HTTP url issue

Hi all,
I am new to using flex
Im working on a application where the front end makes a post
request
to the servlet.
I don't know how to set the URL in the httpservice call.
In a web java project in which front end was a basic html
page with a
form to be posted to the servlet, the URL was given just as
PrefetchService/PrefetchServiceServlet" which is the location
of the
servlet; but what I dont understand is the same
representation for
httpservice url in flex does not send a call to the servlet.
Though
this could be done by giving the entire URL to the location
of the
servlet, the server on which the project is run changes
regularly and
so either I need to dynamically generate the URL and then
make a http
service call (or) there should be some way to handle calls to
a
servlet in the same project . I would like to know how I
could get rid
of this problem.
Thanks in advance....

Hi,
This is the location where the servlet runs :
http://veappl007.dhcp.wdf.sap.corp:50000/Prefetch/PrefetchServiceServlet
and the location where the html containing swf runs is:
http://veappl007.dhcp.wdf.sap.corp:50000/Prefetch/PrefetchService.html
I have tried all ways giving url="PrefetchServiceServlet.do"
and url="/Prefetch/PrefetchServiceServlet.do"
but of no use.
Early i had built some basic html with some form ..there i
was giving "/Prefetch/PrefetchServiceServlet" in the form action
tag.. there it was working fine i.e request was going from html
page to the servlet..but i dont know why it does not work
here..

Similar Messages

HTTP URL problem: Security issue

Hello all,
The HTTP URL for calling XI contains lots of information, including the username and password for accessing XI. I feel quite uncomfortable exposing those info to external parties. Is there any way to work around?
Regards,
Steve

Steve,
Like mentioned one option would be to use SOAP + Do Not use SOAP Envelope and then turn of Authentication for SOAP adapters.
From the thread , User Names and Passwords in SOAP adapter
in order to turn off the authentication for SOAP interface, please remove the authentication
restriction in web.xml for aii_af_soapadapter.sda.
Extract the SOAP-adapters WAR-file from the corresponding sda. Then extract the deployment-descriptor from the war-file and delete the related security-constraint, login-config and security-role sections (makes absolutely sense to save the original descriptor beforehand). ZIP the files again with the new deployment descriptor and deploy the SDA via SDM.
comment the following portion.( It's already commented below).
<! security-constraint >
<><security-constraint>
<display-name>message</display-name>
<web-resource-collection>
<web-resource-name>message</web-resource-name>
<url-pattern>MessageServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>xi_adapter_soap_message</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>helper</display-name>
<web-resource-collection>
<web-resource-name>helper</web-resource-name>
<url-pattern>HelperServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>xi_adapter_soap_helper</role-name>
</auth-constraint>
</security-constraint>
>
<! login-config >
<><login-config>
<auth-method>BASIC</auth-method>
<realm-name>XISOAPApps</realm-name>
</login-config>
>
<! security-role >
<><security-role>
<role-name>xi_adapter_soap_message</role-name>
</security-role>
<security-role>
<role-name>xi_adapter_soap_helper</role-name>
</security-role>
>
The safest way to change this web.xml is described as followed, you
could do the changes also direct on the file system, but it will need
reboot of J2EE and does not guarantee to work.
The web.xml is located in the aii_af_soapadapter.sda, please extract
this sda file with normal zip function. There is one
aii_af_soapadapter.war inside, please extract this war file again,
change the web.xml as described above. Please zip the folder with
modified web.xml for aii_af_soapadapter.war and than for the
aii_af_soapadapter.sda. Please do not modify the folder structure.
Deploy this modified sda with SDM. After the deployment you can double
check whether changes for web.xml is done on the file system, this
web.xml is located under
/usr/sap/xxx/DVEBMGS00/j2ee/cluster/server0/apps/sap.com/com.sap
.aii.af.soapadapter/servlet_jsp/XISOAPAdapter/root/WEB-INF.
I am not sure whether you will need to restart the J2EE after this
deployment to make the changes from web.xml active, please try it out.
Regards,
Bhavesh

How to do Handshake with tired party(bank) HTTPS URL from SAP PI server

Dear Expert,
I have developed bunch of scenarios, all are synchronous ABAP proxy to HTTP_AAE with bank on PI 7.4(dual stack). Bank web server is HTTPS enabled server. Our ABAP developments are still in progress also we have few issue in connection from ECC to PI.but that is not the focus of discussion here.
we want to do the handshake to check the connectivity with bank on their HTTPS URL from PI. Bank has provided the privet key for SSL from their server and corresponding public key they have maintained on their server. I have imported the private key under NWA -> Certificates -> Key Storage -> TrustedCA->Import Entry->Entry Type->PKCS#12->select the SSL.p12 file->import , also I have selected the option to "Use SSL" in HTTP_AAE receiver communication channel and selected the corresponding entryin "keystore view" and "keystore entry". All these I have done in our DEV system, and we are trying to connect our PI dev to bank Dev server.
Questions
Is there any specific steps to do the handshake with third party HTTPS(bank in my case) server? if not, how can we just test the HTTPS connectivity by using the SSL private installed on our PI server, without running the complete scenarios. Our PI has been installed on UNIX, and "telnet https url 443" is working, as network team has opened the HTTPS port.
We have not enabled the SSL technically on our PI server, and we have not installed any generated certificate from our PI server. Moreover, we have not made our PI url as "https:hostname:port" as we just need to communicate with bank by using their private key. Do you guys think we should enable the SSL? if yes, please explain why.
What is the best practice to test the connection with third party having HTTPS URL? how can I just assure HTTPS communication is working fine, before testing my actual scenarios.
Thanks for helping always.
Regards,
Farhan

