Get Client IP working in IAS 10g
Hello,
I need obtain the request ip of client machine. I am working with JSP on IAS 10g.
using request.getRemoteAddr() function, but it send me the server ip address not the client ip.
someone can help me?
Jo
Hi Jo,
The getRemoteAddr() method returns the IP Address of the System that called the resource. If a request is made to a servlet / JSP, the request is routed to OC4J and the reuqest is analyzed by OC4J - thus, the IP address seen by OC4J belongs to the HTTP Server and not the client/
You can have a look at Metalink Note:189317.1 :- Subject: getremoteaddr Returns Wrong IP Address With mod_oroxy and OC4J. You might find the workaround suggested in this note useful.
Regards,
Sandeep
Similar Messages
-
Response.sendRedirect doesn't work with IAS 10g
Hello,
I'm moving my application to JDK 1.4 and IAS 10g.
It's alright, but I noticed one problem.
For long operation I created my way to display my "Working in progress..." page.
I create an HTML file into a cache folder and I redirect to that file that reload itself every five seconds.
Once the operation is terminated it change a session variable that is loaded by the HTML page and it ends the "Working in progress..." message.
The problem is that in IAS 10g it doesn't redirect to the HTML file immediately, it seems that "wait" the operation is almost finished: il redirect to the HTML file, and after 5 seconds it loads the end message of the operation.
This is the part of the code:
[WRITE FILE IN c:\application\tools\template\cache as tempxyz.html]
String urlToLoad = "/myApp/tools/template/cache/tempxyz.html";
response.sendRedirect(urlToLoad);
[OPERATIONS]
[CHANGE SESSION VALUE]
-END-
The "response.sendRedirect(urlToLoad);" instruction pass without errors.
I hope I explained my situation.
Thanks in advance for any suggestions,
EPThanks Qiang,
Ive done exactly as youve said and it must be a rewriting problem as you suggested. Here is the header from accessing the servlet on the Linux host machine (IP 192.168.5.121 called 'BEAST')
--10:12:27-- http://192.168.5.121:7780/webapp/test
=> `test'
Connecting to 192.168.5.121:7780... connected.
HTTP request sent, awaiting response...
1 HTTP/1.1 302 Moved Temporarily
2 Date: Wed, 11 May 2005 09:12:27 GMT
3 Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
4 Content-Length: 183
5 Cache-Control: private
6 Location: http://BEAST:7779/webapp/testJ.jsp
7 Keep-Alive: timeout=15, max=100
8 Connection: Keep-Alive
9 Content-Type: application/octet-stream
Location: http://BEAST:7779/webapp/testJ.jsp [following]
--10:12:27-- http://beast:7779/webapp/testJ.jsp
=> `testJ.jsp.3'
Resolving beast... done.
Connecting to beast[127.0.0.1]:7779... connected.
That worked fine. Here is the header on my windows machine on the network ( IP 192.168.5.120) :
HTTP/1.1 302 Moved Temporarily
Date: Wed, 11 May 2005 09:03:21 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
Content-Length: 183
Cache-Control: private
Location: http://BEAST:7779/webapp/testJ.jsp
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
I think the problem must be that the response is telling it to redirect to BEAST (which is the name of the server) but the windows box cant resolve the name. Must be why i get the page cannot be displayed.
The code in the servlet 'test' to redirect is just:
response.sendRedirect("testJ.jsp");
Any ideas would be much appreciated on how I can fix this other than setting up a local DNS server?!
Cheers,
Rob. -
X2go fails to get Client Login working!
Following the wiki: http://wiki.archlinux.org/index.php/X2go I setup my Desktop as x2go Server and try to login from a notebook from local network (Both with Archlinux) Login fails with:
Write problem at /home/'USER'/.x2go/ssh/socaskpassGHTZF
First i try x2goclient-gtk and then x2goclient-cli but it fails too...
It seems like the x2go client could not write to the users homedir?
please help!!
HURRAY I GOT 100 POSTS!!! Where is my netbookprice?
