Re: Httpclient under weblogic 7.0
I will check it out. Thanks. - Original Message - From: "Kalnichevski, Oleg" <[EMAIL PROTECTED]> To: "Commons HttpClient Project" <[EMAIL PROTECTED]> Sent: Wednesday, May 28, 2003 12:45 AM Subject: RE: Httpclient under weblogic 7.0 Om, I strongly recommend to upgrade to beta-1 release (currently available through CVS only) or the latest nightly build. As far as I can see from the trace log you are still running an old version (most probably 2.0a3) I'll be working on an SSL guide this weekend. So, stay tuned Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 08:49 To: Commons HttpClient Project Subject: Re: Httpclient under weblogic 7.0 Adrian Sutton wrote: > I'd also point you to the HTTPS guide but Oleg hasn't written it yet > . There still is the (short) one httpclient/docs/USING_HTTPS.txt Browse it online here: http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/docs/USING_HTTPS.tx t?rev=1.4&content-type=text/vnd.viewcvs-markup - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
I am happy to reoport that HttpClient works with Sun's JSSE under weblogic 7.0. I installed the JSSE jars as extensions (jre/lib/ext), and set the provider information explicitly in the code instead of java.security file. System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.ww w.protocol"); java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); I also added the server certificates to cacerts file. One small twist here was the fact that I had to add all the certificates in the server certificate chain since Entrust (the root CA used) is not available by default in the original cacerts file shipped by Sun. I am still unable to get HttpClient working with weblogic's native SSL implementation. I think this may be related to the policy setup. As per weblogic's example, I only set the following property...there is no equivalent addProvider call. System.setProperty("java.protocol.handler.pkgs", "weblogic.net"); Good for now. Om. - Original Message - From: "Vamsi Atluri" <[EMAIL PROTECTED]> To: "Commons HttpClient Project" <[EMAIL PROTECTED]> Sent: Tuesday, May 27, 2003 7:34 PM Subject: Re: Httpclient under weblogic 7.0 > Hi Om, > > I recently had to use HttpClient to make some SSL connections from with in > a session bean deployed in WebLogic 7.0. I had a problem where the SSL > handshake never goes through. I am using JSSE for SSL though. I did the > following steps to get it working: > > 1) moved the JDK to 1.4.1 > 2) added jsse.jar, httpclient.jar, jnet.jar and jcert.jar to the > POST_CLASSPATH in startWebLogic.cmd (so that they will be tacked on to > CLASSPATH) > 2) added the certificate of the host i am connecting to (xxx.cer) cacerts > in the JDK and also the cacerts under \bea\weblogic700\server\lib\. > 2.1) the way to do this is "keytool -import -keystore "path to > cacerts" -file "path to xxx.cer" > 2.2) the default password for the keystore is "changeit" :-) > 3) add the following argument to the weblogic.Server command: > -Dweblogic.security.SSL.trustedCAKeyStore=c"path to cacerts" > > Hope this helps. > > -Vamsi > > --- Om Narayan <[EMAIL PROTECTED]> wrote: > > I am trying to use httpclient with weblogic 7.0. > > It works fine without SSL, but when I try to use https urls it just sits > > there hanging. If I use weblogic's apis, the program works fine (btw, I > > am using the sslclient example that comes with weblogic). > > I am using weblogic's implementation of SSL (not Sun's JSSE). Is there > > any special setup/installation necessary? > > > > Om. > > > > > __ > Do you Yahoo!? > Yahoo! Calendar - Free online calendar with sync to Outlook(TM). > http://calendar.yahoo.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
Om, I'm wondering if the java.net.ssl.SSLSocketFactory is being configured correctly. I notice that you are using weblogic.net.http.HttpsURLConnection. Does your example also work if you do url.openConnection()? If not, then the Weblogic SSLSocketFactory is not registered correctly. By default, when opening SSL connections, HttpClient calls SSLSocketFactory.getDefault() to obtain a socket factory for creating SSL sockets. If this does not return a usable SocketFactory then things will not work. Assuming that SSLSocketFactory is not correctly configured you have two options: 1) Register the Weblogic SocketFactory with the SSLSocketFactory. This can probably be done by setting some system properties or registering a provider with Security.addProvider(). You will probably have to look into Sun's docs a little. 2) Create a custom HttpClient ProtocolSocketFactory. Take a look at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory for how to implement this. This socket factory must then must be registered with Protocol.registerProtocol(). Good luck. Mike On Tuesday, May 27, 2003, at 08:12 PM, Om Narayan wrote: I am trying to use httpclient with weblogic 7.0. It works fine without SSL, but when I try to use https urls it just sits there hanging. If I use weblogic's apis, the program works fine (btw, I am using the sslclient example that comes with weblogic). I am using weblogic's implementation of SSL (not Sun's JSSE). Is there any special setup/installation necessary? Om. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Httpclient under weblogic 7.0
