SSL - IllegalStateException
I'm using IIS 5.0, jdk1.4.1 and tomcat.
I installed SSL with certificates and it works.
But in every second my server prompt "IllegalStateException" while i'm using SSL.
What's this and how to resolve it?
Thanx!
Hi, and i found solution:
1. install isapi_redirect.dll to IIS.
So IIS will recognize tomcat and port 8080 is not anymore needed.
Information about this, you will find everywhere in net.
2. comment out HTTP and HTTPS connector on server.xml.
Let only AJP12 connector, this is needed (to communicate between IIS and tomcat)
And thats all:)
Now you can use HTTP and HTTPS in tomcat service under IIS
More information:
www.verysimple.com/scripts/support_tc_iis.html
Similar Messages
-
BPM Login page failing to load once SSL enabled.
Hi Experts,
I have added the SSL certificate following the Oracle documentation. I am able to logging admin server on the ssl port.
When I enable the ssl for the Soa managed server the BPM login page opens up but it fails to load the page after I pass the right credentials. What I have observed is that when i uncheck the SSL option of the SOA Managed server I am able to login into the BPM server but the moment I enable the SSL port of the manage server the BPM login page fails to open the page even though I am passing correct credentials.
I also followed below steps from Oracle document but the issue remains the same. Please let me know the direction to solve the problem.
http://docs.oracle.com/cd/E23943_01/admin.1111/e10226/soacompapp_secure.htm#SOAAG3556
5.6.3 Switching from Non-SSL to SSL Configurations with Oracle BPM Worklist
Switching from non-SSL to SSL configurations with Oracle BPM Worklist requires the Frontend Host and Frontend HTTPS Port fields to be set in Oracle WebLogic Server Administration Console. Not doing so results in exception errors when you attempt to create to-do tasks.
To switch from non-SSL to SSL configurations with Oracle BPM Worklist:
Log in to Oracle WebLogic Server Administration Console.
In the Environment section, select Servers.
Select the name of the managed server (for example, soa_server1).
Select Protocols, then select HTTP.
In the Frontend Host field, enter the hostname on which Oracle BPM Worklist is located.
In the Frontend HTTPS Port field, enter the SSL listener port.
Click Save.
ERROR Message:
####<Mar 17, 2015 5:31:51 PM IST> <Error> <HTTP> <> <soa_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <3f588ce9549b684b:-50d4a8ec:14c27930165:-8000-0000000000000250> <1426593711338> <BEA-101020> <[ServletContext@1286170942[app:OracleBPMWorkspace module:/bpm/workspace path:/bpm/workspace spec-version:2.5]] Servlet failed with Exception
java.lang.IllegalStateException: Response already committed
at weblogic.servlet.internal.ServletResponseImpl.objectIfCommitted(ServletResponseImpl.java:1629)
at weblogic.servlet.internal.ServletResponseImpl.sendRedirect(ServletResponseImpl.java:845)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at com.sun.faces.context.ExternalContextImpl.redirect(ExternalContextImpl.java:421)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at oracle.adfinternal.view.faces.config.rich.DetectRedirect.redirect(DetectRedirect.java:47)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at oracle.adf.view.rich.context.UriManagerBase.addQueryParameters(UriManagerBase.java:43)
at oracle.adfinternal.view.faces.webapp.rich.UriManagerImpl.addQueryParameters(UriManagerImpl.java:28)
at oracle.adfinternal.controller.util.AdfvInterfaceImpl.addQueryParameters(AdfvInterfaceImpl.java:204)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:727)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:451)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:79)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:538)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:310)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:87)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:520)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:527)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:159)
at jsp_servlet.__index._jspService(__index.java:79)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
####<Mar 17, 2015 5:31:51 PM IST> <Notice> <Diagnostics> <> <soa_server1> <[STANDBY] ExecuteThread: '16' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <3f588ce9549b684b:-50d4a8ec:14c27930165:-8000-0000000000000257> <1426593711354> <BEA-320068> <Watch 'UncheckedException' with severity 'Notice' on server 'soa_server1' has triggered at Mar 17, 2015 5:31:51 PM IST. Notification details:
WatchRuleType: Log
WatchRule: (SEVERITY = 'Error') AND ((MSGID = 'WL-101020') OR (MSGID = 'WL-101017') OR (MSGID = 'WL-000802') OR (MSGID = 'BEA-101020') OR (MSGID = 'BEA-101017') OR (MSGID = 'BEA-000802'))
WatchData: DATE = Mar 17, 2015 5:31:51 PM IST SERVER = soa_server1 MESSAGE = [ServletContext@1286170942[app:OracleBPMWorkspace module:/bpm/workspace path:/bpm/workspace spec-version:2.5]] Servlet failed with Exception
java.lang.IllegalStateException: Response already committed
at weblogic.servlet.internal.ServletResponseImpl.objectIfCommitted(ServletResponseImpl.java:1629)
at weblogic.servlet.internal.ServletResponseImpl.sendRedirect(ServletResponseImpl.java:845)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
at com.sun.faces.context.ExternalContextImpl.redirect(ExternalContextImpl.java:421)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at oracle.adfinternal.view.faces.config.rich.DetectRedirect.redirect(DetectRedirect.java:47)
at org.apache.myfaces.trinidad.context.ExternalContextDecorator.redirect(ExternalContextDecorator.java:303)
at oracle.adf.view.rich.context.UriManagerBase.addQueryParameters(UriManagerBase.java:43)
at oracle.adfinternal.view.faces.webapp.rich.UriManagerImpl.addQueryParameters(UriManagerImpl.java:28)
at oracle.adfinternal.controller.util.AdfvInterfaceImpl.addQueryParameters(AdfvInterfaceImpl.java:204)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:727)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:451)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:79)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:538)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:310)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:87)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:520)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:527)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:159)
at jsp_servlet.__index._jspService(__index.java:79)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
SUBSYSTEM = HTTP USERID = <WLS Kernel> SEVERITY = Error THREAD = [ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)' MSGID = BEA-101020 MACHINE = INHYDL1289 TXID = CONTEXTID = 3f588ce9549b684b:-50d4a8ec:14c27930165:-8000-0000000000000250 TIMESTAMP = 1426593711338
WatchAlarmType: AutomaticReset
WatchAlarmResetPeriod: 30000
>
####<Mar 17, 2015 5:32:28 PM IST> <Info> <Health> <INHYDL1289> <soa_server1> <weblogic.GCMonitor> <<anonymous>> <> <3f588ce9549b684b:-50d4a8ec:14c27930165:-8000-0000000000000085> <1426593748529> <BEA-310002> <14% of the total memory in the server is free>Hi,
Are you using your own certificates for SSL? If yes,you must remove references to the demo certificates by removing the following line from the setDomainEnv file for your version of the operating system.