Last edited by killajoe (2010-04-07 19:25:13)Write problem at /home/'USER'/.x2go/ssh/socaskpassGHTZF
Why are you trying to connect as 'USER' (including quotes)? Can you successfully ssh into the machine? -
ADF is not working in JDeveloper 10g
Hi all,
I've been trying to get ADF to work with JDeveloper 10g but to no avail. I've followed the steps from the following link: http://www.oracle.com/technetwork/developer-tools/jdev/how-to-adf-faces-10gjdev-085657.html
the only thing that i fail to follow is in creating the library. I have only the adf-faces-api.jar and adf-faces-impl.jar but not the share-1_1_18.jar
I do not know whether this is creating the problem as my error message is not helpful.
part of the error msg:
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Long,null)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Long)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Float,null)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Float)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Double,null)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Double)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ValidatorRule end
WARNING: [ValidatorRule]{faces-config/validator} Merge(javax.faces.LongRange)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ValidatorRule end
WARNING: [ValidatorRule]{faces-config/validator} Merge(oracle.adf.DateTimeRange)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ValidatorRule end
WARNING: [ValidatorRule]{faces-config/validator} Merge(oracle.adf.RegExp)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ValidatorRule end
WARNING: [ValidatorRule]{faces-config/validator} Merge(oracle.adf.ByteLength)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(oracle.adf.Color,null)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.awt.Color)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.DateTime,null)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(oracle.adf.DateTime,null)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.util.Date)
May 8, 2013 12:25:11 PM com.sun.faces.config.rules.ConverterRule end
WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.util.Calendar)
I've been trying to resolve this by creating a new project but once i input adf tags the problem arise again.
Please help. Thanks!
Edited by: 1003893 on May 7, 2013 9:28 PMNow that I've looked at the linked article...
That was showing you how to use a very early version of ADF Faces (a pre-release, in fact) with a very old version of JDeveloper. That document is nearly 9 years old.
Starting with JDeveloper 10.1.3, ADF Faces is "built-in"
And since JDeveloper 10.1.3.x, we have had both the JDeveloper 11.1.1.x and 11.1.2.x series released.
Why are you still using 10.1.2.x? -
Forms server +patch5 works but ias 1022 +patch5 not?!?!?
We're porting an existing application to the web and we're having troubles with this configuration:
Windows 2000 sp1
iAS 1022 + forms patch 5 installed in 806 home.
We're having a lot of problems in connecting the application to a DB version 7.3.4.3:
errors like ora-00022 invalid session id,
frm-40655: SQL error forced rollback.
The strange thing is that with this configuration all works fine:
Windows 2000 sp1
apache + forms server + patch 5 installed
same 7.3.4.3 db.
I've noticed that forms server p5 has a lover net8 version than ias p5 could be this the problem?? if so how can i get it to work with ias??
Please help me, I really need to get this to work.Thank's in advance
Mauro
nullWell, version 6 of Designer, Forms, Reports, etc, are not supported for use on Win7 and further, were desupported several years ago. If you really want to use this obsolete version on Win7, rather than hacking a solution, I would recommend using WinXP Mode or other virtualization option.
http://www.microsoft.com/windows/virtual-pc/default.aspx -
Can't get instant client to work on Win XP
This is driving me nuts. I'm trying to get instantclient10_1 (10.1.0.4) to work reliably on Win XP so I can use it in deploying a Python app I'm writing. I have one XP system on which I have the instant client installed and working. By this I mean that it works with the appropriate of sqlplus. It also works with cx_Oracle. However, I do need to set ORACLE_HOME in order to achieve this (contra the documentation). I do not seem to need to set SQLPATH.
But I can't get it to work on any other system. I copy my instantclient10_1 directory over and use the same batch file that works on the "good" system, but I get "invalid or unknown NLS parameter value specified". I'm using a command of the form
sqlplus user_name/[email protected]:1521/db_name
I've also tried a "fresh" install on that machine. Same story. I've tried it on another machine as well. Same story. It only works on this one machine!
It actually took me quite a while to get it to work on that machine, involving installing and uninstalling the full client, the instant client, both, etc. But it does work there.
Another odd "feature": On the "good" machine, if I fail to set ORACLE_HOME, it errors and suggests I do this. On the "bad" machine, I just get the "invalid or unknown NLS" error.
There are other ORACLE directories on these machines (e.g., ORA17). But I get the same results if I hide these and take all reference to them out of environment variables.
Any suggestions will be greatly appreciated. Why is it working on the one system? Why isn't it working on the others?There's one more way that the previously-existing Oracle directories on the other machines might be tripping you up - with registry settings. In particular, the HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\(some home)NLS_LANG registry key may be associated with the "invalid or unknown NLS parameter value specified" error you're getting.
