1. 首页
  2. 问答
  3. WildFly + https

WildFly + https

2015-10-06 46 views
0

使用WildFly 8.1.0.Final我有连接到https资源(JAX-RS)的问题。WildFly + https

我有以下的web.xml:

<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"> 
    <session-config> 
     <session-timeout>30</session-timeout> 
    </session-config> 
    <security-constraint> 
     <display-name>Constraint1</display-name> 
     <web-resource-collection> 
      <web-resource-name>someresource</web-resource-name> 
      <description/> 
      <url-pattern>/webresources/somepath/*</url-pattern> 
     </web-resource-collection> 
     <auth-constraint> 
      <description/> 
      <role-name>somerole</role-name> 
     </auth-constraint> 
     <user-data-constraint> 
      <description/> 
      <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
     </user-data-constraint> 
    </security-constraint> 
    <login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name>ApplicationRealm</realm-name> 
     <!--<realm-name>file</realm-name>--> 
    </login-config> 
    <security-role> 
     <description>somerole</description> 
     <role-name>somerole</role-name> 
    </security-role> 
</web-app>

这正常工作与GlassFish的4.1,但我有一个自定义的GlassFish-web.xml中:

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd"> 
<glassfish-web-app error-url=""> 
    <context-root>/some-module-1.0-SNAPSHOT</context-root> 
    <security-role-mapping> 
    <role-name>somerole</role-name> 
    <principal-name>someuser</principal-name> 
    <group-name>somegroup</group-name> 
    </security-role-mapping> 
    <class-loader delegate="true"/> 
    <jsp-config> 
    <property name="keepgenerated" value="true"> 
     <description>Keep a copy of the generated servlet class' java code.</description> 
    </property> 
    </jsp-config> 
</glassfish-web-app>

它也工作正常,如果我请忽略user-data-constraint部分。

但本节中的浏览器http://localhost:8080然后启用被重定向到https://localhost:8443,我发现了以下错误(德国):

Fehler: Verbindung fehlgeschlagen

当我尝试了一个眼色客户端连接到HTTPS URL ,我发现了以下错误:

Exception in thread "main" org.apache.wink.client.ClientRuntimeException: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect 
    at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:241) 
    at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:189) 
    at org.apache.wink.client.internal.ResourceImpl.invokeNoException(ResourceImpl.java:181) 
    at org.apache.wink.client.internal.ResourceImpl.get(ResourceImpl.java:311) 
    at somepackage.rest.client.wink.SomeWinkClient.getFoo(SomeWinkClient.java:61) 
    at somepackage.rest.Main.main(Main.java:30) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:606) 
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140) 
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect 
    at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:57) 
    at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52) 
    at org.apache.wink.client.internal.handlers.AcceptHeaderHandler.handle(AcceptHeaderHandler.java:79) 
    at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52) 
    at org.apache.wink.client.handlers.BasicAuthSecurityHandler.handle(BasicAuthSecurityHandler.java:71) 
    at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52) 
    at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:228) 
    ... 10 more 
Caused by: java.net.ConnectException: Connection refused: connect 
    at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method) 
    at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85) 
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) 
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) 
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) 
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) 
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) 
    at java.net.Socket.connect(Socket.java:579) 
    at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) 
    at sun.net.NetworkClient.doConnect(NetworkClient.java:175) 
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) 
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) 
    at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275) 
    at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) 
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) 
    at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.processRequest(HttpURLConnectionHandler.java:97) 
    at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:54) 
    ... 16 more

更新

我添加了HTTPS监听器的配置由@hwellmann的建议:

<subsystem xmlns="urn:jboss:domain:undertow:1.1"> 
      <buffer-cache name="default"/> 
      <server name="default-server"> 
       <http-listener name="default" socket-binding="http"/> 
       <https-listener name="default-ssl" socket-binding="https" security-realm="SSLRealm"/> 
       <host name="default-host" alias="localhost"> 
        <location name="/" handler="welcome-content"/> 
        <filter-ref name="server-header"/> 
        <filter-ref name="x-powered-by-header"/> 
       </host> 
      </server> 
      <servlet-container name="default"> 
       <jsp-config/> 
      </servlet-container> 
      <handlers> 
       <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> 
      </handlers> 
      <filters> 
       <response-header name="server-header" header-name="Server" header-value="WildFly/8"/> 
       <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/> 
      </filters> 
     </subsystem> 


  <security-realm name="SSLRealm"> 
      <server-identities> 
       <ssl> 
        <keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="somepwd" alias="wildfly-local" key-password="somepwd"/> 
       </ssl> 
      </server-identities> 
     </security-realm>

我创建了一个密钥存储在standalone\configuration使用:

keytool -genkey -alias wildfly-local -keyalg RSA -keypass somepwd -storepass somepwd -keystore keystore.jks -validity 9999

但我仍然得到相同的错误。

来源

2015-10-06 Puce

+0

如果您只是在浏览器中尝试访问https:// localhost:8443 /,会发生什么情况?你是否在检查server.log的过程中遇到任何错误? –

回答

1

您在standalone.xmlundertow子系统中有https-listener吗?这不是默认配置的。

你需要的是

<subsystem xmlns="urn:jboss:domain:undertow:2.0"> 
     <!-- ... --> 
     <server name="default-server"> 
      <http-listener name="default" socket-binding="http" redirect-socket="https-ext"/> 
      <https-listener name="default-ssl" socket-binding="https" security-realm="MySslRealm"/> 
     </server> 
     <!-- ... --> 
    </subsystem>

,你需要有一个密钥库配置安全领域,看到this blog了解更多详情。

来源

2015-10-07 07:38:50

+0

我所拥有的是'。但这是一个默认配置。我没有更改standalone.xml。我应该在哪个部分配置什么? – Puce

+1

添加了“https-listener”来回答。 –

+0

在我的简单案例“ApplicationRealm”中是安全领域? – Puce

 相关问题

  • 暂无相关问题^_^