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks
Also check that the path for truststore are properly set in setDomainEnv.sh/Cmd file. -
Getting java.lang.IllegalStateException while starting new transaction.
Hi All,
I am writing a simple web application(using netbeans visual jsf) but not able to proceed forward. I am encountering this "java.lang.IllegalStateException: Operation not allowed" when I try to start a new transaction.
Here's my code for session bean:
@Resource(name= "UserTransactionResource", mappedName="UserTransactionMapped")
private UserTransaction utx;
@PersistenceUnit(unitName = "myproj-ejbPU")
private EntityManagerFactory emf;
private EntityManager getEntityManager() {
return emf.createEntityManager();
public void save(UserProfile userprofile) throws Exception {
EntityManager em = getEntityManager();
try {
utx.begin();
em.joinTransaction();
em.persist(userprofile);
utx.commit();
catch (Exception ex) {
try {
System.out.println(ex.toString()); ---------------> prints java.lang.IllegalStateException: Operation not allowed
utx.rollback();
throw new Exception(ex.getLocalizedMessage());
catch (Exception e) {
throw new Exception(e.getLocalizedMessage());
finally {
em.close();
}This is what is seen in glassfish server log:
java.lang.IllegalStateException: Operation not allowed.
java.lang.Exception: Operation not allowed.
javax.faces.el.EvaluationException: java.lang.Exception: Operation not allowed.
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:91)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:91)
at com.sun.rave.web.ui.appbase.faces.ActionListenerImpl.processAction(ActionListenerImpl.java:91)
Please help me. I am totally stuck here. I am new to both jsf and ejbs. And i was referring this link http://www.packtpub.com/article/Building-JSF-EJB3-Applications
Thanks,
blue_devThanks for having a look at it.
I tried this: System.out.println(ex.getCause()); , but it only prints null.
I have pasted part of my glassfish server log which is quite big. I am not able to figure out the root cause of this problem. But my transaction object "utx" is causing this, i guess. Maybe this server log can give some clues.
java.lang.IllegalStateException: Operation not allowed.
java.lang.Exception: Operation not allowed.
javax.faces.el.EvaluationException: java.lang.Exception: Operation not allowed.
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:91)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:91)
at com.sun.rave.web.ui.appbase.faces.ActionListenerImpl.processAction(ActionListenerImpl.java:91)
at javax.faces.component.UICommand.broadcast(UICommand.java:383)
at com.sun.webui.jsf.component.WebuiCommand.broadcast(WebuiCommand.java:160)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:447)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:752)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:97)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
at com.sun.faces.extensions.avatar.lifecycle.PartialTraversalLifecycle.execute(PartialTraversalLifecycle.java:94)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:333)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at com.sun.webui.jsf.util.UploadFilter.doFilter(UploadFilter.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:313)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:380)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.Exception: Operation not allowed.
WebModule[/miq-war]#{Register.submitButton_action}: java.lang.Exception: Operation not allowed.
javax.faces.FacesException: #{Register.submitButton_action}: java.lang.Exception: Operation not allowed.
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:107)
at com.sun.rave.web.ui.appbase.faces.ActionListenerImpl.processAction(ActionListenerImpl.java:91)
at javax.faces.component.UICommand.broadcast(UICommand.java:383)
Caused by: javax.faces.el.EvaluationException: java.lang.Exception: Operation not allowed.
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:91)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:91)
... 43 more
Caused by: java.lang.Exception: Operation not allowed.
executePhase(RENDER_RESPONSE 6,com.sun.faces.context.FacesContextImpl@131a5af) threw exception
com.sun.rave.web.ui.appbase.ApplicationException: #{Register.submitButton_action}: java.lang.Exception: Operation not allowed.
at com.sun.rave.web.ui.appbase.faces.ViewHandlerImpl.cleanup(ViewHandlerImpl.java:603)
at com.sun.rave.web.ui.appbase.faces.ViewHandlerImpl.renderView(ViewHandlerImpl.java:311)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
.................................. -
Use a different KeyStore type for the SSL keystore
i use SUN Application Server PE 8 (with the included JDK 1.4.2) on Windows XP.
i want to configure a HTTP listener in a way that it uses the private key and certificate for SSL from a different keystore. the keystore is a PKCS11 keystore from an IAIK PKCS#11 Provider.
i know how to configure a HTTP listener using SSL (HTTPS) in principle. i get it working using a JKS keystore, i.e. the format of the SUN file keystore.
i added a new JCE provider (i.e. the IAIK PKCS#11 Provider) to the underlying JDK in the java.security file (i am quite familiar with JCA/JCE stuff). i added it in a way which works with JSSE and Java 1.4 in other stand-alone applications.
then i modified the SSL settings of that listener to use the name of my private key in my keystore. the entry in the domain.xml looks like this.