Of course, the Instant Client isn't supposed to have to mess with the registry, so that makes me suspicious. And I got Instant Client SQL*PLUS on a clean XP machine to work without setting an ORACLE_HOME. All this makes me suspicious that some stuff from outside your Instant Client is being run. I know you said you cleaned your environment variables, but double-check that the other Oracle directories are out of your PATH.
If you have permission to, you might want to thoroughly scrub the old Oracles from the other machines (starting with running the Oracle Installer, then hand-cleaning the registry, the c:\Ora92 or whatever directory, and then c:\Program Files\Oracle). If you have MetaLink, Document 74790.1 is a dated but good guide to cleanly de-installing an old Oracle installation from Windows. It's much more difficult than it ought to be; sometimes it feels like an Oracle home is never truly gone. If you can't do that, perhaps save a copy of your registry and then temporarily rename HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE to ORACLE_HIDDEN, or something - something to keep any existing registry settings from distracting your Instant Client.
Good luck! -
How to get the FTP clients to work?
This is something that (to me at least) should be trivial but I just can't
get it to work at all.
How do you get an FTP client to work?
I've tried several GUI clients as well as the terminal FTP command and they
all seem to get stuck entering passive mode - according to the log entries
they send the command.... And then nothing or a timeout, the following is
from the terminal FTP command:
Titania:~ susan$ ftp ftp.apple.com
Trying 17.254.16.11...
Connected to ftp.apple.com.
220 17.254.16.11 FTP server ready
Name (ftp.apple.com:susan): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
501 EPSV: Operation not permitted
227 Entering Passive Mode (17,254,16,11,223,157).
200 PORT command successful
421 Service not available, remote server timed out. Connection closed
ftp>
In my System Preferences -> Network panel in the Proxies tab, I have the
"use Passive FTP mode (PASV) checked.
I also have checked the FTP firewall option (but I think that is only if I'm
acting as an FTP server).
I am connected to the internet via a Netgear wireless router.
I also have an old Windows laptop that also uses the same wireless router
and it can FTP quite happily!!!!!
Any suggestions would be gratefully received.
Susanejn - thanks for your continued assistance.
I've tried turning the firewall off but this does not appear to make any difference(*). Also, I have Parallels installed and I'm sharing the internet connection with this (even though Parallels itself is not currently running). Turning this sharing off doesn't seem to change anything either.
I have noticed some entries in the ifpw.log file that coincide with some of the ftp actions. Given the following terminal session:
Titania:~ susan$ ftp ftp.apple.com
Trying 17.254.16.10...
Connected to ftp.apple.com.
220 17.254.16.10 FTP server ready
Name (ftp.apple.com:susan): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
501 EPSV: Operation not permitted
227 Entering Passive Mode (17,254,16,10,245,46).
200 PORT command successful
421 Service not available, remote server timed out. Connection closed
ftp>
at the time the "200 PORT command successful" is displayed, the ifpw log starts showing:
Sep 5 09:11:21 Titania ipfw: 12190 Deny TCP 17.254.16.10:20 192.168.0.5:49162 in via en1
Sep 5 09:11:24 Titania ipfw: 12190 Deny TCP 17.254.16.10:20 192.168.0.5:49162 in via en1
Sep 5 09:11:27 Titania ipfw: 12190 Deny TCP 17.254.16.10:20 192.168.0.5:49162 in via en1
Sep 5 09:11:30 Titania ipfw: 12190 Deny TCP 17.254.16.10:20 192.168.0.5:49162 in via en1
Sep 5 09:11:33 Titania ipfw: 12190 Deny TCP 17.254.16.10:20 192.168.0.5:49162 in via en1
Sep 5 09:11:36 Titania ipfw: 12190 Deny TCP 17.254.16.10:20 192.168.0.5:49162 in via en1
Sep 5 09:11:42 Titania ipfw: 12190 Deny TCP 17.254.16.10:20 192.168.0.5:49162 in via en1
which makes sense as the system tries to go for an active transfer.
(*) Actually, while I've been writing this, I've been playing on the terminal as well. I've found the combination of:
1) turning off the firewall
2) starting ftp
3) issuing the 'passive' command to turn off passive mode
4) issuing 'ls' etc. works
Looks like I've not been waiting long enough for the ftp client to get sick of trying the passive transfer and switching to an active one with the firewakk turned off!
