Hi Andrei,
Here is the code I am using to set the protocol. We also tried it with TLS,
but it did not prevent the use of the SSLv2Hello protocol for the Hello packet
in the handshake, which seems to be causing the problem with our partner's
server. This configuration works fine with another partner that I integrated
with in the summer. Until now I've just set the proxy server and port. Didn't
have to worry about the TLSClientParameters. I'm using them here to try to
control the protocol. But both TLS and SSLv3 settings seem to allow the hello
packet to be sent with the SSLv2Hello protocol which seems top cause our new
partner's server to drop the connection immediately. Do I need to add my own
SSLSocketFactory?
.....
Client cxfClient = ClientProxy.getClient(eidVerifyCxfClient);
HTTPConduit conduit = (HTTPConduit) cxfClient.getConduit();
HTTPClientPolicy policy = conduit.getClient();
TLSClientParameters tlsClientParameters =
conduit.getTlsClientParameters();
if(tlsClientParameters!=null) {
String protocol = tlsClientParameters.getSecureSocketProtocol();
logger.info("SSL SSL SSL Protocol: "+protocol);
}
else{
TLSClientParameters tp = new TLSClientParameters();
conduit.setTlsClientParameters(tp);
}
conduit.getTlsClientParameters().setSecureSocketProtocol("SSLv3");
// conduit.getTlsClientParameters().setSecureSocketProtocol("TLS");
......
-----Original Message-----
From: Andrei Shakirin [mailto:ashaki...@talend.com]
Sent: Monday, October 27, 2014 5:13 AM
To: users@cxf.apache.org
Subject: RE: How to Disable SSLv2 client hello in CXF?
Hi,
I guess you mean TLSClientParameters.secureSocketProtocol in Conduit.
As far as I can see this parameter is used for creating java.net.ssl.SSLContext:
String protocol = parameters.getSecureSocketProtocol() != null ?
parameters
.getSecureSocketProtocol() : "TLS";
The setting should work. How you apply conduit settings: programmatically or
via spring configuration?
Could you past the code snapshot?
Regards,
Andrei.
> -----Original Message-----
> From: David Roytenberg (Consultant)
> [mailto:david.roytenb...@optimalpayments.com]
> Sent: Freitag, 24. Oktober 2014 17:46
> To: users@cxf.apache.org
> Subject: RE: How to Disable SSLv2 client hello in CXF?
>
> Hello again.
>
> I've dug further into the CXF documentation and found that it is
> possible to programmatically set the SSL protocols on the
> TLSProperties object of the Conduit.
>
> I've created the TLS properties and set the SSL protocols to TLS1, but
> this does not change the SSL behavior, which still starts with TLSv1.2
> then sends the hello with SSLv2 which is then dropped on the client
> end. Is there another switch that has to be set to over-ride the default SSL
> behavior?
>
> David
>
> -----Original Message-----
> From: David Roytenberg (Consultant)
> [mailto:david.roytenb...@optimalpayments.com]
> Sent: Thursday, October 23, 2014 4:57 PM
> To: users@cxf.apache.org
> Subject: How to Disable SSLv2 client hello in CXF?
>
> I'm having an SSL problem and I wonder if there is a way to fix it
> within CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We
> are using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following
> trace with lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an
> SSLV2 protocol, which our partner's server does not like. Apparently
> sending the Hello at this level is a common behavior and apparently it
> sometimes causes the remote server to fail. I found a suggestion on
> line that this can be fixed by removing the SSLv2 from the allowed
> protocols. I am wondering if I can do that through CFX configuration?
>
> This is a reference to the article that suggests that removing the
> protocol is the solution to this problem:
>
> http://stackoverflow.com/questions/4682957/why-does-javas-sslsocket-se
> nd-a-
> version-2-client-hello
>
> The protocols are apparently set on the SSLContext in JSSE by calling
> setEnabledProtocols(String[] protocols)
>
> Is there a way to set the enabled protocols on the SSLContext via CXF
> configuration?
>
> If not, is there a way to get hold of the SSLContext programmatically
> in a CXF interceptor?
>
> We can't fix this problem at the WebLogic level because of side-effects on
> other apps. Thanks in advance for any suggestions or guidance!
>
> WebLogic SSL debug trace follows:
>
> %% No cached client session
> *** ClientHello, TLSv1.2
> RandomCookie: GMT: 1414096267 bytes = { 183, 209, 47, 148, 54, 202,
> 98, 8, 191, 222, 122, 248, 80, 190, 53, 88, 128, 130, 126, 108, 100,
> 82, 100, 197, 213, 31, 89, 96 } Session ID: {} Cipher Suites:
> [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS
> _WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AE S_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_
> WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES _128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_W ITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1,
> sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
> sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1,
> sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp1 92k1,
> sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension
> ec_point_formats, formats: [uncompressed] Extension
> signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA,
> SHA1withRSA, SHA1withDSA, MD5withRSA
> ***
> [write] MD5 and SHA1 hashes: len = 221
> 0000: 01 00 00 D9 03 03 54 49 66 8B B7 D1 2F 94 36 CA ......TIf.../.6.