<http-listener acceptor-threads="100" address="0.0.0.0" default-virtual-server="server" enabled="true" id="http-listener-2" port="1053" security-enabled="true" server-name="" xpowered-by="true">
<ssl cert-nickname="CN=testcomputer1,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT" client-auth-enabled="false" ssl2-enabled="false" ssl3-enabled="true" ssl3-tls-ciphers="+rsa_rc4_128_md5,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_des_56_sha,-rsa_rc4_56_sha" tls-enabled="true" tls-rollback-enabled="true"/>
</http-listener>
in addition i changed a JVM option and added two new ones to configure JSSE to use the correct key store
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/pkcs11keystore.p11</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStorePassword=1234</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStoreType=PKCS11</jvm-options>
when i tried to start the server, i got an error from the ORB. it looked like this:
[#|2005-08-12T10:39:53.615+0200|WARNUNG|sun-appserver-pe8.0.0_01|javax.enterprise.system.stream.err|_ThreadID=10;|java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.launcher.ChildMain.run(ChildMain.java:269)
Caused by: java.lang.ExceptionInInitializerError
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.init(IIOPSSLSocketFactory.java:216)
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.<init>(IIOPSSLSocketFactory.java:129)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:308)
at java.lang.Class.newInstance(Class.java:261)
at com.sun.corba.ee.impl.orb.ParserTable$3.operate(ParserTable.java:460)
at com.sun.corba.ee.impl.orb.NormalParserAction.apply(NormalParserAction.java:22)
at com.sun.corba.ee.spi.orb.PropertyParser.parse(PropertyParser.java:52)
at com.sun.corba.ee.spi.orb.ParserImplBase.init(ParserImplBase.java:56)
at com.sun.corba.ee.impl.orb.ORBDataParserImpl.<init>(ORBDataParserImpl.java:339)
at com.sun.corba.ee.impl.orb.ORBImpl.postInit(ORBImpl.java:421)
at com.sun.corba.ee.impl.orb.ORBImpl.set_parameters(ORBImpl.java:498)
at org.omg.CORBA.ORB.init(ORB.java:337)
at com.sun.enterprise.util.ORBManager.createORB(ORBManager.java:343)
at com.sun.enterprise.util.ORBManager.init(ORBManager.java:230)
at com.sun.enterprise.server.J2EEServer.createORB(J2EEServer.java:336)
at com.sun.enterprise.server.J2EEServer.run(J2EEServer.java:180)
at com.sun.enterprise.server.J2EEServer.main(J2EEServer.java:600)
at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:232)
at com.sun.enterprise.server.PEMain.run(PEMain.java:210)
at com.sun.enterprise.server.PEMain.main(PEMain.java:172)
... 5 more
Caused by: java.lang.IllegalStateException: Invalid keystore format
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:68)
... 29 more
|#]
i thought it uses the same keystore. thus, i changed the NickName in the SSL configuration of the ORB listeners to use the same key. this did not solve the problem. then i tried to remove all SSL-enabled listeners for the ORB. the ORB should not use SSL at all. however, this did not help either. i get the same error. it seems that there is some code involved here which prevents using a different key store type.
can anyone help solving this problem, or at least finding the actual reason? one does not need a hardawre keystore to reproduce this problem. using a PKCS#12 keystore produces the same error; i.e. change the keystore type to "PKCS12" (implemented in the SUN JSSE provider) and the keystore file and password accordingly. i tried this with the standard configuration of the JDK, i.e. without any additional JCE providers.
please tell me how i can use a different key store type for SSL (HTTPS).
KarlApplication Server PE only supports "JKS" format. If you are interested in support for other formats, please submit a request for enhancement on project glassfish (Open Source application server) http://glassfish.dev.java.net.
If you have time, you might want to checkout and look at the source in glassfish/appserv-core/src/java/com/sun/enterprise/security/SecuritySupportImpl.java.
You should be able to fix it on your own.
Hope this helps, -
Hi, I have a page which renders different panels depending on user input. Everything works fine on the initial go around however when i leave that page and then come back to it i get the following exception and i have no idea why or what it means.