Still doesn't answer the question - why does passive mode not work?
Susan -
User Exit in 10g - To get client info
Hi all
We have a user exit call in forms 4.5 which returns client info (OS version).
As we are going for 10g, the user exits will reside in AS.
Is there any way by which i can use the same user exit to get client info now ?
Thnx and Regards
Sriramin the old days of forms 6i we created tons of java-applets for host-commands and so on.
with the first version of webutil all the applets we created ourself were gone, because all functions were in the webutil-toolset.
You can use it beginning with forms 9i. It's very good and easy to use. Look in OTN where the developer-downloads are
Gerd -
Running Oracle 9i client code against an Oracle 10g install on PC
On Unix I am able to run Oracle 9i client code against an Oracle 10g install by setting ORACLE_HOME to the Oracle 10g install location and then creating a symbolic link (example: ln -fs libclntsh.so.10.1 libclntsh.so.9.0).
On PC (in particular XP SP2) I want to do something similar without using "junctions" or "junction points". Is there a way to set an environment variable or ini file to have my 9i client code point to the right libraries? I keep getting an error saying that my client code will not run due to "orasql9.dll" not being found. The "orasql10.dll" is installed on my machine.
Any assistance would be appreciated.You might want to check metalink doc,
Client / Server / Interoperability Support Between Different Oracle Versions
Doc ID: Note:207303.1
Even your application built on 9i, doesn't mean it will not work with 10g database. From what I can see, running 9i executable under 10g installation to create mixed blood breed will do more harm than good. Not only it's not supported but also the outcome is unpredictable. -
Hi all
Is JAXB the Java XML binding framework used on IAS 10g (10.1.3)???
If so, what version and name of the implementation is being used? Is it a proprietary implementation?
What I need is to marshal the POJOs to XML, send this XML over the wire and unmarshal to recreate the POJOs on the other side, so I need to use the same framework.
Thanks!
MarceloHi Tugdual
I´m deploying on a IAS 10.1.3.
My requirement is:
I´m using Oracle BPEL Process Manager. This makes a call to a @OneWay @WebMethod exposed method (webservice) on this IAS. After processing, the application must return the result to BPEL, so this is an asynchronous operation. The call is working fine but to return the callback result I´m using BPEL Client API (IDeliveryService and NormalizedMessage) and to use it I nedd to transform my POJO´s on XML (string) or to a org.w3c.dom.Element and I don´t know how to do that...
The POJO´s was created using Ant task 'Oracle:genProxy'.
Regards
Marcelo -
BIB-14820 Calling BI Beans JSP deployed to iAS 10g
Hello,
I have deployed a jsp-bi beans application to iAS 10g Release 2.
When I try to access the jsp page I get this error:
javax.servlet.jsp.JspException: BIB-14122: The specified StorageManager could not be created.
BIB-14820 The root path does not exists.
Is there something that needs to be set up so that my xml config file for bi beans connection
can be accessed properly?
This jsp works from jdeveloper.
The .xml file with the bi beans connection configuration has a root path that I am pretty sure
needs to be changed. How do I change that (my application is not based on OLAP and does not contain a BI Designer object) ? And what does it need to be changed to in order to work from my iAS?
Thanks in advance.There are three scripts provided with BI Beans for managing the catalogue:
AddGroup.sql
AddUser.sql
AddUsertoGroup.sql
Once you have created the catalog owner and installed the catalog then from SQLPlus execute the above commands as required. Each script prompts you for any arguments it requires. This will allow you to authorise users and setup groups to manage privileges within the catalog.
The scripts can be found in $ORACLE_JDEV_HOME/bibeans/bin
You can check the status of the items within the catalog via the Catalog Viewer within the JDev BIBeans project, the option is on the BIDesigner object (I think) which should launch a GUI catalog viewer.
Hope this helps
Keith Laker
Oracle EMEA Consulting
OLAP Blog: http://oracleOLAP.blogspot.com/
OLAP Wiki: http://wiki.oracle.com/page/Oracle+OLAP+Option
DM Blog: http://oracledmt.blogspot.com/
OWB Blog : http://blogs.oracle.com/warehousebuilder/
OWB Wiki : http://wiki.oracle.com/page/Oracle+Warehouse+Builder
DW on OTN : http://www.oracle.com/technology/products/bi/db/11g/index.html -
BUG: Jdev 10g/iAS 10g debug config docs are wrong
I was setting up my iAS 10g OC4J_Home for remote debugging. According to the docs in Jdev 10g, I have to copy ojc.jar and jdev-rt.jar to <OC4J_HOME>/home/lib. This does not work.