Hi Farhan,
Some part of the blog is applicable for sending HTTPS request to partners/third party (Receiver SOAP Adapter).
If banks certificates are already in trustedCA, then, can you check if it also imported under user PIISuser under Identity management in NWA. If above 2 steps are done then i think your are good to go. But be careful when you install certificate, it should be in proper order.
As you already mentioned, connectivity is already established and you are able to PIng/telnet from pi server, connectivity looks ok.
While sending request, if you are getting 401 unauthorized, below might be the reason -
1. Certificate not installed correctly or some missing steps
2. Partner or TP is not ready to receive it, some certificate issue in there side.
other than 401 means you are ok (As per certificate and Connectivity) - 403 and 500 errors are next stops.
403 - error because of encoding method.
500 - data issue.
Regards
Aashish Sinha

Problems with SAP BC to post a request to https URL

Hello,
in a integration scenario one of our partners wants to send a xml to our server via https. 
I tried this internal with a test business connector. I simple use the WmPublic.pub.client http service. 
I try to post a record to an https:// URL and get an error. It seems that there is some trouble with the ssl handshake. However it is working in the browser. 
The option Security -> Certificates -> Trusted Certificates -> CA Certificates Directory is 'unspecified'. Therefore no server certificate should be reject. 
 
Now I got an 'iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure 
' error. I do not find any helpful entries in this forum. Did anyone solve this issue? 
 
Thank you, 
Nils 
 
error: 
2009-08-03 10:08:13 CEST iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure 
 at iaik.security.ssl.r.f(Unknown Source) 
 at iaik.security.ssl.x.b(Unknown Source) 
 at iaik.security.ssl.x.a(Unknown Source) 
 at iaik.security.ssl.r.d(Unknown Source) 
 at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) 
 at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source) 
 at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source) 
 at com.wm.net.NetURLConnection.trySSLConnect(NetURLConnection.java:691) 
 at com.wm.net.NetURLConnection.httpsConnect(NetURLConnection.java:562) 
 at com.wm.net.NetURLConnection.connect(NetURLConnection.java:171) 
 at com.wm.net.HttpURLConnection.getOutputStream(HttpURLConnection.java:419) 
 at com.wm.net.HttpContext.getOutputStream(HttpContext.java:578) 
 at com.wm.net.HttpContext.getOutputStream(HttpContext.java:554) 
 at com.wm.net.HttpContext.post(HttpContext.java:338) 
 at pub.client.http(client.java:512) 
 
SAP BC Info: 
Software 
Product webMethods Integration Server 
Version 4.6 (Standard Encryption) Release Notes 
Updates BC46_CoreFix7 
Build Number 940 + CoreFix 7 [Fixes 1-205 + SP1-3] 
SSL Standard (40-bit), Provider: IAIK 2.6 
 
Server Environment 
Java Version 1.3.1_20 (47.0) 
Java Vendor Sun Microsystems Inc. 
Java Home /usr/jdk1.3.1_20/jre 
Java VM Version 1.3.1_20-b03 
Java VM Info Java HotSpot(TM) Client VM (mixed mode) 
Classpath /usr/local/sapbc46/server/updates/BC46_CoreFix7.jar 
/usr/local/sapbc46/server/lib/server.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/local/sapbc46/server/lib/classes 
/usr/local/sapbc46/server/lib/client.jar 
/usr/local/sapbc46/server/lib/mail.jar 
/usr/local/sapbc46/server/lib/server.jar 
packages/SAP/code/classes 
packages/SAP/code/jars/static/inqmyxml.jar 
packages/SAP/code/jars/static/jARM.jar 
packages/SAP/code/jars/static/jCO.jar 
packages/SAP/code/jars/static/sapjco.jar 
packages/SAP/code/jars/static/sapxmltoolkit.jar 
packages/WmPartners/code/classes 
packages/WmWin32/code/classes 
OS Linux 
OS Platform i386 
OS Version 2.6.18.8-0.13-default 
Current User sapbc 
Working Dir /usr/local/sapbc46/server 

