Sorry not jetty config http config is what I meant to say On 29/10/2014 7:57 AM, "Jason Pell" <[email protected]> wrote:
> sorry forgot to get back to you on the 2.7.6 thing. > org.apache.cxf.transport.https.SSLSocketFactoryWrapper has not been changed > in 6 years, so its definately calling setEnabledProtocols where you pass in > a secureSocketProtocol in the jetty config. > > If you can attach a debugger and ensure it gets to that code in > SSLSocketFactoryWrapper > > On Tue, Oct 28, 2014 at 7:08 AM, Jason Pell <[email protected]> wrote: > >> Hi, >> >> The code for poodle was added for server side. >> >> The conduit config that you use should have set the enabled protocols on >> the jdk SSL context. >> >> I only checked cxf 2.7.12 not 2.7.6. I would expect they are the same >> but will check real quick and reply to this email. >> >> Can you attach a debugger to weblogic and put a break point in the SSL >> context factory wrapper class? You can make sure its executing the enabled >> protocols bit. >> >> If it is perhaps it's a jdk issue >> On 28/10/2014 6:50 AM, "David Roytenberg (Consultant)" < >> [email protected]> wrote: >> >>> Thanks Jason, Since you've worked on Poodle, maybe you are aware of >>> whether the CXF client has changed its behavior since 2.7.6 as far as >>> SSLv2Hello protocol is concerned. I have two identical CXF configurations, >>> using the default protocol setting which looks to be TLS. With the SSL >>> debugging turned on, I see that the SSLv2Hello is being used to wrap the >>> client hello packet in each case. In my first integration all is well >>> while in the current integration, the server appears to drop the connection >>> as soon as it receives the SSLV2Hello packet. >>> >>> What I'd like to do is prevent the client from using that SSLv2Hello >>> protocol for the handshake Hello packet. >>> >>> None of the settings on this page: >>> http://cxf.apache.org/docs/tls-configuration.html seem to allow me to >>> control the Protocols directly, but I am still learning all the ins and >>> outs of how SSL is configured under the hood. >>> >>> From what you wrote it sounds like SSLv2Hello protocol is going to be >>> removed in the client in CXF 2.7.14. Is that right? >>> >>> Thanks, >>> >>> David >>> >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On Behalf Of >>> Jason Pell >>> Sent: Monday, October 27, 2014 2:07 PM >>> To: [email protected] >>> Subject: Re: How to Disable SSLv2 client hello in CXF? >>> >>> Here is the actual page which deals with the config for tls >>> >>> http://cxf.apache.org/docs/tls-configuration.html >>> >>> >>> >>> On Tue, Oct 28, 2014 at 5:06 AM, Jason Pell <[email protected]> wrote: >>> >>> > See, but note that the secureSocketProtocol is missing from the >>> examples. >>> > (Search in the page for Configuring SSL Support) >>> > >>> > http://cxf.apache.org/docs/client-http-transport-including-ssl-support >>> > .html >>> > >>> > On Tue, Oct 28, 2014 at 5:02 AM, Jason Pell <[email protected]> >>> wrote: >>> > >>> >> So I did some digging to remind myself of how it works on the client >>> >> and I was dead wrong. >>> >> >>> >> I was thinking about how the server works (having just done the >>> >> poodle >>> >> changes) >>> >> >>> >> Anyway, what Andrei was absolutely correct. >>> >> >>> >> You can see it applied in >>> >> org.apache.cxf.transport.https.SSLSocketFactoryWrapper. The >>> >> SSLSocketFactoryWrapper is called from the >>> >> org.apache.cxf.transport.https.HttpsURLConnectionFactory >>> >> >>> >> It results in the Socket Factory setEnabledProtocols to the actual >>> >> protocol you listed in the tls client parameters (see below) >>> >> >>> >> <http:tlsClientParameters disableCNCheck="true" >>> >> secureSocketProtocol="TLSv1"> >>> >> >>> >> You need to make sure that your conduit configuration is being >>> >> applied correctly in web logic, perhaps its not being picked up. >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> On Tue, Oct 28, 2014 at 4:36 AM, Jason Pell <[email protected]> >>> wrote: >>> >> >>> >>> Hi, >>> >>> >>> >>> I run embedded jetty container >>> >>> >>> >>> Sorry I forgot that you were running weblogic when I responded. In >>> that >>> >>> case do you even use the embedded jetty container? I am guessing >>> no. If >>> >>> not, then you would need to use the standard weblogic ssl >>> configuration. >>> >>> >>> >>> I don't believe CXF is responsible for any of the ssl config in that >>> >>> case. But then I am not very knowledgeable of cxf deployed to a >>> >>> j2ee container sorry. >>> >>> >>> >>> Sorry for the runaround and wasting your time >>> >>> >>> >>> Regards >>> >>> Jason >>> >>> >>> >>> >>> >>> On Tue, Oct 28, 2014 at 2:33 AM, David Roytenberg (Consultant) < >>> >>> [email protected]> wrote: >>> >>> >>> >>>> Hi Jason, >>> >>>> >>> >>>> Are you running on WebLogic by any chance? When I configured >>> >>>> the properties in the deployment to point to the WebLogic default >>> >>>> key store and trust store, I get a >>> >>>> java.security.UnrecoverableKeyException while trying to deploy my >>> application. Did you encounter this problem? >>> >>>> >>> >>>> Here's my config: >>> >>>> >>> >>>> <constructor-arg> >>> >>>> <list> >>> >>>> <bean >>> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig"> >>> >>>> <property name="uri" value=" >>> >>>> https://localhost:7002"; /> >>> >>>> <property >>> name="keyStoreFile" >>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" >>> /> >>> >>>> <property >>> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" /> >>> >>>> <property >>> name="trustStoreFile" >>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoTrust.jks" /> >>> >>>> <property >>> >>>> name="trustStorePassword" value="DemoTrustKeyStorePassPhrase" /> >>> >>>> <property >>> >>>> name="secureSocketProtocol" value="TLSv1" /> >>> >>>> </bean> >>> >>>> >>> >>>> <bean >>> >>>> class="com.pellcorp.server.jetty.JettyHttpEngineConfig"> >>> >>>> <property name="uri" value=" >>> >>>> https://localhost:7002"; /> >>> >>>> <property >>> name="keyStoreFile" >>> >>>> value="/opt/weblogic_11/wlserver_10.3/server/lib/DemoIdentity.jks" >>> /> >>> >>>> <property >>> >>>> name="keyStorePassword" value="DemoIdentityKeyStorePassPhrase" /> >>> >>>> <property >>> >>>> name="secureSocketProtocol" value="TLSv1" /> >>> >>>> </bean> >>> >>>> </list> >>> >>>> </constructor-arg> >>> >>>> >>> >>>> David >>> >>>> >>> >>>> -----Original Message----- >>> >>>> From: [email protected] [mailto:[email protected]] On Behalf >>> >>>> Of Jason Pell >>> >>>> Sent: Monday, October 27, 2014 7:23 AM >>> >>>> To: [email protected] >>> >>>> Subject: Re: How to Disable SSLv2 client hello in CXF? >>> >>>> >>> >>>> Hi, >>> >>>> >>> >>>> Here is a sample of using your own custom version of the jetty >>> >>>> factory in your spring context. It is pretty invasive, so its >>> >>>> actually better to wait for 2.7.14 and take advantage of the code >>> >>>> already there. I use this code for other reasons though, as it >>> >>>> allows me to configure the trust / key stores via spring properties. >>> >>>> >>> >>>> >>> >>>> https://github.com/pellcorp/cxf/tree/master/JavaFirst/src/main/java >>> >>>> /com/pellcorp/server/jetty >>> >>>> >>> >>>> >>> >>>> >>> >>>> A sample spring context: >>> >>>> >>> >>>> >>> >>>> https://github.com/pellcorp/cxf/blob/master/JavaFirst/src/main/reso >>> >>>> urces/META-INF/samlApplicationContext.xml >>> >>>> >>> >>>> >>> >>>> >>> >>>> >>> >>>> On Mon, Oct 27, 2014 at 9:44 PM, Jason Pell <[email protected]> >>> wrote: >>> >>>> >>> >>>> > That setting won't actually control what protocols jetty will >>> >>>> > actually use. I think it just controls what the highest protocol >>> is used. >>> >>>> > >>> >>>> > The excluded protocols list needs to include the sslv2 setting. >>> >>>> > >>> >>>> > we actually overrode the jetty factory jetty engine and one other >>> >>>> > class to get access to the SSL context to configure the excluded >>> >>>> > protocols. Not pretty but we can't wait for 2.7.14. >>> >>>> > >>> >>>> > If you are interested I shall post our classes to my git repo. >>> >>>> > >>> >>>> > Let me know >>> >>>> > On 27/10/2014 8:14 PM, "Andrei Shakirin" <[email protected]> >>> >>>> wrote: >>> >>>> > >>> >>>> >> Hi, >>> >>>> >> >>> >>>> >> I guess you mean TLSClientParameters.secureSocketProtocol in >>> Conduit. >>> >>>> >> >>> >>>> >> As far as I can see this parameter is used for creating >>> >>>> >> java.net.ssl.SSLContext: >>> >>>> >> String protocol = parameters.getSecureSocketProtocol() >>> >>>> >> != >>> >>>> null ? >>> >>>> >> parameters >>> >>>> >> .getSecureSocketProtocol() : "TLS"; >>> >>>> >> >>> >>>> >> The setting should work. How you apply conduit settings: >>> >>>> >> programmatically or via spring configuration? >>> >>>> >> Could you past the code snapshot? >>> >>>> >> >>> >>>> >> Regards, >>> >>>> >> Andrei. >>> >>>> >> >>> >>>> >> > -----Original Message----- >>> >>>> >> > From: David Roytenberg (Consultant) >>> >>>> >> > [mailto:[email protected]] >>> >>>> >> > Sent: Freitag, 24. Oktober 2014 17:46 >>> >>>> >> > To: [email protected] >>> >>>> >> > Subject: RE: How to Disable SSLv2 client hello in CXF? >>> >>>> >> > >>> >>>> >> > Hello again. >>> >>>> >> > >>> >>>> >> > I've dug further into the CXF documentation and found that it >>> >>>> >> > is >>> >>>> >> possible to >>> >>>> >> > programmatically set the SSL protocols on the TLSProperties >>> >>>> >> > object of >>> >>>> >> the >>> >>>> >> > Conduit. >>> >>>> >> > >>> >>>> >> > I've created the TLS properties and set the SSL protocols to >>> >>>> >> > TLS1, but >>> >>>> >> this does >>> >>>> >> > not change the SSL behavior, which still starts with TLSv1.2 >>> >>>> >> > then sends >>> >>>> >> the hello >>> >>>> >> > with SSLv2 which is then dropped on the client end. Is there >>> >>>> >> > another >>> >>>> >> switch that >>> >>>> >> > has to be set to over-ride the default SSL behavior? >>> >>>> >> > >>> >>>> >> > David >>> >>>> >> > >>> >>>> >> > -----Original Message----- >>> >>>> >> > From: David Roytenberg (Consultant) >>> >>>> >> > [mailto:[email protected]] >>> >>>> >> > Sent: Thursday, October 23, 2014 4:57 PM >>> >>>> >> > To: [email protected] >>> >>>> >> > Subject: How to Disable SSLv2 client hello in CXF? >>> >>>> >> > >>> >>>> >> > I'm having an SSL problem and I wonder if there is a way to >>> >>>> >> > fix it >>> >>>> >> within CXF >>> >>>> >> > >>> >>>> >> > We have our CXF 2.7.6 based integration deployed on Weblogic >>> 11. >>> >>>> >> > We are using JDK 1.7_065 >>> >>>> >> > >>> >>>> >> > When we connect to our remote client via SSL we get the >>> >>>> >> > following trace >>> >>>> >> with >>> >>>> >> > lots of SSL debugging turned on >>> >>>> >> > >>> >>>> >> > What appears to be happening is that the Hello message is sent >>> >>>> >> > with an >>> >>>> >> SSLV2 >>> >>>> >> > protocol, which our partner's server does not like. >>> >>>> >> > Apparently sending >>> >>>> >> the >>> >>>> >> > Hello at this level is a common behavior and apparently it >>> >>>> >> > sometimes >>> >>>> >> causes >>> >>>> >> > the remote server to fail. I found a suggestion on line that >>> >>>> >> > this can >>> >>>> >> be fixed by >>> >>>> >> > removing the SSLv2 from the allowed protocols. I am wondering >>> >>>> >> > if I can >>> >>>> >> do that >>> >>>> >> > through CFX configuration? >>> >>>> >> > >>> >>>> >> > This is a reference to the article that suggests that removing >>> >>>> >> > the >>> >>>> >> protocol is the >>> >>>> >> > solution to this problem: >>> >>>> >> > >>> >>>> >> > >>> >>>> >> >>> >>>> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket >>> >>>> -s >>> >>>> >> end-a- >>> >>>> >> > version-2-client-hello >>> >>>> >> > >>> >>>> >> > The protocols are apparently set on the SSLContext in JSSE by >>> >>>> >> > calling setEnabledProtocols(String[] protocols) >>> >>>> >> > >>> >>>> >> > Is there a way to set the enabled protocols on the SSLContext >>> >>>> >> > via CXF configuration? >>> >>>> >> > >>> >>>> >> > If not, is there a way to get hold of the SSLContext >>> >>>> >> > programmatically >>> >>>> >> in a CXF >>> >>>> >> > interceptor? >>> >>>> >> > >>> >>>> >> > We can't fix this problem at the WebLogic level because of >>> >>>> >> > side-effects >>> >>>> >> on >>> >>>> >> > other apps. Thanks in advance for any suggestions or >>> guidance! >>> >>>> >> > >>> >>>> >> > WebLogic SSL debug trace follows: >>> >>>> >> > >>> >>>> >> > %% No cached client session >>> >>>> >> > *** ClientHello, TLSv1.2 >>> >>>> >> > RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, >>> >>>> >> > 