phase(RESTORE_VIEW 1,com.sun.faces.context.FacesContextImpl@289875) threw exception: java.lang.IllegalStateException null
org.apache.coyote.tomcat5.CoyoteResponseFacade.sendError(CoyoteResponseFacade.java:406)
org.apache.shale.remoting.impl.AbstractResourceProcessor.sendNotModified(AbstractResourceProcessor.java:528)
org.apache.shale.remoting.impl.AbstractResourceProcessor.process(AbstractResourceProcessor.java:107)
org.apache.shale.remoting.faces.RemotingPhaseListener.afterPhase(RemotingPhaseListener.java:102)
com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:278)
com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
com.sun.faces.extensions.avatar.lifecycle.PartialTraversalLifecycle.execute(PartialTraversalLifecycle.java:80)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
com.sun.webui.jsf.util.UploadFilter.doFilter(UploadFilter.java:240)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:81)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:207)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:249)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:618)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:549)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:790)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:326)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:248)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:199)
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:93)
phase(RESTORE_VIEW 1,com.sun.faces.context.FacesContextImpl@8f2e81) threw exception: java.lang.IllegalStateException null
org.apache.coyote.tomcat5.CoyoteResponseFacade.sendError(CoyoteResponseFacade.java:406)
org.apache.shale.remoting.impl.AbstractResourceProcessor.sendNotModified(AbstractResourceProcessor.java:528)
org.apache.shale.remoting.impl.AbstractResourceProcessor.process(AbstractResourceProcessor.java:107)
org.apache.shale.remoting.faces.RemotingPhaseListener.afterPhase(RemotingPhaseListener.java:102)
com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:278)
com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
com.sun.faces.extensions.avatar.lifecycle.PartialTraversalLifecycle.execute(PartialTraversalLifecycle.java:80)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
com.sun.webui.jsf.util.UploadFilter.doFilter(UploadFilter.java:240)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:81)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:207)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:249)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:618)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:549)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:790)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:326)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:248)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:199)
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:93)
phase(RESTORE_VIEW 1,com.sun.faces.context.FacesContextImpl@36197d) threw exception: java.lang.IllegalStateException null
org.apache.coyote.tomcat5.CoyoteResponseFacade.sendError(CoyoteResponseFacade.java:406)
org.apache.shale.remoting.impl.AbstractResourceProcessor.sendNotModified(AbstractResourceProcessor.java:528)
org.apache.shale.remoting.impl.AbstractResourceProcessor.process(AbstractResourceProcessor.java:107)
org.apache.shale.remoting.faces.RemotingPhaseListener.afterPhase(RemotingPhaseListener.java:102)
com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:278)
com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
com.sun.faces.extensions.avatar.lifecycle.PartialTraversalLifecycle.execute(PartialTraversalLifecycle.java:80)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
com.sun.webui.jsf.util.UploadFilter.doFilter(UploadFilter.java:240)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:81)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:207)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:249)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:618)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:549)
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:790)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:326)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:248)
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:199)
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:93)Can anyone give me a hand? any help would be appreciated.I am not familiar with Shale but you need to look there right? Shale has installed a phase listener. You are in the Restore View phase of the JSF lifecycle. Shale is executing a sendNotModified method which looks like it is try to resend the response, thus illegal state exception.
-
How to extend JCE in weblogic server7.0 when we also need SSL?
I met a problem when we develop a security module under weblogic7.0 server. I've copy the Bouncy Castle crypto package under the %bea_home%/jdk131_03/jre/lib/ext and modify the java.security file.
The server startup hasn't any problem. But when we use https://localhost:7002/console to visit the admin-console a exception occur:
<Error> <kernel> <000802> <ExecuteRequest failed java.lang.IllegalStateException: Cipher is uninitialised java.lang.IllegalStateException: Cipher is uninitialised at javax.crypto.Cipher.update(Cipher.java:804) at com.certicom.tls.provider.Cipher.update(Unknown Source) at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source) at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow n Source) at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un known Source) at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS ocket(Unknown Source) at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:744) at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:152) at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:133)
What should I do? Thank very much for you attention!I met a problem when we develop a security module
under weblogic7.0 server. I've copy the Bouncy Castle
crypto package under the
%bea_home%/jdk131_03/jre/lib/ext and modify the
java.security file.
The server startup hasn't any problem. But when we use
https://localhost:7002/console to visit the
admin-console a exception occur:
<Error> <kernel> <000802> <ExecuteRequest failed
java.lang.IllegalStateException: Cipher is
uninitialised java.lang.IllegalStateException: Cipher
is uninitialised at
javax.crypto.Cipher.update(Cipher.java:804) at
com.certicom.tls.provider.Cipher.update(Unknown
Source) at
com.certicom.tls.record.ReadHandler.readRecord(Unknown
Source) at
com.certicom.tls.record.ReadHandler.readUntilHandshakeC
mplete(Unknow n Source) at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.comple
eHandshake(Un known Source) at
com.certicom.net.ssl.CerticomContextWrapper.forceHandsh
keOnAcceptedS ocket(Unknown Source) at
weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThr
ad.java:744) at
weblogic.kernel.ExecuteThread.execute(ExecuteThread.jav
:152) at
weblogic.kernel.ExecuteThread.run(ExecuteThread.java:13
What should I do? Thank very much for you attention!Hi,
I experienced the same problem now, I am using wl 7.01. Can you forward me your solution. Thanks a lot.
Alex
[email protected] -
SSL when other JCE providers installed
All,
I'm using weblogic 7.0 and have SSL configured. IT works
fine when no other jce providers are installed. When
I install bouncycastle as a JCE provider and try to get to
"https://locahost:8081" using a browser, I get the following
exception
java.lang.IllegalStateException: Cipher not initialized
at javax.crypto.Cipher.update(DashoA6275)
at com.certicom.tls.provider.Cipher.update(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:744)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:152)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:133)
Any ideas...
-thanks
himaThanks for the information.
One problem seems to be in certicoms ReadHandler class
where the Cipher is being used without being initialized.
Any estimate on fixes for the problem
thanks
hima
"kirann" <[email protected]> wrote:
yes. 70 has problems in JCE co-existence with certicom ssl.
thanks
kiran.
"Hima" <[email protected]> wrote in message
news:3d9253df$[email protected]..
All,
I'm using weblogic 7.0 and have SSL configured. IT works
fine when no other jce providers are installed. When
I install bouncycastle as a JCE provider and try to get to
"https://locahost:8081" using a browser, I get the following
exception
java.lang.IllegalStateException: Cipher not initialized
at javax.crypto.Cipher.update(DashoA6275)
at com.certicom.tls.provider.Cipher.update(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
atcom.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
atcom.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
atcom.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedS
ocket(Unknown Source)
atweblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:744)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:152)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:133)
Any ideas...
-thanks
hima -
how do i open a web page with VeriSign Class 3 Extended Validation SSL SGC SS CA ?