Ok - in this case you need to include to session based SSL setup in your flow (scenario).
The pub.security:setKeyAndChain and pub.security:clearKeyAndChain services are used to control which client certificate
the SAP BC server presents to remote servers. You need to use these services to switch between certificates and
certificate chains if you are not using aliases for remote servers.
List of services to be used:
pub.security:clearKeyAndChain
-- Associates the default key and certificate chain with the subsequent set of invoked services.
pub.security:setKeyAndChain
-- Processes a digital signature to make sure that the provided data has not been modified. The signature input is the DER encoding of the PKCS#7 SignedData object.
pub.security.pkcs7:sign
-- Creates a PKCS7 SignedData object.
pub.security.pkcs7:verify
-- Processes a digital signature to make sure that the provided data has not been modified.
pub.security.util:createMessageDigest
-- Generates a message digest for a given message.
pub.security.util:getCertificateInfo
-- Retrieves information (e.g., serial number, issuer, expiration date) from a digital certificate.
pub.security.util:loadPKCS7CertChain
-- Converts a certificate chain that is in PKCS7 format to a list (a one-dimensional array) of byte arrays.
Example:
Invoke pub.client:http to send data to Company D.
Invoke pub.security:setKeyAndChain using the key and certificate chain for Company B.
Invoke pub.client:http to send data to Company B.
Invoke pub.security:setKeyAndChain using the key and certificate chain for Company C.
Invoke pub.client:http to send data to Company C.
Invoke pub.security:clearKeyAndChain to revert back to the default key and certificate chain for Company
Au2019s server.
Invoke pub.client:http to send data to Company D.
Edited by: Kai Lerch-Baier on Aug 3, 2009 1:47 PM

Name of .crl and .crt file missing from HTTP URL in certificate details

Hello Everyone,
I am in the process of building a 2-tier Windows Server 2012 R2 PKI. The CA name of both the offline standalone root CA and enterprise subordinate CA have spaces in it (we'll call the CA name, 'Test Lab Root CA' for point of reference).
When I submitted the certificate request for the subordinate CA to the root CA and viewed the attributes/extensions of the pending request, I noticed the HTTP URL is missing the name of the .crt and .crl file.
The AIA extension reads URL=http://test.domainname.com/pki/.crt
in the issued certificate details.
The CDP extension reads URL=http://test.domainname.com/pki/.crl
in the issued certificate details.
The AIA and CDP location HTTP URLs are configured as http://test.domainname.com/pki/<CertificateName>.crt and http://test.domainname.com/pki/<CRLNameSuffix><DeltaCRLAllowed>.crl, respectively on the
root CA.
The LDAP URL shows the .crt and .crl file name (with %20 replacing the spaces) perfectly fine. The LDAP URL is configured using variables as well. It's just the HTTP URL that is missing the name of the file altogether.
I have read about the issue where spaces are not being replaced with %20 in the URL on Windows Server 2012 and a hotfix is available for that issue. But this issue seems to be slightly different and I'm running Windows Server 2012 R2. I tried installing
the hotfix to see if it would help, but the hotfix can't install because it doesn't apply to Server 2012 R2.
I've been trying to find a technet discussion or blog article for a week to see if anyone has seen this and what the fix is, but I'm coming up empty. I only find talks about %20 not replacing the space in the name.
Does anyone have any insight to my particular issue? I don't want to issue the subordinate CA certificate until I know the HTTP URL populates the CRL and CRT file name correctly. I can get around this by typing out the name of the file (with spaces and not
%20... e.g. http://test.domainname.com/pki/Test Lab Root CA.crl) in the URL via the registry and the URL displays the name of the file (with %20 in the name) when I do another certificate request and check the attributes/extensions in the
pending request. However, I prefer to avoid manually typing out the name of the file in the registry. I'd like to use the variables if at all possible.
Any help/guidance would be greatly appreciated.
Thank you.

On Fri, 27 Mar 2015 03:42:28 +0000, Brian Komar [MVP] wrote:
You have totally messed up the URLs.
If you run certutil -getreg ca\CRLPublicationURLs and certutil -getreg ca\CACertPublicationURLs, you will see that you do not have correct use of variables when compared to the settings that follow:
The URLs should be set to the following for an offline CA:
certutil -setreg CA\CRLPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n2:http://test.domainname.com/pki/%%3%%8%%9.crl"
*certutil -setreg CA\CACertPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://*test.domainname.com*/pki/%%1_%%3%%4.crt"*
For an issuing CA, they should be set to:
The URLs should be set to the following for an offline CA:*certutil -setreg CA\CRLPublicationURLs "65:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n6:http://test.domainname.com/pki/%%3%%8%%9.crl"*
*certutil -setreg CA\CACertPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://**test.domainname.com**/pki/%%1_%%3%%4.crt"*
Just a clarification here, if you're running the above certutil commands at
the command prompt you only need single % characters in the command line.
The double % characters are only required if the commands are being run in
a batch file.
Paul Adare - FIM CM MVP