You must actually copy the files to <OC4J_HOME>/home/applib.
In my case, this is $ORACLE_HOME/j2ee/home/applib. If you create your own OC4J instance, then you must install these files into the applib directory within that instance.
Could someone please put out a definitive doc on how to get remote debugging to work between Jdev and iAS 10g? If it exists, please point me to it!
TIAHi,
what about the blank characters in the long name. If the long name doesn't have blank characters, would it work then ?
Frank -
IOS Remote Desktop app and computers connected to SBS 2008--can't get it to work
I can connect directly to the server without a remote resource in the IOS app.
But I'd like to be able to connect to computers in the office like we can through RWW. RWW works fine, but not from my phone. (Yes I can connect to the server and take over computers from the phone but I don't want other people in the office to log
into the server first!).
I can never get the remote resources section in the app to connect. I usually get "Unable to locate any remote resources for the URL". error in the resources section. I've tried a simple "https://remote.domain.com", "https://remote.domain.com:987",
etc.
We have a self-signed certificate. I can't think of anything in the server setup that is anything other than normal.
I can do direct connect using "Remote Desktop Connection" in windows 7. In the remote desktop server settings I just put remote.domain.com and "Ask for password (NTLM)" for the login method. Then on the general tab I have just the
simple computer name and the domain\username. That's all I had to setup to get that to work.
Any suggestions?Hi Michael,
Thank you for posting in Windows Server Forum.
Have you setup RD Gateway server in your environment? Are you trying to access the RWW through it?
On server side you can choose “Bypass RD Gateway server for local addresses” under RemoteApp manager and check the result.
For more information, you can check below links for detail.
Remote Desktop Client on iOS: FAQ
http://technet.microsoft.com/en-us/library/dn473015.aspx
Getting Started with Remote Desktop Client on iOS
http://technet.microsoft.com/en-us/library/dn473013.aspx
Hope it helps!
Thanks.
Dharmesh Solanki -
Getting Truphone to work with Google Talk to make a free call
I'm trying to make a free call from my iPhone to my home computer using Truphone.
I installed Truphone on my iPhone and I have a Google Talk account on my Mac using Jabber in iChat. I'm trying to get the two the communicate with each other to make a phone call. Truphone requires me to call Google Talk using this number/code: [email protected] to invite it to engage in a phone call with the iPhone. Once the invite is accepted, then it will work - it says. Problem is that i cannot add this letters ([email protected]) on my iPhone to the mobile number field, only numbers. I am able to do it on my Mac and sync it to my iPhone, but for some reason the @ symbol gets dropped out of it and it won't work otherwise.
Has anyone had this same issue and was able to get it to work? Or...has anyone been able to get Truphone to be able to call their Mac using wifi to make a free call?I sent a question to Truphone regarding this issue and this was their response. Bummer.
Dear K D,
Unfortunately it is not currently possible to dial SIP addresses
([email protected]) using the Truphone iPhone client. This includes calling
Google Talk addresses.
The Truphone service for the iPhone is an outbound calling solution. When
you're connected to Truphone you're able to make cheap Truphone calls over the
Internet. Please note that inbound calls will be received via your mobile/cell
network and not via Truphone.
New Truphone accounts for the iPhone won’t be assigned a separate Truphone
number. Instead your outgoing caller id will be presented as your
mobile/cellular number that you entered during the installation process.
Calls to other Truphone users who are using Nokia devices are free when both
parties are online.
If you have any further queries please reply to this email for assistance.
Regards,
The Truphone Support Team
Truphone
2 More London Riverside
London
SE1 2JR
UK
Web: www.truphone.com
Email: [email protected] -
Help with getting Web Start working with two-way SSL
I have successfully transferred data (myclient.jnlp) utilizing web browsers (IE and Mozilla) from my web server (which is set up for two-way SSL "CLIENT-CERT" required) after using the browser's utility to "import" my client-side cert (in .p12 format).