Om, I strongly recommend to upgrade to beta-1 release (currently available through CVS only) or the latest nightly build. As far as I can see from the trace log you are still running an old version (most probably 2.0a3) I'll be working on an SSL guide this weekend. So, stay tuned Oleg -Original Message- From: Ortwin Glück [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 08:49 To: Commons HttpClient Project Subject: Re: Httpclient under weblogic 7.0 Adrian Sutton wrote: > I'd also point you to the HTTPS guide but Oleg hasn't written it yet > . There still is the (short) one httpclient/docs/USING_HTTPS.txt Browse it online here: http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/docs/USING_HTTPS.txt?rev=1.4&content-type=text/vnd.viewcvs-markup - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
Adrian Sutton wrote: I'd also point you to the HTTPS guide but Oleg hasn't written it yet . There still is the (short) one httpclient/docs/USING_HTTPS.txt Browse it online here: http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/docs/USING_HTTPS.txt?rev=1.4&content-type=text/vnd.viewcvs-markup - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
I am connecting to a well known site (www.dell.com!!!) and as seen from the trace, if I use the weblogic classes, I can make the https connection without any problem, but not when using the httpclient classes. So unless these two implementations are using different cacerts files (weblogic uses the one under weblogic700/server/lib directory), the behaviour is hard to explainmaybe the httpclient uses cacerts file from jre/lib/security directoryI will check it out. regards, Om. - Original Message - From: "Adrian Sutton" <[EMAIL PROTECTED]> To: "Commons HttpClient Project" <[EMAIL PROTECTED]> Sent: Tuesday, May 27, 2003 8:31 PM Subject: Re: Httpclient under weblogic 7.0 > Bingo! :) You're using a self-signed certificate or at least a SSL > certificate that isn't trusted by Weblogic. Take a look at the easy > trust manager in the contrib directory, you may have to adapt it for > Weblogic's SSL implementation, I'm not sure. > > The code is at: > > http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/src/contrib/ > org/apache/commons/httpclient/contrib/ssl/ > > Not sure why it showed up as HttpClient hanging though as it's clearly > throwing an exception but HttpClient seems to be ignoring that and > trying to read from the socket anyway. I'll have to run some tests to > see what's going on there. Either way, Vamsi's advice on adding the > cert to your trusted keystore or the use of the Easy TrustManager > should fix the problem for you. > > Regards, > > Adrian Sutton. > On Wednesday, May 28, 2003, at 12:25 PM, Om Narayan wrote: > > > Exception while writing data > Closed, > > possi > > ble SSL handshaking or trust failure > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
Yes. I am trying to stay away from having to use Sun's JSSE since weblogic already comes with one already. I will give it a try though. I don't have the option to move to jdk 1.4, so will try adding the jar files as extensions. Thanks. Om. - Original Message - From: "Vamsi Atluri" <[EMAIL PROTECTED]> To: "Commons HttpClient Project" <[EMAIL PROTECTED]> Sent: Tuesday, May 27, 2003 7:34 PM Subject: Re: Httpclient under weblogic 7.0 > Hi Om, > > I recently had to use HttpClient to make some SSL connections from with in > a session bean deployed in WebLogic 7.0. I had a problem where the SSL > handshake never goes through. I am using JSSE for SSL though. I did the > following steps to get it working: > > 1) moved the JDK to 1.4.1 > 2) added jsse.jar, httpclient.jar, jnet.jar and jcert.jar to the > POST_CLASSPATH in startWebLogic.cmd (so that they will be tacked on to > CLASSPATH) > 2) added the certificate of the host i am connecting to (xxx.cer) cacerts > in the JDK and also the cacerts under \bea\weblogic700\server\lib\. > 2.1) the way to do this is "keytool -import -keystore "path to > cacerts" -file "path to xxx.cer" > 2.2) the default password for the keystore is "changeit" :-) > 3) add the following argument to the weblogic.Server command: > -Dweblogic.security.SSL.trustedCAKeyStore=c"path to cacerts" > > Hope this helps. > > -Vamsi > > --- Om Narayan <[EMAIL PROTECTED]> wrote: > > I am trying to use httpclient with weblogic 7.0. > > It works fine without SSL, but when I try to use https urls it just sits > > there hanging. If I use weblogic's apis, the program works fine (btw, I > > am using the sslclient example that comes with weblogic). > > I am using weblogic's implementation of SSL (not Sun's JSSE). Is there > > any special setup/installation necessary? > > > > Om. > > > > > __ > Do you Yahoo!? > Yahoo! Calendar - Free online calendar with sync to Outlook(TM). > http://calendar.yahoo.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