Can any body help me in reading from HTTPS URL

I need to read an HTTPS URL and store the response within a table .
How will I manage to do it from within a servlet using URLConnection and openStream as it does'nt work .
How will JSSE help in this regard .
Since I also need to give the userid and password to get into the file and read the file
https://anyhost.com/readthisfile.html
somnath
Web Developer

Hi,
The Java Secure Socket Extension (JSSE) library from Sun Microsystems lets you access a secure Web server from behind a firewall via
proxy tunneling. To do this, the JSSE application needs to set the https.ProxyHost and https.ProxyPort system properties. The
tunneling code in JSSE checks for "HTTP 1.0" in the proxy's response. If your proxy, like many, returns "HTTP 1.1", you will get an
IOException. In this case, you need to implement your own HTTPS tunneling protocol.
In this article, I will show you how to create a secure socket that tunnels through the firewall, and pass it to the HTTPS stream handler to
open HTTPS URLs using the URLConnection class.
Open the http tunnel socket to the proxy
The first step to creating your secure socket is to open the tunneling socket to the proxy port. The code needed to do this proxy
handshaking can be found in the sample code SSLClientSocketWithTunneling.java that comes with the JSSE distribution. First, a normal socket is created that connects to
the proxy port on the proxy host (line 65). After the socket is created, it is passed to the doTunnelHandshake() method where the proxy's tunneling protocol is called:
54 SSLSocketFactory factory =
55 (SSLSocketFactory)SSLSocketFactory.getDefault();
56
57 /*
58 * Set up a socket to do tunneling through the proxy.
59 * Start it off as a regular socket, then layer SSL
60 * over the top of it.
61 */
62 tunnelHost = System.getProperty("https.proxyHost");
63 tunnelPort = Integer.getInteger("https.proxyPort").intValue();
64
65 Socket tunnel = new Socket(tunnelHost, tunnelPort);
66 doTunnelHandshake(tunnel, host, port);
In doTunnelHandshake(), an http "CONNECT" command is sent to the proxy, with the secure site's hostname and port number as the parameters (line 161). In the original
tunneling code on line 206 in JSSE, it then checks for "HTTP/1.0 200" in the proxy's reply. If your organization's proxy replies with "HTTP 1.1", an IOException will be
thrown. To get around this, the code here checks for the reply "200 Connection Established", which indicates that tunneling is successful (line 207). You can modify the
code to check for the expected corresponding response from your proxy:
139 private void doTunnelHandshake(Socket tunnel, String host, int port)
140 throws IOException
141 {
142 OutputStream out = tunnel.getOutputStream();
143 String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
144 + "User-Agent: "
145 + sun.net.www.protocol.http.HttpURLConnection.userAgent
146 + "\r\n\r\n";
147 byte b[];
148 try {
149 /*
150 * We really do want ASCII7 -- the http protocol doesn't change
151 * with locale.
152 */
153 b = msg.getBytes("ASCII7");
154 } catch (UnsupportedEncodingException ignored) {
155 /*
156 * If ASCII7 isn't there, something serious is wrong, but
157 * Paranoia Is Good (tm)
158 */
159 b = msg.getBytes();
160 }
161 out.write(b);
162 out.flush();
163
164 /*
165 * We need to store the reply so we can create a detailed
166 * error message to the user.
167 */
168 byte reply[] = new byte[200];
169 int replyLen = 0;
170 int newlinesSeen = 0;
171 boolean headerDone = false; /* Done on first newline */
172
173 InputStream in = tunnel.getInputStream();
174 boolean error = false;
175
176 while (newlinesSeen < 2) {
177 int i = in.read();
178 if (i < 0) {
179 throw new IOException("Unexpected EOF from proxy");
180 }
181 if (i == '\n') {
182 headerDone = true;
183 ++newlinesSeen;
184 } else if (i != '\r') {
185 newlinesSeen = 0;
186 if (!headerDone && replyLen < reply.length) {
187 reply[replyLen++] = (byte) i;
188 }
189 }
190 }
191
192 /*
193 * Converting the byte array to a string is slightly wasteful
194 * in the case where the connection was successful, but it's
195 * insignificant compared to the network overhead.
196 */
197 String replyStr;
198 try {
199 replyStr = new String(reply, 0, replyLen, "ASCII7");
200 } catch (UnsupportedEncodingException ignored) {
201 replyStr = new String(reply, 0, replyLen);
202 }
203
204 /* We check for Connection Established because our proxy returns
205 * HTTP/1.1 instead of 1.0 */
206 //if (!replyStr.startsWith("HTTP/1.0 200")) {
207 if(replyStr.toLowerCase().indexOf(
208 "200 connection established") == -1){
209 throw new IOException("Unable to tunnel through "
210 + tunnelHost + ":" + tunnelPort
211 + ". Proxy returns \"" + replyStr + "\"");
212 }
213
214 /* tunneling Handshake was successful! */
215 }
Overlay http tunnel socket with SSL socket
After you have successfully created the tunneling socket, you overlay it with the SSL socket. Again, this is not difficult to do:
54 SSLSocketFactory factory =
55 (SSLSocketFactory)SSLSocketFactory.getDefault();
56
57 /*
58 * Set up a socket to do tunneling through the proxy.
59 * Start it off as a regular socket, then layer SSL
60 * over the top of it.
61 */
62 tunnelHost = System.getProperty("https.proxyHost");
63 tunnelPort = Integer.getInteger("https.proxyPort").intValue();
64
65 Socket tunnel = new Socket(tunnelHost, tunnelPort);
66 doTunnelHandshake(tunnel, host, port);
67
68 /*
69 * Ok, let's overlay the tunnel socket with SSL.
70 */
71 SSLSocket socket =
72 (SSLSocket)factory.createSocket(tunnel, host, port, true);
73
74 /*
75 * register a callback for handshaking completion event
76 */
77 socket.addHandshakeCompletedListener(
78 new HandshakeCompletedListener() {
79 public void handshakeCompleted(
80 HandshakeCompletedEvent event) {
81 System.out.println("Handshake finished!");
82 System.out.println(
83 "\t CipherSuite:" + event.getCipherSuite());
84 System.out.println(
85 "\t SessionId " + event.getSession());
86 System.out.println(
87 "\t PeerHost " + event.getSession().getPeerHost());
88 }
89 }
90 );
The code had called the SSLSocketFactory's getDefault() method earlier to get an instance of the SSLSocketFactory (line 54, repeated above). Next, it passes the