> 0010: 62 08 BF DE 7A F8 50 BE 35 58 80 82 7E 6C 64 52 b...z.P.5X...ldR
> 0020: 64 C5 D5 1F 59 60 00 00 54 C0 24 C0 28 00 3D C0 d...Y`..T.$.(.=.
> 0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
> 0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
> 0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
> 0060: 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 08 C0 12 00 2...............
> 0070: 0A C0 03 C0 0D 00 16 00 13 00 04 00 FF 01 00 00 ................
> 0080: 5C 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 \...4.2.........
> 0090: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 ................
> 00A0: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 ................
> 00B0: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 ................
> 00C0: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 ................
> 00D0: 01 03 03 03 01 02 03 02 01 02 02 01 01 .............
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> WRITE: TLSv1.2 Handshake, length = 221 [write] MD5 and SHA1 hashes:
> len =
> 188
> 0000: 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 28 00 ........ ..$..(.
> 0010: 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A 00 C0 .=..&..*..k..j..
> 0020: 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 C0 0F .........5......
> 0030: 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 3C 00 ..9..8..#..'..<.
> 0040: C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 06 00 .%..)..g..@.....
> 0050: 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 C0 0E @...../.........
> 0060: 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 11 00 ..3..2..........
> 0070: 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 00 00 ................
> 0080: 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 00 16 ................
> 0090: 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 66 8B ............TIf.
> 00A0: B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE 35 58 ../.6.b...z.P.5X
> 00B0: 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 ...ldRd...Y`
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> WRITE: SSLv2 client hello message, length = 188 [Raw write]: length = 190
> 0000: 80 BC 01 03 03 00 93 00 00 00 20 00 C0 24 00 C0 .......... ..$..
> 0010: 28 00 00 3D 00 C0 26 00 C0 2A 00 00 6B 00 00 6A (..=..&..*..k..j
> 0020: 00 C0 0A 07 00 C0 00 C0 14 00 00 35 00 C0 05 00 ...........5....
> 0030: C0 0F 00 00 39 00 00 38 00 C0 23 00 C0 27 00 00 ....9..8..#..'..
> 0040: 3C 00 C0 25 00 C0 29 00 00 67 00 00 40 00 C0 09 <..%..)..g..@...
> 0050: 06 00 40 00 C0 13 00 00 2F 00 C0 04 01 00 80 00 ..@...../.......
> 0060: C0 0E 00 00 33 00 00 32 00 C0 07 05 00 80 00 C0 ....3..2........
> 0070: 11 00 00 05 00 C0 02 00 C0 0C 00 C0 08 00 C0 12 ................
> 0080: 00 00 0A 07 00 C0 00 C0 03 02 00 80 00 C0 0D 00 ................
> 0090: 00 16 00 00 13 00 00 04 01 00 80 00 00 FF 54 49 ..............TI
> 00A0: 66 8B B7 D1 2F 94 36 CA 62 08 BF DE 7A F8 50 BE f.../.6.b...z.P.
> 00B0: 35 58 80 82 7E 6C 64 52 64 C5 D5 1F 59 60 5X...ldRd...Y`
> <Oct 23, 2014 4:35:23 PM EDT> <Debug> <SecuritySSL> <BEA-000000>
> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self- tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> SSLEngine.wrap(ByteBuffer,ByteBuffer)
> called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed
> =
> 0 bytesProduced = 190.> <Oct 23, 2014 4:35:23 PM EDT> <Debug>
> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE:
> SSLEngine.unwrap(ByteBuffer,ByteBuffer
> []) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus =
> NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.> [Raw read]: length = 5
> 0000: 15 03 03 00 02 .....
> [Raw read]: length = 2
> 0000: 02 28 .(
> [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default
> (self-tuning)',
> READ: TLSv1.2 Alert, length = 2 [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal,
> handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed.
> Rethrowing javax.net.ssl.SSLException: Received fatal alert:
> handshake_failure [ACTIVE] ExecuteThread: '0' for queue:
> 'weblogic.kernel.Default (self-tuning)',
> fatal: engine already closed. Rethrowing javax.net.ssl.SSLException:
> Received fatal alert: handshake_failure <Oct 23, 2014 4:35:23 PM EDT>
> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '0' for
> queue:
> 'weblogic.kernel.Default (self-tuning)',5,Pooled
> Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception
> occurred during SSLEngine.un wrap(ByteBuffer,ByteBuffer[]).
