野蝇 + https
WildFly + https
使用 WildFly 8.1。0.Final 我在连接到 https 资源 (JAX-RS) 时遇到问题。
我有以下 web.xml:
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>someresource</web-resource-name>
<description/>
<url-pattern>/webresources/somepath/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>somerole</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
<!--<realm-name>file</realm-name>-->
</login-config>
<security-role>
<description>somerole</description>
<role-name>somerole</role-name>
</security-role>
</web-app>
虽然我有一个自定义的 glassfish-web.xml:
,但它适用于 GlassFish 4.1
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<context-root>/some-module-1.0-SNAPSHOT</context-root>
<security-role-mapping>
<role-name>somerole</role-name>
<principal-name>someuser</principal-name>
<group-name>somegroup</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
如果我省略 user-data-constraint 部分,它也可以正常工作。
但是在浏览器中启用此部分后 http://localhost:8080 gets redirected to https://localhost:8443 我收到以下错误(德语):
Fehler: Verbindung fehlgeschlagen
当我尝试将 Wink 客户端连接到 https URL 时,出现以下错误:
Exception in thread "main" org.apache.wink.client.ClientRuntimeException: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:241)
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:189)
at org.apache.wink.client.internal.ResourceImpl.invokeNoException(ResourceImpl.java:181)
at org.apache.wink.client.internal.ResourceImpl.get(ResourceImpl.java:311)
at somepackage.rest.client.wink.SomeWinkClient.getFoo(SomeWinkClient.java:61)
at somepackage.rest.Main.main(Main.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:57)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.internal.handlers.AcceptHeaderHandler.handle(AcceptHeaderHandler.java:79)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.handlers.BasicAuthSecurityHandler.handle(BasicAuthSecurityHandler.java:71)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:228)
... 10 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.processRequest(HttpURLConnectionHandler.java:97)
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:54)
... 16 more
更新
我按照@hwellmann 的建议添加了 https-listener 配置:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="default-ssl" socket-binding="https" security-realm="SSLRealm"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
和
<security-realm name="SSLRealm">
<server-identities>
<ssl>
<keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="somepwd" alias="wildfly-local" key-password="somepwd"/>
</ssl>
</server-identities>
</security-realm>
我在 standalone\configuration 使用以下方法创建了一个密钥库:
keytool -genkey -alias wildfly-local -keyalg RSA -keypass somepwd -storepass somepwd -keystore keystore.jks -validity 9999
但我仍然遇到同样的错误。
您 standalone.xml 的 undertow 子系统中是否有 https-listener?这不是默认配置的。
你需要的是
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<!-- ... -->
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https-ext"/>
<https-listener name="default-ssl" socket-binding="https" security-realm="MySslRealm"/>
</server>
<!-- ... -->
</subsystem>
并且您需要使用密钥库配置安全领域,有关详细信息,请参阅this blog。
使用 WildFly 8.1。0.Final 我在连接到 https 资源 (JAX-RS) 时遇到问题。
我有以下 web.xml:
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>someresource</web-resource-name>
<description/>
<url-pattern>/webresources/somepath/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>somerole</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
<!--<realm-name>file</realm-name>-->
</login-config>
<security-role>
<description>somerole</description>
<role-name>somerole</role-name>
</security-role>
</web-app>
虽然我有一个自定义的 glassfish-web.xml:
,但它适用于 GlassFish 4.1<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<context-root>/some-module-1.0-SNAPSHOT</context-root>
<security-role-mapping>
<role-name>somerole</role-name>
<principal-name>someuser</principal-name>
<group-name>somegroup</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
如果我省略 user-data-constraint 部分,它也可以正常工作。
但是在浏览器中启用此部分后 http://localhost:8080 gets redirected to https://localhost:8443 我收到以下错误(德语):
Fehler: Verbindung fehlgeschlagen
当我尝试将 Wink 客户端连接到 https URL 时,出现以下错误:
Exception in thread "main" org.apache.wink.client.ClientRuntimeException: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:241)
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:189)
at org.apache.wink.client.internal.ResourceImpl.invokeNoException(ResourceImpl.java:181)
at org.apache.wink.client.internal.ResourceImpl.get(ResourceImpl.java:311)
at somepackage.rest.client.wink.SomeWinkClient.getFoo(SomeWinkClient.java:61)
at somepackage.rest.Main.main(Main.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:57)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.internal.handlers.AcceptHeaderHandler.handle(AcceptHeaderHandler.java:79)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.handlers.BasicAuthSecurityHandler.handle(BasicAuthSecurityHandler.java:71)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:228)
... 10 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.processRequest(HttpURLConnectionHandler.java:97)
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:54)
... 16 more
更新
我按照@hwellmann 的建议添加了 https-listener 配置:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="default-ssl" socket-binding="https" security-realm="SSLRealm"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
和
<security-realm name="SSLRealm">
<server-identities>
<ssl>
<keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="somepwd" alias="wildfly-local" key-password="somepwd"/>
</ssl>
</server-identities>
</security-realm>
我在 standalone\configuration 使用以下方法创建了一个密钥库:
keytool -genkey -alias wildfly-local -keyalg RSA -keypass somepwd -storepass somepwd -keystore keystore.jks -validity 9999
但我仍然遇到同样的错误。
您 standalone.xml 的 undertow 子系统中是否有 https-listener?这不是默认配置的。
你需要的是
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<!-- ... -->
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https-ext"/>
<https-listener name="default-ssl" socket-binding="https" security-realm="MySslRealm"/>
</server>
<!-- ... -->
</subsystem>
并且您需要使用密钥库配置安全领域,有关详细信息,请参阅this blog。