tunneling socket that was created in the previous step to the createSocket() method of the SSLSocketFactory. The createSocket() method returns an SSLSocket that is
connected to the destination host and port via the proxy tunnel. You can optionally add a HandshakeCompletedListener to the socket if you wish to be informed when the
SSL handshaking is completed.
The SSLSocket created is basically ready for use to transfer secure contents. The startHandshake() method is called to start the SSL handshaking (line 98). After which, you
can issue the http "GET" command to retrieve the secure pages (line 105):
91
92 /*
93 * send http request
94 *
95 * See SSLSocketClient.java for more information about why
96 * there is a forced handshake here when using PrintWriters.
97 */
98 socket.startHandshake();
99
100 PrintWriter out = new PrintWriter(
101 new BufferedWriter(
102 new OutputStreamWriter(
103 socket.getOutputStream())));
104
105 out.println("GET http://www.verisign.com/index.html HTTP/1.0");
106 out.println();
107 out.flush();
However, issuing http commands to the tunneling SSL socket to access Webpages is not ideal because it would mean having to rewrite the whole http protocol handler from
scratch. Instead, you should use the HTTPS URL APIs that the JSSE already includes for that purpose. To do this, you have to pass the tunneling SSL socket to the HTTPS URL
stream handler.
Pass SSL socket to HTTPS URL stream handler
The JSSE library has an HttpsURLConnection class that is in the com.sun.net.ssl package, which extends the java.net.URLConnection class. An HttpsURLConnection object
is returned by the URL object's openConnection() method when "HTTPS" is specified as the protocol. The HttpsURLConnection class has a method, setSSLSocketFactory(),
that lets you set an SSLSocketFactory of your choice. To pass the tunneling SSL socket to the HTTPS URL stream handler, you would set the setSSLSocketFactory()
method's parameter with a socket factory that returns the tunneling SSL socket that you created previously.
To do this, you would wrap the code discussed previously in an SSLTunnelSocketFactory class that extends from the SSLSocketFactory class. The SSLSocketFactory is an
abstract class. To extend it, you must implement the createSocket() method to return the tunneling SSL socket that you created earlier:
12 public SSLTunnelSocketFactory(String proxyhost, String proxyport){
13 tunnelHost = proxyhost;
14 tunnelPort = Integer.parseInt(proxyport);
15 dfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
16 }
44 public Socket createSocket(Socket s, String host, int port,
45 boolean autoClose)
46 throws IOException,UnknownHostException
47 {
48
49 Socket tunnel = new Socket(tunnelHost,tunnelPort);
50
51 doTunnelHandshake(tunnel,host,port);
52
53 SSLSocket result = (SSLSocket)dfactory.createSocket(
54 tunnel,host,port,autoClose);
55
56 result.addHandshakeCompletedListener(
57 new HandshakeCompletedListener() {
58 public void handshakeCompleted(HandshakeCompletedEvent event) {
59 System.out.println("Handshake finished!");
60 System.out.println(
61 "\t CipherSuite:" + event.getCipherSuite());
62 System.out.println(
63 "\t SessionId " + event.getSession());
64 System.out.println(
65 "\t PeerHost " + event.getSession().getPeerHost());
66 }
67 }
68 );
69
70 result.startHandshake();
71
72 return result;
73 }
Notice that the SSLTunnelSocketFactory contains a default SSLSocketFactory object. The default SSLSocketFactory object can be instantiated from a call to the static
method getDefault() (line 15). You need this SSLSocketFactory object to overlay the tunnel socket with the SSL socket, as discussed earlier. You also call the default
object's getDefaultCipherSuites() and getSupportedCipherSuites() methods when implementing the corresponding abstract methods of the SSLSocketFactory super
class. For implementation details, please refer to the complete source code for the SSLTunnelSocketFactory in Resources.
Tunnel through the proxy via URLConnection
To tunnel through the proxy via URLConnection in your JSSE application, after you call the openConnection() method, check if the returned object is that of the
HttpsURLConnection. If so, you instantiate your SSLTunnelSocketFactory object and set it in the setSSLSocketFactory() method (lines 22 through 25):
10 public class URLTunnelReader {
11 private final static String proxyHost = "proxy.sg.ibm.com";
12 private final static String proxyPort = "80";
13
14 public static void main(String[] args) throws Exception {
15 System.setProperty("java.protocol.handler.pkgs",
16 "com.sun.net.ssl.internal.www.protocol");
17 //System.setProperty("https.proxyHost",proxyHost);
18 //System.setProperty("https.proxyPort",proxyPort);
19
20 URL verisign = new URL("https://www.verisign.com");
21 URLConnection urlc = verisign.openConnection(); //from secure site
22 if(urlc instanceof com.sun.net.ssl.HttpsURLConnection){
23 ((com.sun.net.ssl.HttpsURLConnection)urlc).setSSLSocketFactory
24 (new SSLTunnelSocketFactory(proxyHost,proxyPort));
25 }
26
27 BufferedReader in = new BufferedReader(
28 new InputStreamReader(
29 urlc.getInputStream()));
30
31 String inputLine;
32
33 while ((inputLine = in.readLine()) != null)
34 System.out.println(inputLine);
35
36 in.close();
37 }
38 }
You can then access the HTTPS URLs using the APIs provided by the URLConnection class. You don't need to worry about the format of the http GET and POST commands,
which you would if you used the SSL Socket APIs.
The complete source code for the SSLTunnelSocketFactory and the application code that connects to a secure URL using proxy tunneling is included in Resources. To
compile and run the application, you would need to download and install Sun's JSSE from its Website, also listed in Resources.
Conclusion
If your JSSE application could not tunnel through your organization's firewall, you need to implement your own tunneling socket. The sample code included with the JSSE
distribution shows you how to open an SSL socket tunnel. This article goes one step further to show you how to pass the tunneling socket to the HTTPS URL stream handler,
and saves you the trouble of rewriting a http handler
I hope this will help you.
Thanks
Bakrudeen

