Stefan,
See my comments inline,
stlecho wrote:
Hi Ruwan,
The webservice I'm calling is installed on a server that's behind a BIG-IP
(firewall, load balancer, ...). The establishment of the SSL connection is
done with this BIG-IP which at it's turn forwards - based on a specific rule
- all webservices requests to the dedicated server.
In our Axis2-based application, the SSL connection is setup with HttpClient
by calling "new HttpClient().executeMethod(new
GetMethod("https://mywebsite";))". Once this is done, the calls to the
webservice work perfectly. So I'm wondering how Axis2 is capable of handling
the '404' HTTP response.
If I got you correctly, what you are saying is that the axis2 based
application can directly talk to the web service, without any issue and
this occurs only when the message is mediated though ESB? If this is the
case then probably there can be a configuration error in ESB
Is there any possibility of sharing the configuration used by the ESB.
You can send it to me privately if you have any issues in sending the
configuration through the public list.
At the same time can you please attach the full DEBUG log of the ESB
with the configuration that you are using?
I will try to connect to a HTTPs-based webservice that does not use this
kind of "forwarding" configuration.
PS: Is there a way to log all incoming messages (in this case the '404' HTTP
response) received by ESB ?
Not to my knowledge, since this is SSL you cannot even use TCPMON to
monitor the messages, but I think you should be able to use the tcpdump
tool to monitor the message, or you can remote debug Synapse code over
the running instance of ESB and catch the message at the transport
level, (inside ClientWorker)
Thanks,
Ruwan
Regards, Stefan Lecho.
Ruwan Linton-3 wrote:
Hi Stefan,
By looking at the stack trace, I think the server to which you are
talking through ESB returns a *HTML* response rather than a *SOAP*
response, with a 404 not found, which can not be handled by the ESB
because it contains a DTD which cannot be built by AXIOM.
Can you please tell us the server to which you are talking through ESB,
and can you make sure to send a request which will not result in a 404
Resource not found and see whether it is working properly.
Thanks,
Ruwan
stlecho wrote:
Hi Asankha,
I've changed the HTTPS Transport sender and the following error message
disappeared: "PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target".
But now I'm receiving another one :o(:
"com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
(code 34) in DOCTYPE declaration; expected a space between public and
system
identifiers".
The only modification I've done, is changing the trustStore parameter of
the
HTTPS Transport Sender in the webapp\WEB-INF\classes\conf\axis2.xml file.
Based on the stacktrace I'm not able to determine which document causes
this
error. The modified axis2.xml file does not contain a DOCTYPE
declaration.
Stacktrace:
2008-03-05 17:20:01,567 [192.168.13.175-INFOR2] [I/O dispatcher 3] ERROR
ClientHandler Received an unexpected response - of content type :
text/html;
charset=iso-8859-1 and status code : 404 with reason : Not Found
2008-03-05 17:20:01,582 [192.168.13.175-INFOR2] [HttpClientWorker-1]
ERROR
ClientWorker Unexpected response received
org.apache.axiom.om.OMException:
com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
(code
34) in DOCTYPE declaration; expected a space between public and system
identifiers
at [row,col {unknown-source}]: [1,50]
at
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:239)
at
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
at
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
at
org.apache.axis2.builder.BuilderUtil.getSOAPBuilder(BuilderUtil.java:609)
at
org.apache.axis2.transport.TransportUtils.createDocumentElement(TransportUtils.java:178)
at
org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:111)
at
org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
PS: I'm using ESB v1.6.
Regards, Stefan Lecho.
asankha wrote:
Hi Stefan
In order to setup an SSL connection with the Axis2-based client, we've
added
the following: "System.setProperty("javax.net.ssl.trustStore",
"d:/path_to_file/name_of_keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "secret");".
In ESB, I've changed the value of the "truststore" parameter to use the
same
truststore used by the Axis2-based client. I've also created a Proxy
that
points to the https webservice. When calling this Proxy, the following
error
is generated: "Caused by: sun.security.validator.ValidatorException:
PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target". The used truststore
contains
the SSL certificate of the site.
Which "truststore" parameter did you change? Since you are "calling" and
external HTTPS service, you must edit the HTTPS Transport Sender
configuration as follows, and not the Listener
<transportSender name="https"
class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>identity.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
<KeyPassword>password</KeyPassword>
</KeyStore>
</parameter>
*<parameter name="truststore" locked="false">
<TrustStore>
<Location>trust.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
</TrustStore>
</parameter>*
<!--<parameter
name="HostnameVerifier">DefaultAndLocalhost</parameter>
supports Strict|AllowAll|DefaultAndLocalhost or the default
if none specified -->
</transportSender>
I'm aware that this question is more related to JKS and SSL
configuration,
but - although I found it out for the Axis2-based client - I'm unable
to
configure it correctly for ESB.
I am confident that this works without any issues if the keystores are
properly configured. Basically I would expect the truststore to contain
the CA certificate of your external server as a "trusted certificate" in
the keystore
If you can also send me the output of "keytool -v -list -keystore
trust.jks" for your JKS, that would be helpful (please remember to hide
your password from the output generated before you post it here :-))
asankha
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
