 4:57 PM
>> > To: users@cxf.apache.org
>> > Subject: How to Disable SSLv2 client hello in CXF?
>> >
>> > I'm having an SSL problem and I wonder if there is a way to fix it
>> within CXF
>> >
>> > We have our CXF 2.7.6 based integration deployed on Weblogic 11.  We are
>> > using JDK 1.7_065
>> >
>> > When we connect to our remote client via SSL we get the following trace
>> with
>> > lots of SSL debugging turned on
>> >
>> > What appears to be happening is that the Hello message is sent with an
>> SSLV2
>> > protocol, which our partner's server does not like.  Apparently sending
>> the
>> > Hello at this level is a common behavior and apparently it sometimes
>> causes
>> > the remote server to fail.  I found a suggestion on line that this can
>> be fixed by
>> > removing the SSLv2 from the allowed protocols.  I am wondering if I can
>> do that
>> > through CFX configuration?
>> >
>> > This is a reference to the article that suggests that removing the
>> protocol is the
>> > solution to this problem:
>> >
>> >
>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-send-a-
>> > version-2-client-hello
>> >
>> > The protocols are apparently set on the SSLContext in JSSE by calling
>> > setEnabledProtocols(String[] protocols)
>> >
>> > Is there a way to set the enabled protocols on the SSLContext via CXF
>> > configuration?
>> >
>> > If not, is there a way to get hold of the SSLContext programmatically
>> in a CXF
>> > interceptor?
>> >
>> > We can't fix this problem at the WebLogic level because of side-effects
>> on
>> > other apps.   Thanks in advance for any suggestions or guidance!
>> >
>> > WebLogic SSL debug trace follows:
>> >
>> > %% No cached client session
>> > *** ClientHello, TLSv1.2
>> > RandomCookie:  GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202,
>> 98, 8,
>> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, 82, 100,
>> 197, 213,
>> > 31, 89, 96 } Session ID:  {} Cipher Suites:
>> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_RSA_WITH_AES_256_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
>> > _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE
>> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
>> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES
>> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W
>> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
>> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
>> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
>> > Compression Methods:  { 0 }
>> > Extension elliptic_curves, curve names: {secp256r1, sect163k1,
>> sect163r2,
>> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
>> secp384r1,
>> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1,
>> secp160r1,
>> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, secp224k1,
>> sect239k1,
>> > secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension
>> > signature_algorithms, signature_algorithms: SHA512withECDSA,
>> > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
>> > SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
>> > SHA1withRSA, SHA1withDSA, MD5withRSA
>> > ***
>> > [write] MD5 and SHA1 hashes:  len = 221
>> > 0000: 01 00 00 D9 03 03 54 49   66 8B B7 D1 2F 94 36 CA
>> ......TIf.../.6.
>> > 0010: 62 08 BF DE 7A F8 50 BE   35 58 80 82 7E 6C 64 52
>> b...z.P.5X...ldR
>> > 0020: 64 C5 D5 1F 59 60 00 00   54 C0 24 C0 28 00 3D C0
>> d...Y`..T.$.(.=.
>> > 0030: 26 C0 2A 00 6B 00 6A C0   0A C0 14 00 35 C0 05 C0
>> &.*.k.j.....5...
>> > 0040: 0F 00 39 00 38 C0 23 C0   27 00 3C C0 25 C0 29 00
>> ..9.8.#.'.<.%.).
>> > 0050: 67 00 40 C0 09 C0 13 00   2F C0 04 C0 0E 00 33 00  g.@
>> ...../.....3.
>> > 0060: 32 C0 07 C0 11 00 05 C0   02 C0 0C C0 08 C0 12 00
>> 2...............
>> > 0070: 0A C0 03 C0 0D 00 16 00   13 00 04 00 FF 01 00 00
>> ................
>> > 0080: 5C 00 0A 00 34 00 32 00   17 00 01 00 03 00 13 00
>> \...4.2.........
>> > 0090: 15 00 06 00 07 00 09 00   0A 00 18 00 0B 00 0C 00
>> ................
>> > 00A0: 19 00 0D 00 0E 00 0F 00   10 00 11 00 02 00 12 00
>> ................
>> > 00B0: 04 00 05 00 14 00 08 00   16 00 0B 00 02 01 00 00
>> ................
>> > 00C0: 0D 00 1A 00 18 06 03 06   01 05 03 05 01 04 03 04
>> ................
>> > 00D0: 01 03 03 03 01 02 03 02   01 02 02 01 01           .............