Accessing https url EBS R12.1.3 leads to "Internet Explorer cannot display the webpage"

Hi all,
DB:11.2.0.3.0
EBS:12.1.3
O/S:Solaris SPARC 64 bits
I.E Browser: 9.0
Problem Description
Cloned target database TEST1 from source database TEST2 RMAN full backup. But on accessing https url EBS R12.1.3 leads to "Internet Explorer cannot display the webpage"?
Autoconfig completes successfully on both DB and Apps Tier and have also ran ojspcompile but still the same issue.
$ perl ojspCompile.pl --compile --flush -p 2
logfile set: /t000/test1/inst/apps/TEST1_Hostname/logs/appl/rgf/ojsp/ojsp
starting...(compiling all)
using 10i internal ojsp ver: 10
synchronizing dependency file:
loading deplist...8095
enumerating jsps...8095
updating dependency...0
initializing compilation:
eliminating children...6024 (-2071)
translating and compiling:
translating jsps...6024/6024 in 7m50s
compiling jsps...6024/6024 in 35m17s
Finished!
Bounced the services there after still the same issue. Could anyone please share the fix if encountered such an issue before.
Thanks for your time,
user10088255

Apache logs have the below entry:
[Sun Oct 27 02:30:11 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 02:30:11 2013] [notice] Accept mutex: fcntl (Default: fcntl)
[Sun Oct 27 03:03:02 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 03:03:02 2013] [notice] Accept mutex: fcntl (Default: fcntl)
[Sun Oct 27 04:04:59 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 04:04:59 2013] [notice] Accept mutex: fcntl (Default: fcntl)
[Sun Oct 27 04:29:54 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 04:29:54 2013] [notice] Accept mutex: fcntl (Default: fcntl)

HTTP url check not working

I have a simple http check, and it doesn't seem to check the URL at all.
probe http URL_Check
interval 10
passdetect interval 3
passdetect count 2
request method get url /index.shtml
expect status 200 200
open 1
expect regex "testtest1234test"
Here is the details of the probe:
sh probe URL_Check detail
probe : URL_Check
type : HTTP
state : ACTIVE
description :
port : 80 address : 0.0.0.0 addr type : -
interval : 10 pass intvl : 3 pass count : 2
fail count: 3 recv timeout: 10
http method : GET
http url : /index.shtml
conn termination : GRACEFUL
expect offset : 0 , open timeout : 1
expect regex : testtest1234test
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
serverfarm : test
real : CHILD[0]
192.168.219.2 80 DEFAULT 35 0 35 SUCCESS
Socket state : CLOSED
No. Passed states : 1 No. Failed states : 0
No. Probes skipped : 0 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : -
Last probe time : Thu Sep 24 00:56:52 2009
Last fail time : Never
Last active time : Thu Sep 24 00:51:12 2009
Any help would be great!

looks like the issue is that the server isn't passing the content-length field.