After the browser connects and downloads the "myclient.jnlp" contents and places it in a temporary file, it then kicks off the javaws process with the temporary file as a parameter. The first thing javaws does is utilize the codebase and href values (found in the temporary file) to make a "GET" call to the server for the "myclient.jnlp" file (again).
However, this fails (with a SSL handshake error) since javaws uses a different keystore than IE - the server does not receive the client-side cert. I have imported the root CA and the client cert (in .pem format) into the $JAVA_HOME/jre/lib/security/cacerts file using the keytool command but alas my server still indicates a lack of a client-side cert.
Has anyone else tried this and got it working?Hi Richard,
Indeed it appears that the 1.5 version will have more built-in capability for client certs. It has the look of the IE browser import capability. Unfortunately, I am stuck with having to utilize 1.4.2 for the time being. Since I have posted my original message I have found more information but have yet to get it all working. The truststore in javaws 1.4.2 does have a default (the 1.4.2 jre's cacert file - stragely enough not the same one that gets updated when you import the root CA! - but this has been noted in many other threads). The javaws keystore does not have a default and I have tried, to no avail yet, to utilize some command line parameters, see http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Customization - to get my client cert "available" and recognized by javaws.
With the help of some debug flags here is the output on my javaws "output" log - all seems to go well up to the point of the client's Certificate chain (which appears to be empty), after the ServerHelloDone :
trustStore is: C:\j2sdk1.4.2_04\jre\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
snipped all the regular trusted certs, left my root CA as proof it is recognized...
adding as trusted cert:
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Wed May 26 16:38:59 EDT 2004 until Fri Jun 25 16:38:59 EDT 2004
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1070211537 bytes = { 205, 211, 129, 234, 88, 129, 152, 176, 223, 180, 161, 138, 246, 183, 181, 89, 61, 252, 63, 35, 21, 34, 253, 32, 254, 124, 38, 198 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 CA 22 D1 CD D3 81 EA 58 81 ...E..@.".....X.
0010: 98 B0 DF B4 A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 .........Y=.?#."
0020: FD 20 FE 7C 26 C6 00 00 1E 00 04 00 05 00 2F 00 . ..&........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
Thread-3, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 ..@.".....X.....
0050: A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C .....Y=.?#.". ..
0060: 26 C6 &.
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
RandomCookie: GMT: 1070211539 bytes = { 81, 106, 82, 45, 233, 226, 89, 6, 38, 240, 71, 122, 90, 226, 255, 207, 9, 102, 205, 127, 223, 211, 4, 84, 79, 16, 101, 89 }
Session ID: {34, 167, 132, 174, 141, 4, 57, 197, 190, 207, 105, 117, 241, 9, 97, 81}
Cipher Suite: SSL_RSA_WITH_DES_CBC_SHA
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_DES_CBC_SHA]
** SSL_RSA_WITH_DES_CBC_SHA
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 40 CA 22 D3 51 6A 52 2D E9 E2 ...6..@.".QjR-..
0010: 59 06 26 F0 47 7A 5A E2 FF CF 09 66 CD 7F DF D3 Y.&.GzZ....f....
0020: 04 54 4F 10 65 59 10 22 A7 84 AE 8D 04 39 C5 BE .TO.eY.".....9..
0030: CF 69 75 F1 09 61 51 00 09 00 .iu..aQ...
Thread-3, READ: TLSv1 Handshake, length = 607
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
Found trusted certificate:
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
[read] MD5 and SHA1 hashes: len = 607
0000: 0B 00 02 5B 00 02 58 00 02 55 30 82 02 51 30 82 ...[..X..U0..Q0.
0010: 01 FB A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 05 05 00 30 57 31 0B 30 09 06 H........0W1.0..
0030: 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 .U....US1.0...U.
0040: 08 13 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 ...Virginia1.0..
0050: 03 55 04 07 13 07 46 61 69 72 66 61 78 31 11 30 .U....Fairfax1.0
0060: 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 ...U....Zork.org
0070: 31 10 30 0E 06 03 55 04 03 13 07 52 6F 6F 74 20 1.0...U....Root
0080: 43 41 30 1E 17 0D 30 34 30 35 32 36 32 30 33 38 CA0...0405262038
0090: 35 39 5A 17 0D 30 34 30 36 32 35 32 30 33 38 35 59Z..04062520385
00A0: 39 5A 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 9Z0W1.0...U....U
00B0: 53 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 S1.0...U....Virg
00C0: 69 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 inia1.0...U....F
00D0: 61 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 airfax1.0...U...
