All geek questions in one place

Web service not running on GlassFish server

I created a web service in Java that sends data to another web service. This requires SSL certificates for authentication. This web service works fine on Tomcat, but when I deploy the same code on the GlassFish 3.0.1 server, I get javax.net.ssl.SSLHandshakeException : Fatal signal received: unknown javax.net.ssl.SSLHandshakeException exception. I imported the certificate into trustfore Glassfish using keytool. Required certificates are provided by the client.

My code is:

 System.setProperty("javax.net.ssl.keyStoreType" , "pkcs12"); System.setProperty("javax.net.ssl.keyStore", applicationRootDirPath + "clientCert.p12"); System.setProperty("javax.net.ssl.keyStorePassword", "password"); System.setProperty("javax.net.ssl.trustStoreType", "jks"); System.setProperty("javax.net.ssl.trustStore", "path of glass fish truststore"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); try { url = new URL(serverUrl); urlConn = url.openConnection(); urlConn.setDoOutput(true); urlConn.setRequestMethod("POST"); urlConn.setAllowUserInteraction(false); urlConn.setUseCaches(false); urlConn.setRequestProperty("Content-type", "text/xml; charset=utf-8"); urlConn.setRequestProperty("Content-Length", new Integer(xml.length()).toString()); try { writer = new OutputStreamWriter(urlConn.getOutputStream(), "UTF-8"); writer.write(xmlData); } finally { if (writer != null) { writer.close(); } } trace += "\n urlConn.getInputStream()"; in = urlConn.getInputStream(); }
+4
source share
2 answers

What development environment are you using? If you use NetBeans, you must install them in VMargs in /etc/netbeans.conf (this is necessary for the web service tool to function correctly so that you can create clients, for example):

 <NETBEANS_HOME>/bin/netbeans.exe -J-Djavax.net.ssl.trustStore=<AS_HOME>/domains/domain1/config/cacerts.jks -J-Djavax.net.ssl.keyStore=<AS_HOME>/domains/domain1/config/keystore.jks -J-Djavax.net.ssl.trustStorePassword=changeit -J-Djavax.net.ssl.keyStorePassword=changeit

Also, make sure you set up storage correctly in GlassFish; add these lines in the same way as in the JVM option:

 -Djavax.net.ssl.trustStore=${truststore.location} -Djavax.net.ssl.trustStorePassword=${ssl.password}

In addition, if it is not a valid certificate (for example, hostnames do not match, which is a common reason for javax.net.ssl.SSLHandshakeException ), you can make a workaround in the client web service for development / testing purposes:

 static { //WORKAROUND. TO BE REMOVED. javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier( new javax.net.ssl.HostnameVerifier(){ public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) { if (hostname.equals("mytargethostname")) { //Change to actual value return true; } return false; } }); }

At the moment, I do not see the source of your problem, but these are some points that I think you need to eliminate.

0
source

You also need to specify the following JVM option:

 -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=[alias of the client certificate in your keystore]
0
source

Source: https://habr.com/ru/post/1379639/

More articles:


All Articles