HTTP probe issue with expect regex string

Hello,
We have a simple cgi status page setup to poll a background service and return a "PASS" or "FAIL" as output. I've setup an HTTP probe to look for the "PASS" to determine application health. The issue appears to be that the expect regex is searching the HEADER but not the BODY of the web page. I can successfully match on any string in the header, but never on anything in the body.
Here is what the web page returns if you telnet to it:
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 22:45:07 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2
Content-Length: 4
Connection: close
Content-Type: text/plain; charset=iso-8859-1
PASS
Here is my probe:
probe http JOE-TEST-CS
interval 45
passdetect interval 30
receive 30
request method get url /cgi-bin/ERMS-PREP-statusRepo.cgi
expect status 0 999
open 20
expect regex "PASS"
Here is the output of the show probe:
ACE1/euhr-test-ace2# sh probe JOE-TEST-CS detail
probe       : JOE-TEST-CS
type        : HTTP
state       : ACTIVE
description :
   port      : 80      address     : 0.0.0.0         addr type : -
   interval : 45      pass intvl : 30              pass count : 3
   fail count: 3       recv timeout: 30
   http method      : GET
   http url         : /cgi-bin/ERMS-PREP-statusRepo.cgi
   conn termination : GRACEFUL
   expect offset    : 0         , open timeout     : 20
   expect regex     : PASS
   send data        : -
                       --------------------- probe results --------------------
   probe association   probed-address probes     failed     passed     health
   ------------------- ---------------+----------+----------+----------+-------
   serverfarm : JOE-TEST-PROBE-CS
     real      : EUHRTDM50.APP[0]
                       192.168.73.71   2          2          0          FAILED
   Socket state        : CLOSED
   No. Passed states   : 0         No. Failed states : 1
   No. Probes skipped : 0         Last status code : 200
   No. Out of Sockets : 0         No. Internal error: 0
   Last disconnect err : User defined Reg-Exp was not found in Host Response
Last probe time     : Thu Sep 22 15:00:36 2011
   Last fail time      : Thu Sep 22 15:00:36 2011
   Last active time    : Thu Sep 22 09:40:19 2011
If I replace the expect regex "PASS" with anything from the HEADER it succeeds!
Any thoughts?

Sorry, I missed it. The content-length in your request is 4. I think this may be the issue. I created a basic HTML page that says PASS in the body and my server is returning a content-length of 224 when I fetch the page. Here is my HTML request:
GET /index.html
http-equiv="Content-Type">
Probe
PASS
Here are my headers that I received:
(Status-Line)    HTTP/1.1 200 OK
Content-Length    224
Content-Type    text/html
Last-Modified    Tue, 27 Sep 2011 12:05:00 GMT
Accept-Ranges    bytes
Etag    "8cca60aed7dcc1:41f"
Server    Microsoft-IIS/6.0
Date    Tue, 27 Sep 2011 12:25:59 GMT
What version of code are you running on your ACE? I can also look to see if there are any known issues.
Kris

Resolving non http urls in JSP

When I include an html hyperlink in my JSP as follows :
Yahoo
then the hyperlink on the web page points to
http://www.yahoo.com
However if I write the hyperlink as
Yahoo
then the hyperlink on the web page is wrongly created as
http://<hostname>/www.yahoo.com
This seems to be an issue with the JSP engine. I am using weblogic.
Is there any way to resolve the non http urls?

This has nothing to do with the JSP engine.
<a href="www.yahoo.com">Yahoo</a> IS not a JSP tag and is not touched by the JSP engine.
The problem you have is just your WEBBROWSER interpreting the url wrongly mainly becasue you have forgotten to provided the protocol your webbrowser has to use.

Problem while creating partner link using https URL

Hi,
To create the partnerlink using https URL, I had done the following:
-Imported the self signed certificate into the OraBPELPM_\jdk\jre\lib\security\cacert
-Added following entries in OraBPELPM_1\integration\jdev\jdev\bin\jdev.conf
AddVMOption -Djavax.net.ssl.keyStore=E:\OraBPELPM_1\jdk\jre\lib\security\cacert
AddVMOption -Djavax.net.ssl.keyStorePassword=esbtest123
I am not able to create partner link using URL https://localhost/orabpel/default/ErrorHandlerBPEL/1.0/ErrorHandlerBPEL?wsdl .
Able to create partnerlink using same URL if I replace https with http.
Did I miss any other configuration that needs to done to create partnerlink using https in JDeveloper BPEL Designer.
Thanks,
-Vidya

Hi,
I too have the same issue. Appriciate if you share some knowledge on this issue.
Thanks
Aravinda

The https URL hostname does not match the Common Name (CN) on the server.