00E0: 08 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 .Zork.org1.0...U
00F0: 04 03 13 07 52 6F 6F 74 20 43 41 30 5C 30 0D 06 ....Root CA0\0..
0100: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 .*.H.........K.0
0110: 48 02 41 00 E2 BD 8D E9 59 8E 07 35 2B ED 20 57 H.A.....Y..5+. W
0120: 38 00 C8 3D 34 85 50 E2 93 A0 17 C7 98 45 F3 5F 8..=4.P......E._
0130: CD 7B 4A DA 6E F0 C7 0F 7A 03 3E 69 A9 7C CD 15 ..J.n...z.>i....
0140: 46 F0 D1 C8 7A 0A E9 09 DD B7 6F 5B CD 80 29 E6 F...z.....o[..).
0150: 3A 6A 49 65 02 03 01 00 01 A3 81 B1 30 81 AE 30 :jIe........0..0
0160: 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 1D 06 ...U....0....0..
0170: 03 55 1D 0E 04 16 04 14 3F A7 DF 1F FA 90 1F 98 .U......?.......
0180: 4F BA 42 9F 21 7D B4 C4 88 76 14 DA 30 7F 06 03 O.B.!....v..0...
0190: 55 1D 23 04 78 30 76 80 14 3F A7 DF 1F FA 90 1F U.#.x0v..?......
01A0: 98 4F BA 42 9F 21 7D B4 C4 88 76 14 DA A1 5B A4 .O.B.!....v...[.
01B0: 59 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 53 Y0W1.0...U....US
01C0: 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 69 1.0...U....Virgi
01D0: 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 61 nia1.0...U....Fa
01E0: 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 08 irfax1.0...U....
01F0: 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 04 Zork.org1.0...U.
0200: 03 13 07 52 6F 6F 74 20 43 41 82 01 00 30 0D 06 ...Root CA...0..
0210: 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 29 .*.H.........A.)
0220: CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D 9E ..H../.J.s.q.X..
0230: 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD C4 .D....<.........
0240: FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 AE .R..re....ba5...
0250: FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 .........w..j..
Thread-3, READ: TLSv1 Handshake, length = 220
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig),
Cert Authorities:
<CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
<CN=Server CA, OU=Server Division, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
[read] MD5 and SHA1 hashes: len = 220
0000: 0D 00 00 D8 03 01 02 05 00 D2 00 59 30 57 31 0B ...........Y0W1.
0010: 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 0...U....US1.0..
0020: 03 55 04 08 13 08 56 69 72 67 69 6E 69 61 31 10 .U....Virginia1.
0030: 30 0E 06 03 55 04 07 13 07 46 61 69 72 66 61 78 0...U....Fairfax
0040: 31 11 30 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 1.0...U....Zork.
0050: 6F 72 67 31 10 30 0E 06 03 55 04 03 13 07 52 6F org1.0...U....Ro
0060: 6F 74 20 43 41 00 75 30 73 31 0B 30 09 06 03 55 ot CA.u0s1.0...U
0070: 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 08 13 ....US1.0...U...
0080: 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 03 55 .Virginia1.0...U
0090: 04 07 13 07 46 61 69 72 66 61 78 31 11 30 0F 06 ....Fairfax1.0..
00A0: 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 31 18 .U....Zork.org1.
00B0: 30 16 06 03 55 04 0B 13 0F 53 65 72 76 65 72 20 0...U....Server
00C0: 44 69 76 69 73 69 6F 6E 31 12 30 10 06 03 55 04 Division1.0...U.
00D0: 03 13 09 53 65 72 76 65 72 20 43 41 ...Server CA
Thread-3, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 175, 38, 47, 77, 131, 125, 209, 147, 174, 228, 183, 99, 34, 2, 100, 186, 77, 47, 65, 233, 82, 133, 183, 113, 8, 193, 51, 241, 167, 105, 4, 187, 57, 130, 161, 11, 178, 11, 134, 84, 96, 106, 203, 11, 195, 51 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 39 9F EC ..........B.@9..
0010: 5F 92 FA 3D 5E 3D 0C 19 10 72 DA BE B6 14 76 62 _..=^=...r....vb
0020: AE 39 75 0B 74 10 C7 B1 42 D7 A1 22 C0 0E B8 A2 .9u.t...B.."....
