On Fri, 2011-04-22 at 20:27 +0800, 陈朝 wrote: > Thanks for reply。 > Now I can use SSLSocketFactory to establish SSL connection with JBoss。 > But when I add "CLIENT-CERT" auth-method in server's web.xml like this: > > <login-config> > <auth-method>CLIENT-CERT</auth-method> > </login-config> > > The fllowing problem appear : > --------------------------------------------------- > executing requestGET > https://10.100.123.235:8443/httpsServer/TestServlet?test=xxx HTTP/1.1 > DEBUG [main] org.apache.http.impl.conn.SingleClientConnManager - Get > connection for route HttpRoute[{s}->https://10.100.123.235:8443] > DEBUG [main] org.apache.http.impl.conn.DefaultClientConnectionOperator - > Connecting to /10.100.123.235:8443 > DEBUG [main] org.apache.http.client.protocol.RequestAddCookies - > CookieSpec selected: best-match > DEBUG [main] org.apache.http.client.protocol.RequestAuthCache - Auth > cache not set in the context > DEBUG [main] org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to > execute request > DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection - Sending > request: GET /httpsServer/TestServlet?test=xxx HTTP/1.1 > DEBUG [main] org.apache.http.wire - >> "GET > /httpsServer/TestServlet?test=xxx HTTP/1.1[\r][\n]" > DEBUG [main] org.apache.http.wire - >> "Host: > 10.100.123.235:8443[\r][\n]" > DEBUG [main] org.apache.http.wire - >> "Connection: > Keep-Alive[\r][\n]" > DEBUG [main] org.apache.http.wire - >> "User-Agent: > Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]" > DEBUG [main] org.apache.http.wire - >> "[\r][\n]" > DEBUG [main] org.apache.http.headers - >> GET > /httpsServer/TestServlet?test=xxx HTTP/1.1 > DEBUG [main] org.apache.http.headers - >> Host: > 10.100.123.235:8443 > DEBUG [main] org.apache.http.headers - >> Connection: > Keep-Alive > DEBUG [main] org.apache.http.headers - >> User-Agent: > Apache-HttpClient/4.1.1 (java 1.5) > DEBUG [main] org.apache.http.wire - << "HTTP/1.1 401 > Unauthorized[\r][\n]" > DEBUG [main] org.apache.http.wire - << "Server: > Apache-Coyote/1.1[\r][\n]" > DEBUG [main] org.apache.http.wire - << "Pragma: > No-cache[\r][\n]" > DEBUG [main] org.apache.http.wire - << "Cache-Control: > no-cache[\r][\n]" > DEBUG [main] org.apache.http.wire - << "Expires: Thu, 01 > Jan 1970 08:00:00 CST[\r][\n]" > DEBUG [main] org.apache.http.wire - << "Content-Type: > text/html;charset=utf-8[\r][\n]" > DEBUG [main] org.apache.http.wire - << "Content-Length: > 1097[\r][\n]" > DEBUG [main] org.apache.http.wire - << "Date: Fri, 22 > Apr 2011 12:04:17 GMT[\r][\n]" > DEBUG [main] org.apache.http.wire - << "[\r][\n]" > DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection - > Receiving response: HTTP/1.1 401 Unauthorized > DEBUG [main] org.apache.http.headers - << HTTP/1.1 401 > Unauthorized > DEBUG [main] org.apache.http.headers - << Server: > Apache-Coyote/1.1 > DEBUG [main] org.apache.http.headers - << Pragma: No-cache > DEBUG [main] org.apache.http.headers - << Cache-Control: > no-cache > DEBUG [main] org.apache.http.headers - << Expires: Thu, 01 > Jan 1970 08:00:00 CST > DEBUG [main] org.apache.http.headers - << Content-Type: > text/html;charset=utf-8 > DEBUG [main] org.apache.http.headers - << Content-Length: > 1097 > DEBUG [main] org.apache.http.headers - << Date: Fri, 22 Apr > 2011 12:04:17 GMT > DEBUG [main] org.apache.http.impl.client.DefaultHttpClient - Connection > can be kept alive indefinitely > DEBUG [main] org.apache.http.impl.client.DefaultHttpClient - Target > requested authentication > DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler > - Authentication schemes in the order of preference: [negotiate, NTLM, > Digest, Basic] > DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler > - Challenge for negotiate authentication scheme not available > DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler > - Challenge for NTLM authentication scheme not available > DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler > - Challenge for Digest authentication scheme not available > DEBUG [main] org.apache.http.impl.client.DefaultTargetAuthenticationHandler > - Challenge for Basic authentication scheme not available > WARN [main] org.apache.http.impl.client.DefaultHttpClient - > Authentication error: Unable to respond to any of these challenges: {} > ---------------------------------------- > HTTP/1.1 401 Unauthorized > Response content length: 1097 > --------------------------------------------------- > > [my Client Code :] > DefaultHttpClient httpclient = new DefaultHttpClient(); > try { > KeyStore trustStore = > KeyStore.getInstance(KeyStore.getDefaultType()); > InputStream instream = > ClientCustomSSL.class.getResourceAsStream("/push-app.truststore"); > try { > trustStore.load(instream, "apppassword".toCharArray()); > } finally { > try { instream.close(); } catch (Exception ignore) {} > } > > KeyStore keyStore = > KeyStore.getInstance(KeyStore.getDefaultType()); > instream = > ClientCustomSSL.class.getResourceAsStream("/push-app.keystore"); > try { > keyStore.load(instream, "apppassword".toCharArray()); > } finally { > try { instream.close(); } catch (Exception ignore) {} > } > > SSLSocketFactory socketFactory = new > SSLSocketFactory(keyStore,"apppassword",trustStore); > Scheme sch = new Scheme("https", 8443, socketFactory); > > httpclient.getConnectionManager().getSchemeRegistry().register(sch); > > HttpGet httpget = new > HttpGet("https://10.100.123.235:8443/httpsServer/TestServlet?test=xxx";); > > System.out.println("executing request" + > httpget.getRequestLine()); > > HttpResponse response = httpclient.execute(httpget); > HttpEntity entity = response.getEntity(); > > System.out.println("----------------------------------------"); > System.out.println(response.getStatusLine()); > if (entity != null) { > System.out.println("Response content length: " + > entity.getContentLength()); > } > EntityUtils.consume(entity); > > } catch(Exception ex){ > logger.error(ex); > } finally { > httpclient.getConnectionManager().shutdown(); > } > Is something wrong with my client code? >
Your SSL appears to be OK, as the connection to the server could be successfully established. However, the server your application is sending requests to behaves incorrectly. It responds with status code 401 (Unauthorized) without sending back an authentication challenge in 'WWW-Authenticate' header. As a result HttpClient cannot handle 401 response automatically. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