Hi,
I am getting the following error while trying to use https with our self-signed certificates.
javax.xml.ws.soap.SOAPFaultException: Marshalling Error: The https URL hostname does not match the Common Name (CN) on the server certificate. To disable this check (NOT recommended for production) set the CXF client TLS configuration property "disableCNCheck" to true.
The above error is the error I get, when I try to use the Web Services using https.
I have added the following lines in cxf.xml but it still doesn't seem to work correctly.
<http-conf:conduit name="*.http-conduit">

<http-conf:tlsClientParameters disableCNCheck="true" />
Kindly let me know on what would be the issue here?.

I had P2V'd a SQL 2008 server and was having this issue. I tried everything I could find to get the affinity corrected; setting the Lock Pages security policy, trying the affinity commands in Single User mode, etc.
Then wrighbar's response got me headed in the right direction, but I ran into an issue where the previous engineer had set the Physical SQL server to have affinity on procs 9-16 of a 16 proc box, I could only set up to 8 procs on my VM. After searching
for a while for registry keys or config files that might be editable to change the affinity I couldn't find where SQL got that information from. Finally it hit me, maybe it's stored in the master or msdb datatbases.
SOLUTION: I was able to go back to the original Physical machine, change the affinity settings there, Stop SQL on both boxes, then copied MASTER, MODEL, MSDB, TEMPDB from the original Physical machine to the new virtual machine. All services started
OK on the virtual machine now and affinity was set the way I needed it.

How to read XML file kept on NON-SAP server using the Http URL ?

Dear Experts,
I am working on CRM2007 web UI. I need to read a XML file placed on a shared server location by a third party program. Then process that XML file into CRM and create a quotation using the data extracted from the file.
All i have with me is the http URL that points to the location of the file.
I am supposed to read the file , create quotation and at later point of time i would be asked to update the quotation and then generated new XML representing updated quotation and replace the XML file on shared server location with this new updated XML file.
I know how to extract data from XML file into ABAP but i have no clue as to how to access the file on some other server using the http url i have and how to read it ?
I searched on the forum and i found the codes for reading XML file that is located either on client machine OR on the Application server wheareas my file is on some other than sap application server.
Please help me as its an urgent issue .
Points will be rewarded for sure.
Please help.
Thanks in advance,
Suchita.
p.s. : the http url to the file location is like -->
http://SomeServerDomain/SomeDirectory/file.xml

hi,
interesting task.
to request the file by a http call you need to create an if_http_client object.
More info is [here|http://help.sap.com/saphelp_nwmobile71/helpdata/en/e5/4d350bc11411d4ad310000e83539c3/frameset.htm]
to parse the file you either have to work with the ixml packages ([info|http://help.sap.com/saphelp_nwmobile71/helpdata/en/47/b5413acdb62f70e10000000a114084/content.htm]) or you use an XSLT transformation ([info|http://help.sap.com/saphelp_nwmobile71/helpdata/en/a8/824c3c66177414e10000000a114084/content.htm]).
uploading the final file isn't so easy. if you only have http, you should write a server script to allow uploading of the new file and copying it into the place of the old file. but you definitely need the script.
now it's your take. depending on how experienced you are in ABAP and networking this might turn out to be easy or pretty complicated.
have fun,
anton

Regarding Https Url Iview

We are using a https URL in URL iview and it is causing the issue. The issue is it is going out of the portal, thought it is opened in the same window.
The portal URL is not more seen and is overwritten by the URL iview URL, and also the portal top menu is not seen.
But the same thing is working fine with http URLs.I think the issue is with https.
Can somebody please help me?
Thanks

Hi,
did you have a look at the html-coding of the pages you are trying to call via URL-iView? Is there maybe something like 'target=top' or 'target=parent'? I think this might be a reason for the error you are describing
Kind regards
karin

OS X10.4.11 update, Safari won't connect to secure (HTTPS) URLs

Didn't find any discussion of this particular symptom of the update, so thought I'd ask.
Installed 10.4.11 update over the weekend, which contained Safari v3.0.4. After the (uneventful) install and reboot, I'm unable to connect to any secure (HTTPS) URL. Browser seems to work on non-secure connections (HTTP). My FIREFOX browser on the same machine still works.
Haven't experienced any crashing or other OS issues, only the "Can't make a secure connection" with Safari (so far).
Suggestions would be appreciated.

Did you recently install the latest Security upgrade, but did not "repair permissions" on the restart? If so, that's your answer. I have found it essential to "Repair permissions" before and after any Apple system update, or Security update. Otherwise oddities may appear in the operating system.
Also, sometimes reapplying the Combo Update specific to your current version of OS X remedies these types of problems. Here too, it's important to "repair permissions" etc.

HTTP url issue

Similar Messages

Maybe you are looking for