0030: 22 80 73 20 36 A2 FD BB F9 3E F4 F0 91 CE 95 F8 ".s 6....>......
0040: 05 D7 22 FC 2C CF 1B AB 19 82 03 D2 F5 ..".,........
Thread-3, WRITE: TLSv1 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 AF 26 2F 4D 83 7D D1 93 AE E4 B7 63 22 02 ...&/M.......c".
0010: 64 BA 4D 2F 41 E9 52 85 B7 71 08 C1 33 F1 A7 69 d.M/A.R..q..3..i
0020: 04 BB 39 82 A1 0B B2 0B 86 54 60 6A CB 0B C3 33 ..9......T`j...3
CONNECTION KEYGEN:
Client Nonce:
0000: 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 A1 8A @.".....X.......
0010: F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C 26 C6 ...Y=.?#.". ..&.
Server Nonce:
0000: 40 CA 22 D3 51 6A 52 2D E9 E2 59 06 26 F0 47 7A @.".QjR-..Y.&.Gz
0010: 5A E2 FF CF 09 66 CD 7F DF D3 04 54 4F 10 65 59 Z....f.....TO.eY
Master Secret:
0000: 67 B9 58 74 69 18 0B 2E 00 EB AC 9B 77 15 B4 65 g.Xti.......w..e
0010: 61 A1 AC D0 F1 D5 4C CA 0E 51 FC 58 A0 11 B7 87 a.....L..Q.X....
0020: EC 72 26 D0 83 18 27 49 8F B6 32 FF E3 89 1D E4 .r&...'I..2.....
Client MAC write Secret:
0000: D5 96 AB F7 1E 46 5F 46 8A E9 3E DF A0 5E 32 5E .....F_F..>..^2^
0010: 00 FB B8 D8 ....
Server MAC write Secret:
0000: E6 7D 8E F5 6A 4C 94 4C D6 2A 3A 4D FC C1 94 A3 ....jL.L.*:M....
0010: C5 6C 5F B6 .l_.
Client write key:
0000: 18 1D 51 8C 74 6D 18 57 ..Q.tm.W
Server write key:
0000: 0D 4E 7A F1 5A D6 5F 5B .Nz.Z._[
Client write IV:
0000: 4C BB 4D FA 4F EB CB 4E L.M.O..N
Server write IV:
0000: B7 6A CA E9 66 7D 25 88 .j..f.%.
Thread-3, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DES/CBC/NoPadding
*** Finished
verify_data: { 20, 20, 38, 13, 43, 235, 102, 72, 75, 212, 21, 21 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
Padded plaintext before ENCRYPTION: len = 40
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
0010: 90 9C E9 09 F4 48 96 A6 8F AA 04 DF E9 36 72 F0 .....H.......6r.
0020: 42 F0 60 78 03 03 03 03 B.`x....
Thread-3, WRITE: TLSv1 Handshake, length = 40
Thread-3, READ: TLSv1 Alert, length = 2
Thread-3, RECV TLSv1 ALERT: fatal, handshake_failure
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
So I'll toil away trying to get *right* combination of settings - please let me know if you have any ideas! FYI here are the command line settings I am using for the keystore:
-Djavax.net.ssl.keyStore=c:\myClientIdKeyStore -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=myClientIdKeyStorePass
Thanks,
Paul
Maybe you are looking for
-
High availability error on presence
Good Day, I have problem with HA on cisco presence cluster , the error is showing that Node status for the high avaliability is (Running in Backup Mode) and Node Reason (Peer Down During Initialization). I have restart Sip proxy service as request f
-
HT1386 Ipod is not showing up in the itunes interface
This is garbage
-
Our service provider add one digit to all nos. After I update all contacts using one of available programs, contacts are updated but messages received appear with pure phone nos not contact name??any fix
-
Almost all Access Connection controls grayed out
Hi folks, Could use some help. I have a T-60 and Access Cnnections 4.23a. Worked fine until recently and now most contrals are grayed out. For example, in manage profiles I cannot create, edit or delete. I can switch profiles and I do connect, but ev
-
Optimization of all indexes?
Hello, I know that an "alter index X coalesce" optimizes the index X. But I want to optimize all indexes of a database but I don't want to write a script with some hundred alter index statements? Is there a smart way to do this like: for i in indexes