Ruwan,
Indeed, it works with when using Axis2 directly, but unfortunately not when
the message is mediated through ESB.
When the 'WstxUnexpectedCharException' exception is generated, the CPU
utilization of the ESB process augments to 100% for quite a while. In the
log file, I've noticed that in this case a enormous lot of 'DEBUG
SSLIOSession I/O session 2 [interested ops: []; ready ops: [r]][SSL
handshake status: NOT_HANDSHAKING][0][0][0][0]: Clear event [r]' messages
are generated. I am obliged to stop and restart the Windows service.
PS: I'll send you my synapse configuration and logging information in a
separate mail.
Regards, Stefan.
Ruwan Linton-3 wrote:
>
> Stefan,
>
> See my comments inline,
>
> stlecho wrote:
>> Hi Ruwan,
>>
>> The webservice I'm calling is installed on a server that's behind a
>> BIG-IP
>> (firewall, load balancer, ...). The establishment of the SSL connection
>> is
>> done with this BIG-IP which at it's turn forwards - based on a specific
>> rule
>> - all webservices requests to the dedicated server.
>>
>> In our Axis2-based application, the SSL connection is setup with
>> HttpClient
>> by calling "new HttpClient().executeMethod(new
>> GetMethod("https://mywebsite";))". Once this is done, the calls to the
>> webservice work perfectly. So I'm wondering how Axis2 is capable of
>> handling
>> the '404' HTTP response.
>>
> If I got you correctly, what you are saying is that the axis2 based
> application can directly talk to the web service, without any issue and
> this occurs only when the message is mediated though ESB? If this is the
> case then probably there can be a configuration error in ESB
>
> Is there any possibility of sharing the configuration used by the ESB.
> You can send it to me privately if you have any issues in sending the
> configuration through the public list.
>
> At the same time can you please attach the full DEBUG log of the ESB
> with the configuration that you are using?
>> I will try to connect to a HTTPs-based webservice that does not use this
>> kind of "forwarding" configuration.
>>
>> PS: Is there a way to log all incoming messages (in this case the '404'
>> HTTP
>> response) received by ESB ?
>>
> Not to my knowledge, since this is SSL you cannot even use TCPMON to
> monitor the messages, but I think you should be able to use the tcpdump
> tool to monitor the message, or you can remote debug Synapse code over
> the running instance of ESB and catch the message at the transport
> level, (inside ClientWorker)
>
> Thanks,
> Ruwan
>> Regards, Stefan Lecho.
>>
>>
>> Ruwan Linton-3 wrote:
>>
>>> Hi Stefan,
>>>
>>> By looking at the stack trace, I think the server to which you are
>>> talking through ESB returns a *HTML* response rather than a *SOAP*
>>> response, with a 404 not found, which can not be handled by the ESB
>>> because it contains a DTD which cannot be built by AXIOM.
>>>
>>> Can you please tell us the server to which you are talking through ESB,
>>> and can you make sure to send a request which will not result in a 404
>>> Resource not found and see whether it is working properly.
>>>
>>> Thanks,
>>> Ruwan
>>>
>>> stlecho wrote:
>>>
>>>> Hi Asankha,
>>>>
>>>> I've changed the HTTPS Transport sender and the following error message
>>>> disappeared: "PKIX path building failed:
>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>> find
>>>> valid certification path to requested target".
>>>>
>>>> But now I'm receiving another one :o(:
>>>> "com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
>>>> (code 34) in DOCTYPE declaration; expected a space between public and
>>>> system
>>>> identifiers".
>>>>
>>>> The only modification I've done, is changing the trustStore parameter
>>>> of
>>>> the
>>>> HTTPS Transport Sender in the webapp\WEB-INF\classes\conf\axis2.xml
>>>> file.
>>>> Based on the stacktrace I'm not able to determine which document causes
>>>> this
>>>> error. The modified axis2.xml file does not contain a DOCTYPE
>>>> declaration.