Hi
I am not suprised no one answered your questions, there are simply to many of them. Can I suggest you read the faq on 'how to get help quickly at - http://forums.adobe.com/thread/470404.
Especially the section Don't which says -
DON'T
Don't post a series of questions in a single post. Splitting them into separate threads increases your chances of a quick answer.
PZ
www.pziecina.com -
IP Phone SSL VPN and Split tunneling
Hi Team,
I went throught the following document which is very useful:
https://supportforums.cisco.com/docs/DOC-9124
The only things i'm not sure about split-tunneling point:
Group-policy must not be configured with split tunnel or split exclude. Only tunnel all is the supported tunneling policy
I could see many implementation when they used split-tunneling, like one of my customer:
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
banner value This system is only for Authorized users.
dns-server value 10.64.10.13 10.64.10.14
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value prod.mobily.lan
address-pools value SSLClientPool
webvpn
anyconnect keep-installer installed
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect ask none default anyconnect
username manager-max password XTEsn4mfYvPwC5af encrypted privilege 15
username manager-max attributes
vpn-group-policy GroupPolicy1
tunnel-group PhoneVPN type remote-access
tunnel-group PhoneVPN general-attributes
address-pool SSLClientPool
authentication-server-group AD
default-group-policy GroupPolicy1
tunnel-group PhoneVPN webvpn-attributes
group-url https://84.23.107.10 enable
ip local pool SSLClientPool 10.200.18.1-10.200.18.254 mask 255.255.254.0
access-list split-tunnel remark split-tunnel network list
access-list split-tunnel standard permit 10.0.0.0 255.0.0.0
It is working for them w/o any issue.
My question would be
- is the limitation about split-tunneling still valid? If yes, why it is not recommended?
Thanks!
EvaHi,
If you're not using certificates in client authentication then the SSL handshake will complete before the user is requested to authenticate with username/password. If this authentication request fails you will see the SSL session terminated immediately following this failure (as in the logs you provided). Notice the 5 seconds between the SSL session establishment and termination, this is most likely when the user is being authenticated against the aaa server. If the phone is failing authentication against an external aaa-server you'll want to investigate the logs on that server to determine the root cause of the failure. The ASA can also provide confirmation of the authentication request/reject with the command 'show aaa-server'. If you want to see what's going on at an authentication protocol level you can enable several debugs including "debug aaa authentication|common|internal' and protocol specific debugs such as 'debug radius user|session|all' or 'debug ldap'.
Did this answer your question? If so, please mark it Answered! -
SSL VPN, "Login failed" and "WebVPN: error creating WebVPN session!"
Hi,
Just ran the wizard for Anyconnect SSL VPN, created a tunnel group, a vpn pool and added user to it. When trying to logon on the SSL service, it simply says "login failed". I suspect that the user might not be in correct groups or so?
some relevant config
webvpn
enable wan
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
group-policy vpnpolicy1 internal
group-policy vpnpolicy1 attributes
vpn-tunnel-protocol svc
tunnel-group admins type remote-access
tunnel-group admins general-attributes
address-pool sslpool2
default-group-policy vpnpolicy1
username myuser password 1234567890 encrypted privilege 15
username myuser attributes
vpn-group-policy vpnpolicy1
Debug:
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-867034168) and nh (-849922864)!
webvpn_add_auth_handle: auth_handle = 17
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
webvpn_session.c:http_webvpn_create_session[184]
WebVPN: error creating WebVPN session!
webvpn_remove_auth_handle: auth_handle = 17
webvpn_free_auth_struct: net_handle = CD5734D0
webvpn_allocate_auth_struct: net_handle = CD5734D0
webvpn_free_auth_struct: net_handle = CD5734D0AnyConnect says:
"The secure gateway has rejected the agents VPN connect or reconnect request. A new connection requires re-authentication and must be started manually. Please contact your network administrator if this problem persists.
The following message was received from the secure gateway: Host or network is 0"
Other resources indicate that it's either the tunnel group, or the address pool.. The address pool is:
ip local pool sslpool2 172.16.20.0-172.16.20.254 mask 255.255.255.0
asa01# debug webvpn 255
INFO: debug webvpn enabled at level 255.
asa01# debug http 255
debug http enabled at level 255.
asa01# webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_login_resolve_tunnel_group: tgCookie = NULL
webvpn_login_resolve_tunnel_group: tunnel group name from default
webvpn_login_resolve_tunnel_group: TG_BUFFER = DefaultWEBVPNGroup
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_not_resuming[3137]
webvpn_portal.c:http_webvpn_kill_cookie[790]
webvpn_auth.c:http_webvpn_pre_authentication[2321]
WebVPN: calling AAA with ewsContext (-845538720) and nh (-828624376)!
webvpn_add_auth_handle: auth_handle = 22
WebVPN: started user authentication...