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
>> len =
>> > 188
>> > 0000: 01 03 03 00 93 00 00 00   20 00 C0 24 00 C0 28 00  ........
>> ..$..(.
>> > 0010: 00 3D 00 C0 26 00 C0 2A   00 00 6B 00 00 6A 00 C0
>> .=..&..*..k..j..
>> > 0020: 0A 07 00 C0 00 C0 14 00   00 35 00 C0 05 00 C0 0F
>> .........5......
>> > 0030: 00 00 39 00 00 38 00 C0   23 00 C0 27 00 00 3C 00
>> ..9..8..#..'..<.
>> > 0040: C0 25 00 C0 29 00 00 67   00 00 40 00 C0 09 06 00  .%..)..g..@
>> .....
>> > 0050: 40 00 C0 13 00 00 2F 00   C0 04 01 00 80 00 C0 0E
>> @...../.........
>> > 0060: 00 00 33 00 00 32 00 C0   07 05 00 80 00 C0 11 00
>> ..3..2..........
>> > 0070: 00 05 00 C0 02 00 C0 0C   00 C0 08 00 C0 12 00 00
>> ................
>> > 0080: 0A 07 00 C0 00 C0 03 02   00 80 00 C0 0D 00 00 16
>> ................
>> > 0090: 00 00 13 00 00 04 01 00   80 00 00 FF 54 49 66 8B
>> ............TIf.
>> > 00A0: B7 D1 2F 94 36 CA 62 08   BF DE 7A F8 50 BE 35 58
>> ../.6.b...z.P.5X
>> > 00B0: 80 82 7E 6C 64 52 64 C5   D5 1F 59 60              ...ldRd...Y`
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: length =
>> 190
>> > 0000: 80 BC 01 03 03 00 93 00   00 00 20 00 C0 24 00 C0  ..........
>> ..$..
>> > 0010: 28 00 00 3D 00 C0 26 00   C0 2A 00 00 6B 00 00 6A
>> (..=..&..*..k..j
>> > 0020: 00 C0 0A 07 00 C0 00 C0   14 00 00 35 00 C0 05 00
>> ...........5....
>> > 0030: C0 0F 00 00 39 00 00 38   00 C0 23 00 C0 27 00 00
>> ....9..8..#..'..
>> > 0040: 3C 00 C0 25 00 C0 29 00   00 67 00 00 40 00 C0 09  <..%..)..g..@
>> ...
>> > 0050: 06 00 40 00 C0 13 00 00   2F 00 C0 04 01 00 80 00
>> ..@...../.......
>> > 0060: C0 0E 00 00 33 00 00 32   00 C0 07 05 00 80 00 C0
>> ....3..2........
>> > 0070: 11 00 00 05 00 C0 02 00   C0 0C 00 C0 08 00 C0 12
>> ................
>> > 0080: 00 00 0A 07 00 C0 00 C0   03 02 00 80 00 C0 0D 00
>> ................
>> > 0090: 00 16 00 00 13 00 00 04   01 00 80 00 00 FF 54 49
>> ..............TI
>> > 00A0: 66 8B B7 D1 2F 94 36 CA   62 08 BF DE 7A F8 50 BE
>> f.../.6.b...z.P.
>> > 00B0: 35 58 80 82 7E 6C 64 52   64 C5 D5 1F 59 60        5X...ldRd...Y`
>> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
>> > <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
>> 'weblogic.kernel.Default (self-
>> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.wrap(ByteBuffer,ByteBuffer)
>> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed =
>> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0'
for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
>> > SSLEngine.unwrap(ByteBuffer,ByteBuffer
>> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
>> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
>> > 0000: 15 03 03 00 02                                     .....