54, 202, >>> >>>> >> 98, 8, >>> >>>> >> > 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100, >>> >>>> >> > 82, 100, >>> >>>> >> 197, 213, >>> >>>> >> > 31, 89, 96 } Session ID: {} Cipher Suites: >>> >>>> >> > [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, >>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, >>> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA256, >>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, >>> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, >>> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS >>> >>>> >> > _WITH_AES_256_CBC_SHA256, >>> >>>> >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, >>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, >>> >>>> >> > TLS_RSA_WITH_AES_256_CBC_SHA, >>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, >>> >>>> >> > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, >>> >>>> >> > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE >>> >>>> >> > S_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, >>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, >>> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA256, >>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, >>> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, >>> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_ >>> >>>> >> > WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, >>> >>>> >> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, >>> >>>> >> > TLS_RSA_WITH_AES_128_CBC_SHA, >>> >>>> >> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, >>> >>>> >> > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, >>> >>>> >> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES >>> >>>> >> > _128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, >>> >>>> >> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, >>> >>>> >> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, >>> >>>> >> > TLS_ECDH_RSA_WITH_RC4_128_SHA, >>> >>>> >> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, >>> >>>> >> > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W >>> >>>> >> > ITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, >>> >>>> >> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, >>> >>>> >> > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, >>> >>>> >> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, >>> >>>> >> > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] >>> >>>> >> > Compression Methods: { 0 } >>> >>>> >> > Extension elliptic_curves, curve names: {secp256r1, sect163k1, >>> >>>> >> sect163r2, >>> >>>> >> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, >>> >>>> >> > sect283r1, >>> >>>> >> secp384r1, >>> >>>> >> > sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, >>> >>>> >> > secp160k1, >>> >>>> >> secp160r1, >>> >>>> >> > secp160r2, sect163r1, secp1 92k1, sect193r1, sect193r2, >>> >>>> >> > secp224k1, >>> >>>> >> sect239k1, >>> >>>> >> > secp256k1} Extension ec_point_formats, formats: [uncompressed] >>> >>>> >> > Extension signature_algorithms, signature_algorithms: >>> >>>> >> > SHA512withECDSA, SHA512withRSA, SHA384withECDSA, >>> >>>> >> > SHA384withRSA, SHA256withECDSA, SHA256withRSA, >>> >>>> >> > SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, >>> >>>> >> > SHA1withDSA, MD5withRSA >>> >>>> >> > *** >>> >>>> >> > [write] MD5 and SHA1 hashes: len = 221 >>> >>>> >> > 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA >>> >>>> >> ......TIf.../.6. >>> >>>> >> > 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 >>> >>>> >> b...z.P.5X...ldR >>> >>>> >> > 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 >>> >>>> >> d...Y`..T.$.(.=. >>> >>>> >> > 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 >>> >>>> >> &.*.k.j.....5... >>> >>>> >> > 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 >>> >>>> >> ..9.8.#.'.<.%.). >>> >>>> >> > 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@ >>> >>>> >> ...../.....3. >>> >>>> >> > 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 >>> >>>> >> 2............... >>> >>>> >> > 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 >>> >>>> >> ................ >>> >>>> >> > 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 >>> >>>> >> \...4.2......... >>> >>>> >> > 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 >>> >>>> >> ................ >>> >>>> >> > 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 >>> >>>> >> ................ >>> >>>> >> > 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 >>> >>>> >> ................ >>> >>>> >> > 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 >>> >>>> >> ................ >>> >>>> >> > 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 >>> >>>> ............. >>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue: >>> >>>> >> > 'weblogic.kernel.Default >>> >>>> >> (self-tuning)', >>> >>>> >> > WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 >>> hashes: >>> >>>> >> len = >>> >>>> >> > 188 >>> >>>> >> > 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 >>> ........ >>> >>>> >> ..$..(. >>> >>>> >> > 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 >>> >>>> >> .=..&..*..k..j.. >>> >>>> >> > 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F >>> >>>> >> .........5...... >>> >>>> >> > 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 >>> >>>> >> ..9..8..#..'..<. >>> >>>> >> > 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 >>> >>>> .%..)..g..@ >>> >>>> >> ..... >>> >>>> >> > 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E >>> >>>> >> @...../......... >>> >>>> >> > 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 >>> >>>> >> ..3..2.......... >>> >>>> >> > 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 >>> >>>> >> ................ >>> >>>> >> > 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 >>> >>>> >> ................ >>> >>>> >> > 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B >>> >>>> >> ............TIf. >>> >>>> >> > 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 >>> >>>> >> ../.6.b...z.P.5X >>> >>>> >> > 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 >>> >>>> ...ldRd...Y` >>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue: >>> >>>> >> > 'weblogic.kernel.Default >>> >>>> >> (self-tuning)', >>> >>>> >> > WRITE: SSLv2 client hello message, length = 188 [Raw write]: >>> >>>> >> > length = >>> >>>> >> 190 >>> >>>> >> > 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 >>> .......... >>> >>>> >> ..