webvpn_auth.c:webvpn_aaa_callback[5138]
WebVPN: AAA status = (ACCEPT)
webvpn_portal.c:ewaFormSubmit_webvpn_login[3203]
webvpn_portal.c:webvpn_login_validate_net_handle[2234]
webvpn_portal.c:webvpn_login_allocate_auth_struct[2254]
webvpn_portal.c:webvpn_login_assign_app_next[2272]
webvpn_portal.c:webvpn_login_cookie_check[2289]
webvpn_portal.c:webvpn_login_set_tg_buffer_from_form[2325]
webvpn_portal.c:webvpn_login_transcend_cert_auth_cookie[2359]
webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name =
webvpn_portal.c:webvpn_login_set_tg_cookie_form[2421]
webvpn_portal.c:webvpn_login_set_tg_cookie_querry_string[2473]
webvpn_portal.c:webvpn_login_resolve_tunnel_group[2546]
webvpn_portal.c:webvpn_login_negotiate_client_cert[2636]
webvpn_portal.c:webvpn_login_check_cert_status[2733]
webvpn_portal.c:webvpn_login_cert_only[2774]
webvpn_portal.c:webvpn_login_primary_username[2796]
webvpn_portal.c:webvpn_login_primary_password[2878]
webvpn_portal.c:webvpn_login_secondary_username[2910]
webvpn_portal.c:webvpn_login_secondary_password[2988]
webvpn_portal.c:webvpn_login_extra_password[3021]
webvpn_portal.c:webvpn_login_set_cookie_flag[3040]
webvpn_portal.c:webvpn_login_set_auth_group_type[3063]
webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4
webvpn_portal.c:webvpn_login_aaa_resuming[3093]
webvpn_auth.c:http_webvpn_post_authentication[1485]
WebVPN: user: (myuser) authenticated.
webvpn_auth.c:http_webvpn_auth_accept[2938]
HTTP: net_handle->standalone_client [0]
webvpn_session.c:http_webvpn_create_session[184]
webvpn_session.c:http_webvpn_find_session[159]
WebVPN session created!
webvpn_session.c:http_webvpn_find_session[159]
webvpn_remove_auth_handle: auth_handle = 22
webvpn_portal.c:ewaFormServe_webvpn_cookie[1805]
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C3208
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE9C3208
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C3208
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE863DE8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_allocate_auth_struct: net_handle = CE863DE8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE863DE8
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CE9C32C8
webvpn_auth.c:webvpn_auth[581]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
WebVPN: session has been authenticated.
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_allocate_auth_struct: net_handle = CE9C32C8
ewsStringSearch: no buffer
Close 0
webvpn_free_auth_struct: net_handle = CE9C32C8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:http_webvpn_find_session[159]
webvpn_allocate_auth_struct: net_handle = CC894AA8
webvpn_session.c:http_webvpn_find_session[159]
webvpn_session.c:webvpn_update_idle_time[1463]
Close 1043041832
webvpn_free_auth_struct: net_handle = CC894AA8 -
Hello everyone,
I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0 SP2
with WLP 7.0 SP2. Everythng is fine except for that we cannot use the same
SSL certificate. By defaul the private key is not encrypted with password
(SSL.KeyEncrypted = false by default, according to the documentations) in
both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script results the
following error:
<Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
<Inconsistent se
curity configuration, java.lang.Exception: Cannot read private key from file
C:\
bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
sure pa
ssword specified in environment property weblogic.management.pkpassword is
valid
.>
java.lang.Exception: Cannot read private key from file
C:\bea7\user_projects\age
ncyPortal\portal_islandinsurance_com-key.der. Make sure password specified
in en
vironment property weblogic.management.pkpassword is valid.
at
weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
ava:434)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
at weblogic.Server.main(Server.java:32)
Is this happening because the private key is actually encrypted with the
password? It was working, although the KeyEncrypted is not set to true and
the startup script for WLS 6.1 instance did have a line
with -Dweblogic.management.pkpassword. Or could this error be result of
something else? The physical machine the instances are located is the same
and IP address and the DNS entry hasn't been changed, either.
Any insight will be greatly appreciated. Thanks!
MakotoThanks Tony - it worked!!
"Tony" <TonyV> wrote in message news:[email protected]...
It may be because the private key is both unprotected and in DER format.
There are some things to try:
1) Convert the private key file from a DER file to a PEM file and try
that:
a) Follow the for converting an unprotected private key at:
http://e-docs.bea.com/wls/docs70/adminguide/utils.html#1143743
b) Look at the resulting PEM file, it should look something like
this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
(Be sure there is no extra lines or whitespace after thefooter)
>
c) Change your configuration to point at the PEM file
If that doesn work, then you can try protecting the key with apassword
using
the wlkeytool utility (It should be in the server/bin directory). The
tool should prompt
for a password to use to protect it:
wlkeytool inputkey.pem outputkey.pem
Then change your configuration to use the protected private key, andset
the passwod to use.
Tony
"Makoto Suzuki" <[email protected]> wrote in message
news:[email protected]...
Hello everyone,
I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0SP2
with WLP 7.0 SP2. Everythng is fine except for that we cannot use the
same
SSL certificate. By defaul the private key is not encrypted withpassword
(SSL.KeyEncrypted = false by default, according to the documentations)in
both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script resultsthe
following error:
<Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
<Inconsistent se
curity configuration, java.lang.Exception: Cannot read private key fromfile
C:\
bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
sure pa
ssword specified in environment property weblogic.management.pkpassword
is
valid
.>
java.lang.Exception: Cannot read private key from file
C:\bea7\user_projects\age
ncyPortal\portal_islandinsurance_com-key.der. Make sure passwordspecified
in en
vironment property weblogic.management.pkpassword is valid.
at
weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
ava:434)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
at weblogic.Server.main(Server.java:32)
Is this happening because the private key is actually encrypted with the
password? It was working, although the KeyEncrypted is not set to true
and
the startup script for WLS 6.1 instance did have a line
with -Dweblogic.management.pkpassword. Or could this error be result of
something else? The physical machine the instances are located is thesame
and IP address and the DNS entry hasn't been changed, either.
Any insight will be greatly appreciated. Thanks!
Makoto -
Hi,
we are about to implement SSL in ebs r12.0.4 to ensure that the user name and password get passed over the browser as encrypted(by default which is passed as simple text).
Now i am following metalink document Enabling SSL in Release 12 [ID 376700.1]
Initially i was testing with the demo certifcatest at the $INST_TOP/certs/Apache.