>>>>
>>>> Stacktrace:
>>>> 2008-03-05 17:20:01,567 [192.168.13.175-INFOR2] [I/O dispatcher 3]
>>>> ERROR
>>>> ClientHandler Received an unexpected response - of content type :
>>>> text/html;
>>>> charset=iso-8859-1 and status code : 404 with reason : Not Found
>>>> 2008-03-05 17:20:01,582 [192.168.13.175-INFOR2] [HttpClientWorker-1]
>>>> ERROR
>>>> ClientWorker Unexpected response received
>>>> org.apache.axiom.om.OMException:
>>>> com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
>>>> (code
>>>> 34) in DOCTYPE declaration; expected a space between public and system
>>>> identifiers
>>>> at [row,col {unknown-source}]: [1,50]
>>>> at
>>>> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:239)
>>>> at
>>>> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
>>>> at
>>>> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
>>>> at
>>>> org.apache.axis2.builder.BuilderUtil.getSOAPBuilder(BuilderUtil.java:609)
>>>> at
>>>> org.apache.axis2.transport.TransportUtils.createDocumentElement(TransportUtils.java:178)
>>>> at
>>>> org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:111)
>>>> at
>>>> org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:160)
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
>>>> at java.lang.Thread.run(Thread.java:595)
>>>>
>>>> PS: I'm using ESB v1.6.
>>>>
>>>> Regards, Stefan Lecho.
>>>>
>>>>
>>>> asankha wrote:
>>>>
>>>>
>>>>> Hi Stefan
>>>>>
>>>>>
>>>>>> In order to setup an SSL connection with the Axis2-based client,
>>>>>> we've
>>>>>> added
>>>>>> the following: "System.setProperty("javax.net.ssl.trustStore",
>>>>>> "d:/path_to_file/name_of_keystore");
>>>>>> System.setProperty("javax.net.ssl.trustStorePassword", "secret");".
>>>>>>
>>>>>> In ESB, I've changed the value of the "truststore" parameter to use
>>>>>> the
>>>>>> same
>>>>>> truststore used by the Axis2-based client. I've also created a Proxy
>>>>>> that
>>>>>> points to the https webservice. When calling this Proxy, the
>>>>>> following
>>>>>> error
>>>>>> is generated: "Caused by: sun.security.validator.ValidatorException:
>>>>>> PKIX
>>>>>> path building failed:
>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>>>> find
>>>>>> valid certification path to requested target". The used truststore
>>>>>> contains
>>>>>> the SSL certificate of the site.
>>>>>>
>>>>>>
>>>>>>
>>>>> Which "truststore" parameter did you change? Since you are "calling"
>>>>> and
>>>>> external HTTPS service, you must edit the HTTPS Transport Sender
>>>>> configuration as follows, and not the Listener
>>>>>
>>>>> <transportSender name="https"
>>>>> class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
>>>>> <parameter name="non-blocking" locked="false">true</parameter>
>>>>> <parameter name="keystore" locked="false">
>>>>> <KeyStore>
>>>>> <Location>identity.jks</Location>
>>>>> <Type>JKS</Type>
>>>>> <Password>password</Password>
>>>>> <KeyPassword>password</KeyPassword>
>>>>> </KeyStore>
>>>>> </parameter>
>>>>> *<parameter name="truststore" locked="false">
>>>>> <TrustStore>
>>>>> <Location>trust.jks</Location>
>>>>> <Type>JKS</Type>
>>>>> <Password>password</Password>
>>>>> </TrustStore>
>>>>> </parameter>*
>>>>> <!--<parameter
>>>>> name="HostnameVerifier">DefaultAndLocalhost</parameter>
>>>>> supports Strict|AllowAll|DefaultAndLocalhost or the
>>>>> default
>>>>> if none specified -->
>>>>> </transportSender>
>>>>>
>>>>>
>>>>>
>>>>>> I'm aware that this question is more related to JKS and SSL
>>>>>> configuration,
>>>>>> but - although I found it out for the Axis2-based client - I'm unable
>>>>>> to
>>>>>> configure it correctly for ESB.
>>>>>>
>>>>>>
>>>>>>
>>>>> I am confident that this works without any issues if the keystores are
>>>>> properly configured. Basically I would expect the truststore to
>>>>> contain
>>>>> the CA certificate of your external server as a "trusted certificate"
>>>>> in
>>>>> the keystore
>>>>>
>>>>> If you can also send me the output of "keytool -v -list -keystore
>>>>> trust.jks" for your JKS, that would be helpful (please remember to
>>>>> hide
>>>>> your password from the output generated before you post it here :-))
>>>>>
>>>>> asankha
>>>>>
>>>>> _______________________________________________
>>>>> Esb-java-user mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Esb-java-user mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>>>
>>>
>>>
>>
>>
>
>
> _______________________________________________
> Esb-java-user mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>
>
--
View this message in context:
http://www.nabble.com/HTTPS-connection-tp15613822p15873190.html
Sent from the WSO2 ESB Users mailing list archive at Nabble.com.
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