$.. >>> >>>> >> > 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A >>> >>>> >> (..=..&..*..k..j >>> >>>> >> > 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 >>> >>>> >> ...........5.... >>> >>>> >> > 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 >>> >>>> >> ....9..8..#..'.. >>> >>>> >> > 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 >>> >>>> <..%..)..g..@ >>> >>>> >> ... >>> >>>> >> > 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 >>> >>>> >> ..@...../....... >>> >>>> >> > 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 >>> >>>> >> ....3..2........ >>> >>>> >> > 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 >>> >>>> >> ................ >>> >>>> >> > 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 >>> >>>> >> ................ >>> >>>> >> > 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 >>> >>>> >> ..............TI >>> >>>> >> > 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE >>> >>>> >> f.../.6.b...z.P. >>> >>>> >> > 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 >>> >>>> 5X...ldRd...Y` >>> >>>> >> > <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> >>> >>>> >> > <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue: >>> >>>> >> 'weblogic.kernel.Default (self- >>> >>>> >> > tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: >>> >>>> SSLENGINE: >>> >>>> >> > SSLEngine.wrap(ByteBuffer,ByteBuffer) >>> >>>> >> > called: result=Status = OK HandshakeStatus = NEED_UNWRAP >>> >>>> >> > bytesConsumed = >>> >>>> >> > 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug> >>> >>>> >> > <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: >>> >>>> >> > '0' for >>> >>>> >> queue: >>> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled >>> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: >>> >>>> >> > SSLEngine.unwrap(ByteBuffer,ByteBuffer >>> >>>> >> > []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = >>> >>>> >> > NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: >>> >>>> length = 5 >>> >>>> >> > 0000: 15 03 03 00 02 ..... >>> >>>> >> > [Raw read]: length = 2 >>> >>>> >> > 0000: 02 28 .( >>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue: >>> >>>> >> > 'weblogic.kernel.Default >>> >>>> >> (self-tuning)', >>> >>>> >> > READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' >>> >>>> >> > for >>> >>>> queue: >>> >>>> >> > 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: >>> >>>> >> > fatal, handshake_failure [ACTIVE] ExecuteThread: '0' for queue: >>> >>>> >> > 'weblogic.kernel.Default (self-tuning)', fatal: engine already >>> >>>> closed. >>> >>>> >> > Rethrowing javax.net.ssl.SSLException: Received fatal alert: >>> >>>> >> handshake_failure >>> >>>> >> > [ACTIVE] ExecuteThread: '0' for queue: >>> >>>> >> > 'weblogic.kernel.Default >>> >>>> >> (self-tuning)', >>> >>>> >> > fatal: engine already closed. Rethrowing >>> >>>> javax.net.ssl.SSLException: >>> >>>> >> Received >>> >>>> >> > fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT> >>> >>>> >> > <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] >>> ExecuteThread: >>> >>>> >> > '0' for >>> >>>> >> queue: >>> >>>> >> > 'weblogic.kernel.Default (self-tuning)',5,Pooled >>> >>>> >> > Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: >>> >>>> >> > Exception >>> >>>> >> occurred >>> >>>> >> > during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]). >>> >>>> >> > javax.net.ssl.SSLException: Received fatal alert: >>> handshake_failure >>> >>>> >> > at >>> sun.security.ssl.Alerts.getSSLException(Alerts.java:208) >>> >>>> >> > at >>> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) >>> >>>> >> > at >>> >>>> sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587) >>> >>>> >> > at >>> >>>> >> sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756 >>> >>>> >> ) >>> >>>> >> > at >>> >>>> >> sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:106 >>> >>>> >> 0) >>> >>>> >> > at >>> >>>> >> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java: >>> >>>> >> 884) >>> >>>> >> > at >>> >>>> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) >>> >>>> >> > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java: >>> >>>> >> 134) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngi >>> >>>> >> ne.ja >>> >>>> >> va:732) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine >>> >>>> >> .java >>> >>>> >> :132) >>> >>>> >> > at >>> >>>> >> weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl. >>> >>>> >> java:44 >>> >>>> >> > 8) >>> >>>> >> > at >>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:8 >>> >>>> >> 0) >>> >>>> >> > at >>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:6 >>> >>>> >> 4) >>> >>>> >> > at >>> >>>> >> weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:5 >>> >>>> >> 9) >>> >>>> >> > at >>> >>>> weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390) >>> >>>> >> > at >>> >>>> >> > >>> >>>> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:8 >>> >>>> 9) >>> >>>> >> > at >>> >>>> >> > >>> >>>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java: >>> >>>> 82) >>> >>>> >> > at >>> >>>> >> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140 >>> >>>> >> ) >>> >>>> >> > at >>> >>>> java.io.FilterOutputStream.flush(FilterOutputStream.java:140) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnect >>> >>>> >> ion.j >>> >>>> >> ava:1 >>> >>>> >> > 86) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConne >>> >>>> >> ction >>> >>>> >> .jav >>> >>>> >> > a:280) >>> >>>> >> > at >>> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn >>> >>>> >> > ectio >>> >>>> >> > nWra >>> >>>> >> > ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.j >>> >>>> >> > ava:1 >>> >>>> >> > 68 >>> >>>> >> > ) >>> >>>> >> > at >>> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream. >>> >>>> >> > handl >>> >>>> >> > eHea >>> >>>> >> > dersTrustCaching(HTTPConduit.java:1278) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.on >>> >>>> >> First >>> >>>> >> Writ >>> >>>> >> > e(HTTPConduit.java:1234) >>> >>>> >> > at >>> >>>> >> > org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConn >>> >>>> >> > ectio >>> >>>> >> > nWra >>> >>>> >> > >>> ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195) >>> >>>> >> > at >>> >>>> >> > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWr >>> >>>> >> > apped >>> >>>> >> > Outpu >>> >>>> >> > tStream.java:47) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractTh >>> >>>> >> resho >>> >>>> >> ldOutp >>> >>>> >> > utStream.java:69) >>> >>>> >> > at >>> >>>> >> > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream. >>> >>>> >> > close >>> >>>> >> > (HTTP >>> >>>> >> > Conduit.java:1291) >>> >>>> >> > at >>> >>>> >> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.j >>> >>>> >> ava:5 >>> >>>> >> 6) >>> >>>> >> > at >>> >>>> >> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java >>> >>>> >> :623) >>> >>>> >> > at >>> >>>> >> > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSen >>> >>>> >> > derEn >>> >>>> >> > dingI >>> >>>> >> > nterceptor.handleMessage(MessageSenderInterceptor.java:62) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInte >>> >>>> >> rcept >>> >>>> >> orChai >>> >>>> >> > n.java:271) >>> >>>> >> > at >>> >>>> >> org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541) >>> >>>> >> > at >>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474) >>> >>>> >> > at >>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377) >>> >>>> >> > at >>> >>>> >> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330) >>> >>>> >> > at >>> >>>> >> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java: >>> >>>> >> 96) >>> >>>> >> > at >>> >>>> >> > >>> >>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java: >>> >>>> 134) >>> >>>> >> > at com.sun.proxy.$Proxy258.startTransaction(Unknown >>> Source) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.init >>> >>>> >> iateV >>> >>>> >> erification( >>> >>>> >> > VerifyClient.java:87) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.sub >>> >>>> >> mitIn >>> >>>> >> itial(Ve >>> >>>> >> > rifyGateway.java:24) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.identity.service.IdentificationServiceImpl.submitIni >>> >>>> >> tial( >>> >>>> >> Identificatio >>> >>>> >> > nServiceImpl.java:147) >>> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>> >>>> Method) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> >>>> >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: >>> >>>> >> > 57) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod >>> >>>> >> Acces >>> >>>> >> sorI >>> >>>> >> > mpl.java:43) >>> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingRef >>> >>>> >> lecti >>> >>>> >> on(Aop >>> >>>> >> > Utils.java:317) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.inv >>> >>>> >> okeJo >>> >>>> >> inpo >>> >>>> >> > int(ReflectiveMethodInvocation.java:183) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro >>> >>>> >> ceed( >>> >>>> >> Refl >>> >>>> >> > ectiveMethodInvocation.java:150) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> >>>> org.springframework.transaction.interceptor.TransactionInterceptor. >>> >>>> in >>> >>>> >> voke(Tra >>> >>>> >> > nsactionInterceptor.java:110) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro >>> >>>> >> ceed( >>> >>>> >> Refl >>> >>>> >> > ectiveMethodInvocation.java:172) >>> >>>> >> > at >>> >>>> >> > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(Jd >>> >>>> >> > kDyna >>> >>>> >> > mic >>> >>>> >> > AopProxy.java:204) >>> >>>> >> > at com.sun.proxy.$Proxy211.submitInitial(Unknown >>> Source) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.identity.web.rest.IdentificationController.create(Id >>> >>>> >> entif >>> >>>> >> icationCont >>> >>>> >> > roller.java:133) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.identity.web.rest.IdentificationController$$FastClas >>> >>>> >> sByCG >>> >>>> >> LIB$$95f >>> >>>> >> > 388d3.invoke(<generated>) >>> >>>> >> > at >>> >>>> >> > >>> >>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java >>> >>>> :204) >>> >>>> >> > at >>> >>>> >> > org.springframework.aop.framework.CglibAopProxy$CglibMethodInv >>> >>>> >> > ocati >>> >>>> >> > on.in >>> >>>> >> > vokeJoinpoint(CglibAopProxy.java:698) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro >>> >>>> >> ceed( >>> >>>> >> Refl >>> >>>> >> > ectiveMethodInvocation.java:150) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.access.intercept.aopalliance.Method >>> >>>> >> Secur >>> >>>> >> ityInter >>> >>>> >> > ceptor.invoke(MethodSecurityInterceptor.java:64) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.aop.framework.ReflectiveMethodInvocation.pro >>> >>>> >> ceed( >>> >>>> >> Refl >>> >>>> >> > ectiveMethodInvocation.java:172) >>> >>>> >> > at >>> >>>> >> > org.springframework.aop.framework.CglibAopProxy$DynamicAdvised >>> >>>> >> > Inter >>> >>>> >> > cept >>> >>>> >> > or.intercept(CglibAopProxy.java:631) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.identity.web.rest.IdentificationController$$Enhancer >>> >>>> >> ByCGL >>> >>>> >> IB$$36 >>> >>>> >> > b7b48f.create(<generated>) >>> >>>> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>> >>>> Method) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> >>>> >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: >>> >>>> >> > 57) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod >>> >>>> >> Acces >>> >>>> >> sorI >>> >>>> >> > mpl.java:43) >>> >>>> >> > at java.lang.reflect.Method.invoke(Method.java:606) >>> >>>> >> > at >>> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod. >>> >>>> >> > invok >>> >>>> >> > e(Inv >>> >>>> >> > ocableHandlerMethod.java:219) >>> >>>> >> > at >>> >>>> >> > org.springframework.web.method.support.InvocableHandlerMethod. >>> >>>> >> > invok >>> >>>> >> > eFor >>> >>>> >> > Request(InvocableHandlerMethod.java:132) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.servlet.mvc.method.annotation.ServletInv >>> >>>> >> ocabl >>> >>>> >> eHan >>> >>>> >> > >>> dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) >>> >>>> >> > at >>> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM >>> >>>> >> > appin >>> >>>> >> > gHan >>> >>>> >> > >>> >>>> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:74 >>> >>>> 5) >>> >>>> >> > at >>> >>>> >> > org.springframework.web.servlet.mvc.method.annotation.RequestM >>> >>>> >> > appin >>> >>>> >> > gHan >>> >>>> >> > >>> dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >>> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter. >>> >>>> >> > handle(AbstractHandlerMethodAdapter.java:80) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dis >>> >>>> >> patch >>> >>>> >> erServl >>> >>>> >> > et.java:925) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.servlet.DispatcherServlet.doService(Disp >>> >>>> >> atche >>> >>>> >> rServle >>> >>>> >> > t.java:856) >>> >>>> >> > at >>> >>>> >> > org.springframework.web.servlet.FrameworkServlet.processReques >>> >>>> >> > t(Fra >>> >>>> >> > mewor >>> >>>> >> > kServlet.java:920) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.servlet.FrameworkServlet.doPost(Framewor >>> >>>> >> kServ >>> >>>> >> let.j >>> >>>> >> > ava:827) >>> >>>> >> > at >>> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> >>>> >>> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet. >>> >>>> >> > java:801) >>> >>>> >> > at >>> >>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:820) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.StubSecurityHelper$ServletServiceActio >>> >>>> >> n.run >>> >>>> >> (StubSecu >>> >>>> >> > rityHelper.java:227) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubS >>> >>>> >> ecuri >>> >>>> >> tyHelper.j >>> >>>> >> > ava:125) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImp >>> >>>> >> l.jav >>> >>>> >> a:301) >>> >>>> >> > at >>> >>>> >> weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26 >>> >>>> >> ) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm >>> >>>> >> pl.ja >>> >>>> >> va:56) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterI >>> >>>> >> ntern >>> >>>> >> al(Shallo >>> >>>> >> > wEtagHeaderFilter.java:73) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc >>> >>>> >> ePerR >>> >>>> >> equest >>> >>>> >> > Filter.java:107) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg >>> >>>> >> ate(D >>> >>>> >> elegati >>> >>>> >> > ngFilterProxy.java:346) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De >>> >>>> >> legat >>> >>>> >> ingFilter >>> >>>> >> > Proxy.java:259) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm >>> >>>> >> pl.ja >>> >>>> >> va:56) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. >>> >>>> >> doFilter( >>> >>>> >> > FilterChainProxy.java:330) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity >>> >>>> >> Inter >>> >>>> >> ceptor.inv >>> >>>> >> > oke(FilterSecurityInterceptor.java:118) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.access.intercept.FilterSecurity >>> >>>> >> Inter >>> >>>> >> ceptor.do >>> >>>> >> > Filter(FilterSecurityInterceptor.java:84) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. >>> >>>> >> doFilter( >>> >>>> >> > FilterChainProxy.java:342) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> >>>> org.springframework.security.web.access.ExceptionTranslationFilter. >>> >>>> do >>> >>>> >> Filter(Ex >>> >>>> >> > ceptionTranslationFilter.java:113) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. >>> >>>> >> doFilter( >>> >>>> >> > FilterChainProxy.java:342) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.authentication.AnonymousAuthent >>> >>>> >> icati >>> >>>> >> onFilt >>> >>>> >> > er.doFilter(AnonymousAuthenticationFilter.java:113) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. >>> >>>> >> doFilter( >>> >>>> >> > FilterChainProxy.java:342) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.servletapi.SecurityContextHolde >>> >>>> >> rAwar >>> >>>> >> eRequ >>> >>>> >> > >>> estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. >>> >>>> >> doFilter( >>> >>>> >> > FilterChainProxy.java:342) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.authentication.www.BasicAuthent >>> >>>> >> icati >>> >>>> >> onFilt >>> >>>> >> > er.doFilter(BasicAuthenticationFilter.java:201) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. >>> >>>> >> doFilter( >>> >>>> >> > FilterChainProxy.java:342) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.context.SecurityContextPersiste >>> >>>> >> nceFi >>> >>>> >> lter.doF >>> >>>> >> > ilter(SecurityContextPersistenceFilter.java:87) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain. >>> >>>> >> doFilter( >>> >>>> >> > FilterChainProxy.java:342) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.FilterChainProxy.doFilterIntern >>> >>>> >> al(Fi >>> >>>> >> lterChain >>> >>>> >> > Proxy.java:192) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.security.web.FilterChainProxy.doFilter(Filte >>> >>>> >> rChai >>> >>>> >> nProxy.ja >>> >>>> >> > va:160) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg >>> >>>> >> ate(D >>> >>>> >> elegati >>> >>>> >> > ngFilterProxy.java:346) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De >>> >>>> >> legat >>> >>>> >> ingFilter >>> >>>> >> > Proxy.java:259) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm >>> >>>> >> pl.ja >>> >>>> >> va:56) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(Logg >>> >>>> >> erFil >>> >>>> >> ter.java:16 >>> >>>> >> > 9) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter >>> >>>> >> .java >>> >>>> >> :123) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg >>> >>>> >> ate(D >>> >>>> >> elegati >>> >>>> >> > ngFilterProxy.java:346) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De >>> >>>> >> legat >>> >>>> >> ingFilter >>> >>>> >> > Proxy.java:259) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm >>> >>>> >> pl.ja >>> >>>> >> va:56) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInter >>> >>>> >> nal(A >>> >>>> >> pplicationU >>> >>>> >> > idFilter.java:51) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.OncePerRequestFilter.doFilter(Onc >>> >>>> >> ePerR >>> >>>> >> equest >>> >>>> >> > Filter.java:107) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.invokeDeleg >>> >>>> >> ate(D >>> >>>> >> elegati >>> >>>> >> > ngFilterProxy.java:346) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(De >>> >>>> >> legat >>> >>>> >> ingFilter >>> >>>> >> > Proxy.java:259) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainIm >>> >>>> >> pl.ja >>> >>>> >> va:56) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation >>> >>>> >> Actio >>> >>>> >> n.wrap >>> >>>> >> > Run(WebAppServletContext.java:3730) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.WebAppServletContext$ServletInvocation >>> >>>> >> Actio >>> >>>> >> n.run( >>> >>>> >> > WebAppServletContext.java:3696) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authent >>> >>>> >> icate >>> >>>> >> dSubject.j >>> >>>> >> > ava:321) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> >>> weblogic.security.service.SecurityManager.runAs(SecurityManager.java: >>> >>>> >> 120) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.WebAppServletContext.securedExecute(We >>> >>>> >> bAppS >>> >>>> >> ervl >>> >>>> >> > etContext.java:2273) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.WebAppServletContext.execute(WebAppSer >>> >>>> >> vletC >>> >>>> >> onte >>> >>>> >> > xt.java:2179) >>> >>>> >> > at >>> >>>> >> > >>> >>>> >> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestI >>> >>>> >> mpl.j >>> >>>> >> ava:1490 >>> >>>> >> > ) >>> >>>> >> > at >>> >>>> weblogic.work.ExecuteThread.execute(ExecuteThread.java:256) >>> >>>> >> > at >>> >>>> >> > weblogic.work.ExecuteThread.run(ExecuteThread.java:221) >>> >>>> >> > > >>> >>>> >> > AVIS IMPORTANT >>> >>>> >> > >>> >>>> >> > WARNING >>> >>>> >> > >>> >>>> >> > >>> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir >>> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement >>> >>>> >> > privil?gi?s >>> >>>> >> destin?s au >>> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne >>> renonce ? >>> >>>> >> aucun >>> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? >>> >>>> >> > transmis involontairement ou s'il est retransmis sans son >>> >>>> >> > autorisation. Si vous >>> >>>> >> n'?tes pas >>> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u >>> >>>> >> > par >>> >>>> >> erreur, >>> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer, >>> >>>> >> > ainsi que >>> >>>> >> toutes ses >>> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la distribution, >>> >>>> >> > la copie >>> >>>> >> ou tout >>> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par >>> >>>> >> > des >>> >>>> >> personnes >>> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et >>> >>>> >> > pourraient >>> >>>> >> ?tre ill?gaux. >>> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, >>> >>>> >> > veuillez en >>> >>>> >> aviser >>> >>>> >> > l'exp?diteur. >>> >>>> >> > >>> >>>> >> > >>> >>>> >> > This electronic message and its attachments may contain >>> >>>> >> > confidential, proprietary or legally privileged information, >>> >>>> >> > which is solely for the >>> >>>> >> use of the >>> >>>> >> > intended recipient. No privilege or other rights are waived by >>> >>>> >> > any >>> >>>> >> unintended >>> >>>> >> > transmission or unauthorized retransmission of this message. >>> >>>> >> > If you are >>> >>>> >> not the >>> >>>> >> > intended recipient of this message, or if you have received it >>> >>>> >> > in >>> >>>> >> error, you >>> >>>> >> > should immediately stop reading this message and delete it and >>> >>>> >> > all attachments from your system. The reading, distribution, >>> >>>> >> > copying or >>> >>>> >> other use >>> >>>> >> > of this message or its attachments by unintended recipients is >>> >>>> >> unauthorized and >>> >>>> >> > may be unlawful. If you have received this e-mail in error, >>> >>>> >> > please >>> >>>> >> notify the >>> >>>> >> > sender. >>> >>>> >> > >>> >>>> >> > -- >>> >>>> >> > WARNING >>> >>>> >> > ------- >>> >>>> >> > This electronic message and its attachments may contain >>> >>>> >> > confidential, proprietary or legally privileged information, >>> >>>> >> > which is solely for the >>> >>>> >> use of the >>> >>>> >> > intended recipient. No privilege or other rights are waived >>> >>>> >> > by any >>> >>>> >> unintended >>> >>>> >> > transmission or unauthorized retransmission of this message. >>> >>>> >> > If you >>> >>>> >> are not the >>> >>>> >> > intended recipient of this message, or if you have received it >>> >>>> >> > in >>> >>>> >> error, you >>> >>>> >> > should immediately stop reading this message and delete it and >>> >>>> >> > all attachments from your system. The reading, distribution, >>> >>>> >> > copying or >>> >>>> >> other use >>> >>>> >> > of this message or its attachments by unintended recipients is >>> >>>> >> unauthorized and >>> >>>> >> > may be unlawful. If you have received this e-mail in error, >>> >>>> >> > please >>> >>>> >> notify the >>> >>>> >> > sender. >>> >>>> >> > >>> >>>> >> > AVIS IMPORTANT >>> >>>> >> > -------------- >>> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir >>> >>>> >> > des renseignements confidentiels, exclusifs ou legalement >>> >>>> >> > privilegies >>> >>>> >> destines au >>> >>>> >> > seul usage du destinataire vise. L'expediteur original ne >>> >>>> >> > renonce a >>> >>>> >> aucun >>> >>>> >> > privilege ou a aucun autre droit si le present message a ete >>> >>>> >> > transmis involontairement ou s'il est retransmis sans son >>> >>>> >> > autorisation. Si vous >>> >>>> >> n'etes pas >>> >>>> >> > le destinataire vise du present message ou si vous l'avez recu >>> >>>> >> > par >>> >>>> >> erreur, >>> >>>> >> > veuillez cesser immediatement de le lire et le supprimer, >>> >>>> >> > ainsi que >>> >>>> >> toutes ses >>> >>>> >> > pieces jointes, de votre systeme. La lecture, la >>> >>>> >> > distribution, la >>> >>>> >> copie ou tout >>> >>>> >> > autre usage du present message ou de ses pieces jointes par >>> >>>> >> > des >>> >>>> >> personnes >>> >>>> >> > autres que le destinataire vise ne sont pas autorises et >>> >>>> >> > pourraient >>> >>>> >> etre illegaux. >>> >>>> >> > Si vous avez recu ce courrier electronique par erreur, >>> >>>> >> > veuillez en >>> >>>> >> aviser >>> >>>> >> > l'expediteur. >>> >>>> >> > >>> >>>> >> > >>> >>>> >> > -- >>> >>>> >> > WARNING >>> >>>> >> > ------- >>> >>>> >> > This electronic message and its attachments may contain >>> >>>> >> > confidential, proprietary or legally privileged information, >>> >>>> >> > which is solely for the >>> >>>> >> use of the >>> >>>> >> > intended recipient. No privilege or other rights are waived >>> >>>> >> > by any >>> >>>> >> unintended >>> >>>> >> > transmission or unauthorized retransmission of this