All the middle tier setups has been done.Then when i restarted the Application and tried to connect my url that get redirected to the SSL port correctly but then failed with following:--
500 Internal Server Error
java.lang.NoClassDefFoundError at oracle.apps.fnd.sso.AppsLoginRedirect.AppsSetting(AppsLoginRedirect.java:120)
at oracle.apps.fnd.sso.AppsLoginRedirect.init(AppsLoginRedirect.java:161)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.loadServlet(HttpApplication.java:2231)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.findServlet(HttpApplication.java:4617)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.findServlet(HttpApplication.java:4541)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:2821)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:740)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:451)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:299)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:187)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:230)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$800(ServerSocketAcceptHandler.java:33)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:831)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)Please help.
Edited by: Susmit on Dec 24, 2010 4:24 PMHi;
please check below notes:
"500 Internal Server Error - java.lang.NoClassDefFoundError: oracle.apps.fnd.profiles.Profiles" on 10G [ID 567554.1]
R12: Troubleshooting 500 Internal Server Error in Oracle E-Business suite [ID 813523.1]
Regard
Helios -
I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
DVD>Disk Utility>Erase Disk [or Recovery Partition>Disk Utility>Erase Partition]
DVD>Install Lion
Reboot, hopefully Lion install kicks in
Update, update, update Lion (NOT Lion Server yet) until no more updates
System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
Terminal>$ sudo scutil --set HostName server.domain.com
App Store>Install Lion Server and run through the Setup
Download install Server Admin Tools, then update, update, update until no more updates
Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
A few DNS set-up steps and these most important steps:
A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
I. Test from web browser server.domain.com/mydevices: Lock Device to test
J. ??? Profit
12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
Firewall
Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
SSH
Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
client$ ssh-keygen -t rsa -b 2048 -C client_name
[Securely copy ~/.ssh/id_rsa.pub from client to server.]
server$ cat id_rsa.pub > ~/.ssh/known_hosts
I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
$ diff denyhosts.cfg-dist denyhosts.cfg
12c12
< SECURE_LOG = /var/log/secure
> #SECURE_LOG = /var/log/secure
22a23
> SECURE_LOG = /var/log/secure.log
34c35
< HOSTS_DENY = /etc/hosts.deny
> #HOSTS_DENY = /etc/hosts.deny
40a42,44
> #
> # Mac OS X Lion Server
> HOSTS_DENY = /private/etc/hosts.deny
195c199
< LOCK_FILE = /var/lock/subsys/denyhosts
> #LOCK_FILE = /var/lock/subsys/denyhosts
202a207,208
> LOCK_FILE = /var/denyhosts/denyhosts.pid
> #
219c225
< ADMIN_EMAIL =
> ADMIN_EMAIL = [email protected]
286c292
< #SYSLOG_REPORT=YES
> SYSLOG_REPORT=YES
Network Accounts
User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
Oh well.
Email
Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
root: myname
admin: myname
sysadmin: myname
certadmin: myname
webmaster: myname
my_alternate: myname
Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
cd /etc/postfix
sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
sudo serveradmin stop mail
sudo serveradmin start mail
Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
iCal Server
Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
Web
The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
$ diff httpd.conf.default httpd.conf
95c95
< #LoadModule ssl_module libexec/apache2/mod_ssl.so
> LoadModule ssl_module libexec/apache2/mod_ssl.so
111c111
< #LoadModule php5_module libexec/apache2/libphp5.so
> LoadModule php5_module libexec/apache2/libphp5.so
139,140c139,140
< #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
< #LoadModule encoding_module libexec/apache2/mod_encoding.so
> LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
> LoadModule encoding_module libexec/apache2/mod_encoding.so
146c146
< #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
> LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
177c177
< ServerAdmin [email protected]
> ServerAdmin [email protected]
186c186
< #ServerName www.example.com:80
> ServerName domain.com:443
677a678,680
> # Server-specific configuration
> # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
> Include /etc/apache2/mydomain/*.conf
I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
Alias /eyetv /Users/uname/Sites/EyeTV
<Directory "/Users/uname/Sites/EyeTV">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
<Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
User-agent: *
Disallow: /
Misc
VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.Privacy Enhancing Filtering Proxy and SSH Tunnel
Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
$ ./ssht 8080:[email protected]:3128
$ ./ssht 8080:alice@:
$ ./ssht 8080:
$ ./ssht 8018::8123
$ ./ssht 5901::5900 [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
$ vi ./ssht
#!/bin/sh
# SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
USERNAME_DEFAULT=username
HOSTNAME_DEFAULT=domain.com
SSHPORT_DEFAULT=22
# SSH port forwarding specs, e.g. 8080:localhost:3128
LOCALHOSTPORT_DEFAULT=8080 # Default is http proxy 8080
REMOTEHOST_DEFAULT=localhost # Default is localhost
REMOTEPORT_DEFAULT=3128 # Default is Squid port
# Parse ssh port and tunnel details if specified
SSHPORT=$SSHPORT_DEFAULT
TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
while [ "$1" != "" ]
do
case $1
in
-p) shift; # -p option
SSHPORT=$1;
shift;;
*) TUNNEL_DETAILS=$1; # 1st argument option
shift;;
esac
done
# Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
shopt -s extglob # needed for +(pattern) syntax; man sh
LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
USERNAME=$USERNAME_DEFAULT
HOSTNAME=$HOSTNAME_DEFAULT
REMOTEHOST=$REMOTEHOST_DEFAULT
REMOTEPORT=$REMOTEPORT_DEFAULT
# LOCALHOSTPORT
CDR=${TUNNEL_DETAILS#+([0-9]):} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
LOCALHOSTPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEPORT
CDR=${TUNNEL_DETAILS%:+([0-9])} # delete shortest trailing :+([0-9])
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEHOST
CDR=${TUNNEL_DETAILS%:*} # delete shortest trailing :*
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEHOST=$CAR
fi
TUNNEL_DETAILS=$CDR
# USERNAME
CDR=${TUNNEL_DETAILS#*@} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%@} # delete @
if [ "$CAR" != "" ] # leading or trailing port specified
then
USERNAME=$CAR
fi
TUNNEL_DETAILS=$CDR
# HOSTNAME
HOSTNAME=$TUNNEL_DETAILS
if [ "$HOSTNAME" == "" ] # no hostname given
then
HOSTNAME=$HOSTNAME_DEFAULT
fi
ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
&& echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
|| echo "SSH tunnel FAIL." -
Error while adding a connector for SSL..help!!!