>> > [Raw read]: length = 2
>> > 0000: 02 28                                              .(
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT:  fatal,
>> > handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
>> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
>> > Rethrowing javax.net.ssl.SSLException: Received fatal alert:
>> handshake_failure
>> > [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
>> (self-tuning)',
>> > fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException:
>> Received
>> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT> <Debug>
>> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0'
for
>> queue:
>> > 'weblogic.kernel.Default (self-tuning)',5,Pooled
>> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
>> occurred
>> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
>> > javax.net.ssl.SSLException: Received fatal alert: handshake_failure
>> >         at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
>> >         at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
>> >         at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
>> >         at
>> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
>> >         at
>> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
>> >         at
>> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
>> >         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
>> >         at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
>> >         at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
>> >         at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
>> >         at
>> >
>> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
>> >         at
>> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
>> >         at
>> >
>> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:44
>> > 8)
>> >         at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
>> >         at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
>> >         at
>> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
>> >         at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
>> >         at
>> > weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
>> >         at
>> > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>> >         at
>> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>> >         at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
>> >         at
>> >
>> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:1
>> > 86)
>> >         at
>> >
>> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.jav
>> > a:280)
>> >         at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
>> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168
>> > )
>> >         at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHea
>> > dersTrustCaching(HTTPConduit.java:1278)
>> >         at
>> >
>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrit
>> > e(HTTPConduit.java:1234)
>> >         at
>> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWra
>> > ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
>> >         at
>> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
>> > tStream.java:47)
>> >         at
>> >
>> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutp
>> > utStream.java:69)
>> >         at
>> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTP
>> > Conduit.java:1291)
>> >         at
>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
>> >         at
>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
>> >         at
>> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingI
>> > nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>> >         at
>> >
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChai
>> > n.java:271)
>> >         at
>> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
>> >         at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
>> >         at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
>> >         at
>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
>> >         at
>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>> >         at
>> > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>> >         at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
>> >         at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVerification(
>> > VerifyClient.java:87)
>> >         at
>> >
>> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitInitial(Ve
>> > rifyGateway.java:24)
>> >         at
>> >
>> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(Identificatio
>> > nServiceImpl.java:147)
>> >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >         at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> >         at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
>> > mpl.java:43)
>> >         at java.lang.reflect.Method.invoke(Method.java:606)
>> >         at
>> >
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(Aop
>> > Utils.java:317)
>> >         at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpo
>> > int(ReflectiveMethodInvocation.java:183)
>> >         at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:150)
>> >         at
>> >
>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(Tra
>> > nsactionInterceptor.java:110)
>> >         at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:172)
>> >         at
>> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamic
>> > AopProxy.java:204)
>> >         at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
>> >         at
>> >
>> com.optimal.identity.web.rest.IdentificationController.create(IdentificationCont
>> > roller.java:133)
>> >         at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGLIB$$95f
>> > 388d3.invoke(<generated>)
>> >         at
>> > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>> >         at
>> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.in
>> > vokeJoinpoint(CglibAopProxy.java:698)
>> >         at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:150)
>> >         at
>> >
>> org.springframework.security.access.intercept.aopalliance.MethodSecurityInter
>> > ceptor.invoke(MethodSecurityInterceptor.java:64)
>> >         at
>> >
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Refl
>> > ectiveMethodInvocation.java:172)
>> >         at
>> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedIntercept
>> > or.intercept(CglibAopProxy.java:631)
>> >         at
>> >
>> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLIB$$36
>> > b7b48f.create(<generated>)
>> >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >         at
>> >
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> > 57)
>> >         at
>> >
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI
>> > mpl.java:43)
>> >         at java.lang.reflect.Method.invoke(Method.java:606)
>> >         at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invoke(Inv
>> > ocableHandlerMethod.java:219)
>> >         at
>> > org.springframework.web.method.support.InvocableHandlerMethod.invokeFor
>> > Request(InvocableHandlerMethod.java:132)
>> >         at
>> >
>> org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHan
>> > dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
>> >         at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
>> > dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
>> >         at
>> > org.springframework.web.servlet.mvc.method.annotation.RequestMappingHan
>> > dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
>> >         at
>> > org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
>> > handle(AbstractHandlerMethodAdapter.java:80)
>> >         at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl
>> > et.java:925)
>> >         at
>> >
>> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle
>> > t.java:856)
>> >         at
>> > org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor
>> > kServlet.java:920)
>> >         at
>> >
>> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.j
>> > ava:827)
>> >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> >         at