message. >>> >>>> >> > If you >>> >>>> >> are not the >>> >>>> >> > intended recipient of this message, or if you have received it >>> >>>> >> > in >>> >>>> >> error, you >>> >>>> >> > should immediately stop reading this message and delete it and >>> >>>> >> > all attachments from your system. The reading, distribution, >>> >>>> >> > copying or >>> >>>> >> other use >>> >>>> >> > of this message or its attachments by unintended recipients is >>> >>>> >> unauthorized and >>> >>>> >> > may be unlawful. If you have received this e-mail in error, >>> >>>> >> > please >>> >>>> >> notify the >>> >>>> >> > sender. >>> >>>> >> > >>> >>>> >> > AVIS IMPORTANT >>> >>>> >> > -------------- >>> >>>> >> > Ce message ?lectronique et ses pi?ces jointes peuvent contenir >>> >>>> >> > des renseignements confidentiels, exclusifs ou l?galement >>> >>>> >> > privil?gi?s >>> >>>> >> destin?s au >>> >>>> >> > seul usage du destinataire vis?. L'exp?diteur original ne >>> >>>> >> > renonce >>> >>>> ? >>> >>>> >> aucun >>> >>>> >> > privil?ge ou ? aucun autre droit si le pr?sent message a ?t? >>> >>>> >> > transmis involontairement ou s'il est retransmis sans son >>> >>>> >> > autorisation. Si vous >>> >>>> >> n'?tes pas >>> >>>> >> > le destinataire vis? du pr?sent message ou si vous l'avez re?u >>> >>>> >> > par >>> >>>> >> erreur, >>> >>>> >> > veuillez cesser imm?diatement de le lire et le supprimer, >>> >>>> >> > ainsi que >>> >>>> >> toutes ses >>> >>>> >> > pi?ces jointes, de votre syst?me. La lecture, la >>> >>>> >> > distribution, la >>> >>>> >> copie ou tout >>> >>>> >> > autre usage du pr?sent message ou de ses pi?ces jointes par >>> >>>> >> > des >>> >>>> >> personnes >>> >>>> >> > autres que le destinataire vis? ne sont pas autoris?s et >>> >>>> >> > pourraient >>> >>>> >> ?tre ill?gaux. >>> >>>> >> > Si vous avez re?u ce courrier ?lectronique par erreur, >>> >>>> >> > veuillez en >>> >>>> >> aviser >>> >>>> >> > l'exp?diteur. >>> >>>> >> > >>> >>>> >> > -- >>> >>>> >> > WARNING >>> >>>> >> > ------- >>> >>>> >> > This electronic message and its attachments may contain >>> >>>> >> > confidential, proprietary or legally privileged information, >>> >>>> >> > which is solely for the >>> >>>> >> use of the >>> >>>> >> > intended recipient. No privilege or other rights are waived >>> >>>> >> > by any >>> >>>> >> unintended >>> >>>> >> > transmission or unauthorized retransmission of this message. >>> >>>> >> > If you >>> >>>> >> are not the >>> >>>> >> > intended recipient of this message, or if you have received it >>> >>>> >> > in >>> >>>> >> error, you >>> >>>> >> > should immediately stop reading this message and delete it and >>> >>>> >> > all attachments from your system. The reading, distribution, >>> >>>> >> > copying or >>> >>>> >> other use >>> >>>> >> > of this message or its attachments by unintended recipients is >>> >>>> >> unauthorized and >>> >>>> >> > may be unlawful. If you have received this e-mail in error, >>> >>>> >> > please >>> >>>> >> notify the >>> >>>> >> > sender. >>> >>>> >> > >>> >>>> >> > AVIS IMPORTANT >>> >>>> >> > -------------- >>> >>>> >> > Ce message electronique et ses pieces jointes peuvent contenir >>> >>>> >> > des renseignements confidentiels, exclusifs ou legalement >>> >>>> >> > privilegies >>> >>>> >> destines au >>> >>>> >> > seul usage du destinataire vise. L'expediteur original ne >>> >>>> >> > renonce a >>> >>>> >> aucun >>> >>>> >> > privilege ou a aucun autre droit si le present message a ete >>> >>>> >> > transmis involontairement ou s'il est retransmis sans son >>> >>>> >> > autorisation. Si vous >>> >>>> >> n'etes pas >>> >>>> >> > le destinataire vise du present message ou si vous l'avez recu >>> >>>> >> > par >>> >>>> >> erreur, >>> >>>> >> > veuillez cesser immediatement de le lire et le supprimer, >>> >>>> >> > ainsi que >>> >>>> >> toutes ses >>> >>>> >> > pieces jointes, de votre systeme. La lecture, la >>> >>>> >> > distribution, la >>> >>>> >> copie ou tout >>> >>>> >> > autre usage du present message ou de ses pieces jointes par >>> >>>> >> > des >>> >>>> >> personnes >>> >>>> >> > autres que le destinataire vise ne sont pas autorises et >>> >>>> >> > pourraient >>> >>>> >> etre illegaux. >>> >>>> >> > Si vous avez recu ce courrier electronique par erreur, >>> >>>> >> > veuillez en >>> >>>> >> aviser >>> >>>> >> > l'expediteur. >>> >>>> >> >>> >>>> >> >>> >>>> >>> >>>> -- >>> >>>> WARNING >>> >>>> ------- >>> >>>> This electronic message and its attachments may contain >>> >>>> confidential, proprietary or legally privileged information, which >>> >>>> is solely for the use of the intended recipient. No privilege or >>> >>>> other rights are waived by any unintended transmission or >>> >>>> unauthorized retransmission of this message. If you are not the >>> >>>> intended recipient of this message, or if you have received it in >>> >>>> error, you should immediately stop reading this message and delete >>> >>>> it and all attachments from your system. The reading, >>> >>>> distribution, copying or other use of this message or its >>> >>>> attachments by unintended recipients is unauthorized and may be >>> unlawful. If you have received this e-mail in error, please notify the >>> sender. >>> >>>> >>> >>>> AVIS IMPORTANT >>> >>>> -------------- >>> >>>> Ce message électronique et ses pièces jointes peuvent contenir des >>> >>>> renseignements confidentiels, exclusifs ou légalement privilégiés >>> >>>> destinés au seul usage du destinataire visé. L’expéditeur original >>> >>>> ne renonce à aucun privilège ou à aucun autre droit si le présent >>> >>>> message a été transmis involontairement ou s’il est retransmis sans >>> >>>> son autorisation. Si vous n’êtes pas le destinataire visé du >>> >>>> présent message ou si vous l’avez reçu par erreur, veuillez cesser >>> >>>> immédiatement de le lire et le supprimer, ainsi que toutes ses >>> >>>> pièces jointes, de votre système. La lecture, la distribution, la >>> >>>> copie ou tout autre usage du présent message ou de ses pièces >>> >>>> jointes par des personnes autres que le destinataire visé ne sont >>> >>>> pas autorisés et pourraient être illégaux. Si vous avez reçu ce >>> courrier électronique par erreur, veuillez en aviser l’expéditeur. >>> >>>> >>> >>>> >>> >>> >>> >> >>> > >>> >> >