i'm getting this error when i added a connector for SSL and restarted tomcat
my connector tag is
<Connector keystorePass="kalima" scheme="https" port="8443" sslProtocol="TLS" redirectPort="-1" enableLookups="true" keystoreFile="Mykeystore" protocol="TLS" keystore="C:\Documents and Settings\santhoshyma\Mykeystore" clientauth="false" algorithm="SunX509" keypass="changeit" secure="true" keytype="JKS">
<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" keystorePass="kalima" keystoreFile="C:\SSLTest\Mykeystore"/>
</Connector>
LifecycleException: Protocol handler instantiation failed: java.lang.NullPointe
rException
at org.apache.coyote.tomcat5.CoyoteConnector.initialize(CoyoteConnector.
java:1368)
at org.apache.catalina.core.StandardService.initialize(StandardService.j
ava:609)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav
a:2384)
at org.apache.catalina.startup.Catalina.load(Catalina.java:507)
at org.apache.catalina.startup.Catalina.load(Catalina.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:250)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:424)The question is answered in CRM 7.0 forum:
Getting error while adding a custom field (with input help) through AET -
Error while invoking web service over SSL
While making a SSL Connections to web service i am getting the below mentioned error in spite of configuring the certificate provided by the client onto WLS.
I tried adding the certificate to the default DemoTrust and DemoIdentity Keystores. The error still persisted.
I also tried importing the certificate(into cacerts keystore) as Java Standard Trust as well as tried pointing it to the custom keystores. None of it worked :(
Could somebody please give a solution to resolve this error ASAP.
The error is:
Message:exception occured, due to org.apache.axis2.AxisFault: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.apache.axis2.AxisFault: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:83)
at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:542)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:76)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:400)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:225)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:435)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at com.intel.services.warrantyservice.Get_Warranty_Details_OutServiceStub.get_Warranty_Details_Out(Get_Warranty_Details_OutServiceStub.java:184)
at com.intel.www.PortalServices.PortalServicesSOAPImpl.getWarrantyDetails(PortalServicesSOAPImpl.java:1865)
at com.intel.www.PortalServices.PortalServicesSOAPSkeleton.getWarrantyDetails(PortalServicesSOAPSkeleton.java:213)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at weblogic.xml.stax.XMLWriterBase.flush(XMLWriterBase.java:504)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:168)
at org.apache.axis2.databinding.utils.writer.MTOMAwareXMLSerializer.flush(MTOMAwareXMLSerializer.java:79)
at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:94)
at org.apache.axiom.om.impl.llom.OMSourcedElementImpl.internalSerializeAndConsume(OMSourcedElementImpl.java:738)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:966)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerializeAndConsume(OMElementImpl.java:995)
at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.serializeInternally(SOAPEnvelopeImpl.java:254)
at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:242)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerializeAndConsume(OMElementImpl.java:995)
at org.apache.axiom.om.impl.llom.OMNodeImpl.serializeAndConsume(OMNodeImpl.java:486)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:79)
... 48 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:278)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
at java.io.BufferedWriter.flush(BufferedWriter.java:236)
at weblogic.xml.stax.XMLWriterBase.flush(XMLWriterBase.java:502)
... 59 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 74 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 80 moreWhich version/platform are you using?
The thing you need to consider here is that the JDev proxy settings do not affect the BPEL server.
So if the BPEL server cannot connect to your webservice, it will not be because of any Jdev setting.
Check the proxy settings on your BPEL server (on 10.1.2 developer install it will be in obsetenv.bat, on 10.1.3 it will be a commandline property of the JVM - see AS Control administration page for the JVM)
Maybe you are looking for
-
Find special characters in string (using mask)
Hi all, I have the following requirement, perhaps someone has got a hint for me: I have got a string of 255 characters. I want to realize that this string only contains characters of a "normal" format, like a-z, A-Z and numbers. Any characters like ,
-
Hello, I want to apply Custom Queueing or Priority Queueing or CBWFG in async interface but it doesn't work the interface is corresponding as FIFO. I can't find in cisco site if there is restrictions in QoS in ASync interfaces
-
hi, Pl suggest whether workflow and idoc(ALE/EDI) are same ?
-
IOS Update failed on Catalyst C2960S-48LPS-L
Hi Community, i've got a little problem to update IOS 12.2(55)SE5 on a 2690S-49PLS-L switch File: c2960s-universalk9-tar.150-2.SE6.tar why? I took 2 Switches out of the box, one runs IOS 12,2 the other 15.0, stack doesn't work. tried 3 options to upg
-
Synchronizing Nano to iTunes library
I think that I make a basic mistake when I set up iTunes & did my transfers to my Nano. As I currently understand things when you look at all tracks in your library on iTunes you should have a tick market besides any tracks that you wish to have put