Bingo! :) You're using a self-signed certificate or at least a SSL certificate that isn't trusted by Weblogic. Take a look at the easy trust manager in the contrib directory, you may have to adapt it for Weblogic's SSL implementation, I'm not sure. The code is at: http://cvs.apache.org/viewcvs/jakarta-commons/httpclient/src/contrib/ org/apache/commons/httpclient/contrib/ssl/ Not sure why it showed up as HttpClient hanging though as it's clearly throwing an exception but HttpClient seems to be ignoring that and trying to read from the socket anyway. I'll have to run some tests to see what's going on there. Either way, Vamsi's advice on adding the cert to your trusted keystore or the use of the Easy TrustManager should fix the problem for you. Regards, Adrian Sutton. On Wednesday, May 28, 2003, at 12:25 PM, Om Narayan wrote: Exception while writing data possi ble SSL handshaking or trust failure - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
Hi Om, I recently had to use HttpClient to make some SSL connections from with in a session bean deployed in WebLogic 7.0. I had a problem where the SSL handshake never goes through. I am using JSSE for SSL though. I did the following steps to get it working: 1) moved the JDK to 1.4.1 2) added jsse.jar, httpclient.jar, jnet.jar and jcert.jar to the POST_CLASSPATH in startWebLogic.cmd (so that they will be tacked on to CLASSPATH) 2) added the certificate of the host i am connecting to (xxx.cer) cacerts in the JDK and also the cacerts under \bea\weblogic700\server\lib\. 2.1) the way to do this is "keytool -import -keystore "path to cacerts" -file "path to xxx.cer" 2.2) the default password for the keystore is "changeit" :-) 3) add the following argument to the weblogic.Server command: -Dweblogic.security.SSL.trustedCAKeyStore=c"path to cacerts" Hope this helps. -Vamsi --- Om Narayan <[EMAIL PROTECTED]> wrote: > I am trying to use httpclient with weblogic 7.0. > It works fine without SSL, but when I try to use https urls it just sits > there hanging. If I use weblogic's apis, the program works fine (btw, I > am using the sslclient example that comes with weblogic). > I am using weblogic's implementation of SSL (not Sun's JSSE). Is there > any special setup/installation necessary? > > Om. > __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
[java] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpCl ient.java:477) [java] at examples.security.sslclient.SSLClientTest.testURLConnect(SSLC lientTest.java:106) [java] at examples.security.sslclient.SSLClientTest.main(SSLClientTest. java:50) Thanks. Om. - Original Message - From: "Adrian Sutton" <[EMAIL PROTECTED]> To: "Commons HttpClient Project" <[EMAIL PROTECTED]> Sent: Tuesday, May 27, 2003 5:20 PM Subject: Re: Httpclient under weblogic 7.0 > Maybe someone will know a particular gotcha with weblogic, but the best > chance for finding the source of the problem always lies in the debug > logs (regular members of the list should know the following mantra by > now): :) > > Could you please supply a wire trace log showing an attempt to use SSL > with your application. Instructions can be found at > http://jakarta.apache.org/commons/httpclient/logging.html There are > some other useful troubleshooting hints in the trouble shooting guide > at http://jakarta.apache.org/commons/httpclient/troubleshooting.html > Finally, a simple test case is always useful, I think I can get my > hands on a copy of weblogic so if it has to use weblogic that might be > okay, try reproducing the problem outside of weblogic if you can though. > > I'd also point you to the HTTPS guide but Oleg hasn't written it yet > . > > Once we get some debugging information we should be able to work out > what the problem is and help you fix it. > > Regards, > > Adrian Sutton. > > On Wednesday, May 28, 2003, at 10:12 AM, Om Narayan wrote: > > > I am trying to use httpclient with weblogic 7.0. > > It works fine without SSL, but when I try to use https urls it just > > sits there hanging. If I use weblogic's apis, the program works fine > > (btw, I am using the sslclient example that comes with weblogic). > > I am using weblogic's implementation of SSL (not Sun's JSSE). Is there > > any special setup/installation necessary? > > > > Om. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Httpclient under weblogic 7.0
Maybe someone will know a particular gotcha with weblogic, but the best chance for finding the source of the problem always lies in the debug logs (regular members of the list should know the following mantra by now): :) Could you please supply a wire trace log showing an attempt to use SSL with your application. Instructions can be found at http://jakarta.apache.org/commons/httpclient/logging.html There are some other useful troubleshooting hints in the trouble shooting guide at http://jakarta.apache.org/commons/httpclient/troubleshooting.html Finally, a simple test case is always useful, I think I can get my hands on a copy of weblogic so if it has to use weblogic that might be okay, try reproducing the problem outside of weblogic if you can though. I'd also point you to the HTTPS guide but Oleg hasn't written it yet . Once we get some debugging information we should be able to work out what the problem is and help you fix it. Regards, Adrian Sutton. On Wednesday, May 28, 2003, at 10:12 AM, Om Narayan wrote: I am trying to use httpclient with weblogic 7.0. It works fine without SSL, but when I try to use https urls it just sits there hanging. If I use weblogic's apis, the program works fine (btw, I am using the sslclient example that comes with weblogic). I am using weblogic's implementation of SSL (not Sun's JSSE). Is there any special setup/installation necessary? Om. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]