>> >
>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
>> > java:801)
>> >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>> >         at
>> >
>> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecu
>> > rityHelper.java:227)
>> >         at
>> >
>> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.j
>> > ava:125)
>> >         at
>> >
>> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
>> >         at
>> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
>> >         at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> >         at
>> >
>> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(Shallo
>> > wEtagHeaderFilter.java:73)
>> >         at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
>> > Filter.java:107)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> >         at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:330)
>> >         at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.inv
>> > oke(FilterSecurityInterceptor.java:118)
>> >         at
>> >
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.do
>> > Filter(FilterSecurityInterceptor.java:84)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> >         at
>> >
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(Ex
>> > ceptionTranslationFilter.java:113)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> >         at
>> >
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilt
>> > er.doFilter(AnonymousAuthenticationFilter.java:113)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> >         at
>> >
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequ
>> > estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> >         at
>> >
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilt
>> > er.doFilter(BasicAuthenticationFilter.java:201)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> >         at
>> >
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doF
>> > ilter(SecurityContextPersistenceFilter.java:87)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(
>> > FilterChainProxy.java:342)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChain
>> > Proxy.java:192)
>> >         at
>> >
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.ja
>> > va:160)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> >         at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> >         at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilter.java:16
>> > 9)
>> >         at
>> >
>> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> >         at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> >         at
>> >
>> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(ApplicationU
>> > idFilter.java:51)
>> >         at
>> >
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequest
>> > Filter.java:107)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(Delegati
>> > ngFilterProxy.java:346)
>> >         at
>> >
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilter
>> > Proxy.java:259)
>> >         at
>> >
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
>> >         at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrap
>> > Run(WebAppServletContext.java:3730)
>> >         at
>> >
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(
>> > WebAppServletContext.java:3696)
>> >         at
>> >
>> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.j
>> > ava:321)
>> >         at
>> >
>> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
>> >         at
>> >
>> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServl
>> > etContext.java:2273)
>> >         at
>> >
>> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletConte
>> > xt.java:2179)
>> >         at
>> >
>> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490
>> > )
>> >         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
>> >         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>> > >
>> > AVIS IMPORTANT
>> >
>> > WARNING
>> >
>> >
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?. L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
>> > involontairement ou s'il est retransmis sans son autorisation. Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie
>> ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> >
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient. No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message. If you are
>> not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system. The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful. If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient.  No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message.  If you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system.  The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful.  If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise.  L'expediteur original ne renonce a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete transmis
>> > involontairement ou s'il est retransmis sans son autorisation.  Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme.  La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>> >
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient.  No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message.  If you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system.  The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful.  If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou l?galement privil?gi?s
>> destin?s au
>> > seul usage du destinataire vis?.  L'exp?diteur original ne renonce ?
>> aucun
>> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
>> > involontairement ou s'il est retransmis sans son autorisation.  Si vous
>> n'?tes pas
>> > le destinataire vis? du pr?sent message ou si vous l'avez re?u par
>> erreur,
>> > veuillez cesser imm?diatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pi?ces jointes, de votre syst?me.  La lecture, la distribution, la
>> copie ou tout
>> > autre usage du pr?sent message ou de ses pi?ces jointes par des
>> personnes
>> > autres que le destinataire vis? ne sont pas autoris?s et pourraient
>> ?tre ill?gaux.
>> > Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
>> aviser
>> > l'exp?diteur.
>> >
>> > --
>> > WARNING
>> > -------
>> > This electronic message and its attachments may contain confidential,
>> > proprietary or legally privileged information, which is solely for the
>> use of the
>> > intended recipient.  No privilege or other rights are waived by any
>> unintended
>> > transmission or unauthorized retransmission of this message.  If you
>> are not the
>> > intended recipient of this message, or if you have received it in
>> error, you
>> > should immediately stop reading this message and delete it and all
>> > attachments from your system.  The reading, distribution, copying or
>> other use
>> > of this message or its attachments by unintended recipients is
>> unauthorized and
>> > may be unlawful.  If you have received this e-mail in error, please
>> notify the
>> > sender.
>> >
>> > AVIS IMPORTANT
>> > --------------
>> > Ce message electronique et ses pieces jointes peuvent contenir des
>> > renseignements confidentiels, exclusifs ou legalement privilegies
>> destines au
>> > seul usage du destinataire vise.  L'expediteur original ne renonce a
>> aucun
>> > privilege ou a aucun autre droit si le present message a ete transmis
>> > involontairement ou s'il est retransmis sans son autorisation.  Si vous
>> n'etes pas
>> > le destinataire vise du present message ou si vous l'avez recu par
>> erreur,
>> > veuillez cesser immediatement de le lire et le supprimer, ainsi que
>> toutes ses
>> > pieces jointes, de votre systeme.  La lecture, la distribution, la
>> copie ou tout
>> > autre usage du present message ou de ses pieces jointes par des
>> personnes
>> > autres que le destinataire vise ne sont pas autorises et pourraient
>> etre illegaux.
>> > Si vous avez recu ce courrier electronique par erreur, veuillez en
>> aviser
>> > l'expediteur.
>>
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message