I'm writing a fairly simple Spring Integration flow that processes some data and subsequently sends a message to a websocket that exists in my SSL enabled web server to notify clients of new data.
The initial GET request to my websocket succeeds and the application cert is sent to the server correctly. However when the second request is sent to upgrade the connection to websocket, it no longer sends the application cert and I get a 403 Forbidden server response.
Is there any special configuration in the WebSocketContainer or WebSocketClient that I need to set up to make sure my certificate is always passed to the web server? I'm using STOMP over SockJS for the client.
Related
I am writing an HTTPS proxy in play framework, yet every time I try to run it on a website that has ssl encryption I am getting this error in my server:
akka.actor.ActorSystemImpl(play-dev-mode) Illegal request, responding with status '400 Bad Request': CONNECT requests are not suppo
rted: Rejecting CONNECT request to '//any.website:443'
The proxy works well on HTTP, yet HTTPS is the problem. I tried changing my application.conf to have a port destined to work on HTTPS, but when I try to run it with the keystore i setup using the keytool command I am getting the following error in my browser:
Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Any workaround to allow HTTPS on a play framework proxy server?
I have application that need to call Rest service, to do authentication process. The service and my application are in a same server. I used Spring RestTemplate to call it. When it tested in localhost, it works perfectly. But when I deploy it to the cloud server (in this case, Jelastic) I get this error:
I/O error on GET request for "[my_rest_service_address]":Connection refused; nested exception is java.net.ConnectException: Connection refused
All the code is follow this doc : http://docs.spring.io/spring/docs/3.0.x/javadoc-api/org/springframework/web/client/RestTemplate.html. Only the url that changed to my rest url.
Is it happened because jelastic server blocked outbound request? But, both the service and my application are in the same server, why it still blocked?
Please explain to me, what is the problem? Thanks
The http 401 code means that the user that made the request is not authenticated. It can be the user of your webapp or the user used for the rest call.
It can for example that different credentials are used in prod and test, different security schemes in each environment, etc.
I have a Java WebSocket server running on GlassFish, and users are to connect using client TLS certificates that we give them. The distinguished name from the certificate is what we used to identify the user. Once a connection has been made to a ServerEndpoint, my #OnOpen method is called and given a Session object.
I can tell if session.isSecure(), but nothing more than that. The Session object gives me no visibility into the properties of the TLS connection. How do I fetch the distinguished name of a client when they're connected via WebSocket?
I believe you can only do that in the websocket handshake (see here for an idea).
Websocket are "upgraded" from a HTTP request and the details of the request are available only during that upgrade request. You could try to extract the user principal from the HandshakeRequest, which normally should get you a X500Principal.
We are trying to connect to ISA server over HTTPS from SOAP UI client. The ISA server redirects the URL to the required windows server within the organization.
When u send a request from SOAP UI client, we get "Remote host closed connection during handshake" error.
We have not changed any parameters on SOAP UI client or as read in few other blogs have not imported any certificates. Is importing certificate mandatory?
How do we go about to get succesful connection.
-Anand
The issue is resolved. The cretificate on ISA server was not deployed properly. The network admin team re-depolyed the certificates and the rule works fine.
I am connecting to a WCF web service with a Java client I am constructing. Someone else has already successfully built WCF clients to connect to this service. The WSDL available via HTTP provides Message Level Security. The WSDL available via HTTPS uses both TLS and Message Level Security. I understand that using TLS on top of Message Level Security is basically dual-encrypting, but that is a key requirement.
Since I can connect to the HTTP service correctly, I believe I have all the trust store and key store issues resolved.
I am connecting to the service using Metro 2.1.1. I have built the client in both Eclipse and Netbeans. I fetch the WSDL from the HTTP site, and using wsimport (with the -extensions flag) I build and execute the clients successfully.
When I fetch the WSDL using the HTTPS site I can again build both clients successfully. But when I execute them - I get the following error:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message.
at com.sun.xml.ws.fault.SOAP12Fault.getProtocolException(SOAP12Fault.java:225)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy43.request(Unknown Source)
The only difference between the two WSDLs (the one fetched via HTTP and the other via HTTPS) is the reference in the WSDL to HTTPS:// vs. HTTP://.
I do not have easy access to the WCF service logs - normally there is a 3-6 hour delay between when I request a set of logs and when I can view them.
My question is has anyone encountered a similar circumstance - and is there something I am blatantly missing here? Is there something in a NetMon or Wireshark trace I can look for to see that the issue is? I have been struggling with this for days - any help would be most appreciated.
If you have access to the service configuration try disabling security context on the endpoint you're using:
<message establishSecurityContext="False" clientCredentialType="UserName"/>
You can read more about security context token (SCT):
Security Context Token
Message security knobs
Java client for WCF service with wsHttpBinding over SSL