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
> at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
> at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:664)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
> at
> weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
> at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:505)
> at
> weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.j
> ava:44
> 8)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:80)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:64)
> at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:59)
> at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:390)
> at
> weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:89)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
> at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
> at
> weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.ja
> va:1
> 86)
> at
> weblogic.net.http.HttpURLConnection.getOutputStream(HttpURLConnection.
> jav
> a:280)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWr
> a
> ppedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:168
> )
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHe
> a
> dersTrustCaching(HTTPConduit.java:1278)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstW
> rit
> e(HTTPConduit.java:1234)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWr
> a
> ppedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOut
> pu
> tStream.java:47)
> at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThreshol
> dOutp
> utStream.java:69)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HT
> TP
> Conduit.java:1291)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndin
> gI
> nterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> rChai
> n.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:541)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:474)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:377)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:330)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> at com.sun.proxy.$Proxy258.startTransaction(Unknown Source)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyClient.initiateVe
> rification(
> VerifyClient.java:87)
> at
> com.optimal.identity.gateway.equifax.eidverify.VerifyGateway.submitIni
> tial(Ve
> rifyGateway.java:24)
> at
> com.optimal.identity.service.IdentificationServiceImpl.submitInitial(I
> dentificatio
> nServiceImpl.java:147)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orI
> mpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflectio
> n(Aop
> Utils.java:317)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoi
> npo
> int(ReflectiveMethodInvocation.java:183)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:150)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.inv
> oke(Tra
> nsactionInterceptor.java:110)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamic
> AopProxy.java:204)
> at com.sun.proxy.$Proxy211.submitInitial(Unknown Source)
> at
> com.optimal.identity.web.rest.IdentificationController.create(Identifi
> cationCont
> roller.java:133)
> at
> com.optimal.identity.web.rest.IdentificationController$$FastClassByCGL
> IB$$95f
> 388d3.invoke(<generated>)
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.
> in
> vokeJoinpoint(CglibAopProxy.java:698)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:150)
> at
> org.springframework.security.access.intercept.aopalliance.MethodSecuri
> tyInter
> ceptor.invoke(MethodSecurityInterceptor.java:64)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(R
> efl
> ectiveMethodInvocation.java:172)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedIntercep
> t
> or.intercept(CglibAopProxy.java:631)
> at
> com.optimal.identity.web.rest.IdentificationController$$EnhancerByCGLI
> B$$36
> b7b48f.create(<generated>)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orI
> mpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invoke(I
> nv
> ocableHandlerMethod.java:219)
> at
> org.springframework.web.method.support.InvocableHandlerMethod.invokeFo
> r
> Request(InvocableHandlerMethod.java:132)
> at
> org.springframework.web.servlet.mvc.method.annotation.ServletInvocable
> Han
> dlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHa
> n
> dlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
> at
> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHa
> n
> dlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
> at
> org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.
> handle(AbstractHandlerMethodAdapter.java:80)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatche
> rServl
> et.java:925)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(Dispatcher
> Servle
> t.java:856)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(Framew
> or
> kServlet.java:920)
> at
> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServl
> et.j
> ava:827)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.
> java:801)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(
> StubSecu
> rityHelper.java:227)
> at
> weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurit
> yHelper.j
> ava:125)
> at
> weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
> at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInterna
> l(Shallo
> wEtagHeaderFilter.java:73)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRe
> quest
> Filter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:330)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterc
> eptor.inv
> oke(FilterSecurityInterceptor.java:118)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterc
> eptor.do
> Filter(FilterSecurityInterceptor.java:84)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doF
> ilter(Ex
> ceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticatio
> nFilt
> er.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAware
> Requ
> estFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticatio
> nFilt
> er.doFilter(BasicAuthenticationFilter.java:201)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFil
> ter.doF
> ilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.d
> oFilter(
> FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(Fil
> terChain
> Proxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChain
> Proxy.ja
> va:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilterInternal(LoggerFilt
> er.java:16
> 9)
> at
> com.optimal.rest.loggerfilter.LoggerFilter.doFilter(LoggerFilter.java:123)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> com.optimal.web.spring.filter.ApplicationUidFilter.doFilterInternal(Ap
> plicationU
> idFilter.java:51)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRe
> quest
> Filter.java:107)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(De
> legati
> ngFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegati
> ngFilter
> Proxy.java:259)
> at
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction
> .wrap
> Run(WebAppServletContext.java:3730)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction
> .run(
> WebAppServletContext.java:3696)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticated
> Subject.j
> ava:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
> at
> weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppSe
> rvl
> etContext.java:2273)
> at
> weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletCo
> nte
> xt.java:2179)
> at
> weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.ja
> va:1490
> )
> at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
> at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
> >
> AVIS IMPORTANT
>
> WARNING
>
>
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> destin?s au seul usage du destinataire vis?. L'exp?diteur original ne
> renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message
> a ?t? transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent
> message ou si vous l'avez re?u par erreur, veuillez cesser
> imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces
> jointes, de votre syst?me. La lecture, la distribution, la copie ou
> tout autre usage du pr?sent message ou de ses pi?ces jointes par des
> personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient
> ?tre ill?gaux.
> Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
> aviser l'exp?diteur.
>
>
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are waived
> by any unintended transmission or unauthorized retransmission of this
> message. If you are not the intended recipient of this message, or if
> you have received it in error, you should immediately stop reading
> this message and delete it and all attachments from your system. The
> reading, distribution, copying or other use of this message or its
> attachments by unintended recipients is unauthorized and may be
> unlawful. If you have received this e-mail in error, please notify the sender.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are
> waived by any unintended transmission or unauthorized retransmission
> of this message. If you are not the intended recipient of this
> message, or if you have received it in error, you should immediately
> stop reading this message and delete it and all attachments from your
> system. The reading, distribution, copying or other use of this
> message or its attachments by unintended recipients is unauthorized
> and may be unlawful. If you have received this e-mail in error, please
> notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies
> destines au seul usage du destinataire vise. L'expediteur original ne
> renonce a aucun privilege ou a aucun autre droit si le present message
> a ete transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'etes pas le destinataire vise du present
> message ou si vous l'avez recu par erreur, veuillez cesser
> immediatement de le lire et le supprimer, ainsi que toutes ses pieces
> jointes, de votre systeme. La lecture, la distribution, la copie ou
> tout autre usage du present message ou de ses pieces jointes par des
> personnes autres que le destinataire vise ne sont pas autorises et pourraient
> etre illegaux.
> Si vous avez recu ce courrier electronique par erreur, veuillez en
> aviser l'expediteur.
>
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are
> waived by any unintended transmission or unauthorized retransmission
> of this message. If you are not the intended recipient of this
> message, or if you have received it in error, you should immediately
> stop reading this message and delete it and all attachments from your
> system. The reading, distribution, copying or other use of this
> message or its attachments by unintended recipients is unauthorized
> and may be unlawful. If you have received this e-mail in error, please
> notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou l?galement privil?gi?s
> destin?s au seul usage du destinataire vis?. L'exp?diteur original ne
> renonce ? aucun privil?ge ou ? aucun autre droit si le pr?sent message
> a ?t? transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'?tes pas le destinataire vis? du pr?sent
> message ou si vous l'avez re?u par erreur, veuillez cesser
> imm?diatement de le lire et le supprimer, ainsi que toutes ses pi?ces
> jointes, de votre syst?me. La lecture, la distribution, la copie ou
> tout autre usage du pr?sent message ou de ses pi?ces jointes par des
> personnes autres que le destinataire vis? ne sont pas autoris?s et pourraient
> ?tre ill?gaux.
> Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
> aviser l'exp?diteur.
>
> --
> WARNING
> -------
> This electronic message and its attachments may contain confidential,
> proprietary or legally privileged information, which is solely for the
> use of the intended recipient. No privilege or other rights are
> waived by any unintended transmission or unauthorized retransmission
> of this message. If you are not the intended recipient of this
> message, or if you have received it in error, you should immediately
> stop reading this message and delete it and all attachments from your
> system. The reading, distribution, copying or other use of this
> message or its attachments by unintended recipients is unauthorized
> and may be unlawful. If you have received this e-mail in error, please
> notify the sender.
>
> AVIS IMPORTANT
> --------------
> Ce message electronique et ses pieces jointes peuvent contenir des
> renseignements confidentiels, exclusifs ou legalement privilegies
> destines au seul usage du destinataire vise. L'expediteur original ne
> renonce a aucun privilege ou a aucun autre droit si le present message
> a ete transmis involontairement ou s'il est retransmis sans son
> autorisation. Si vous n'etes pas le destinataire vise du present
> message ou si vous l'avez recu par erreur, veuillez cesser
> immediatement de le lire et le supprimer, ainsi que toutes ses pieces
> jointes, de votre systeme. La lecture, la distribution, la copie ou
> tout autre usage du present message ou de ses pieces jointes par des
> personnes autres que le destinataire vise ne sont pas autorises et pourraient
> etre illegaux.
> Si vous avez recu ce courrier electronique par erreur, veuillez en
> aviser l'expediteur.
--
WARNING
-------
This electronic message and its attachments may contain confidential,
proprietary or legally privileged information, which is solely for the use of
the intended recipient. No privilege or other rights are waived by any
unintended transmission or unauthorized retransmission of this message. If you
are not the intended recipient of this message, or if you have received it in
error, you should immediately stop reading this message and delete it and all
attachments from your system. The reading, distribution, copying or other use
of this message or its attachments by unintended recipients is unauthorized and
may be unlawful. If you have received this e-mail in error, please notify the
sender.
AVIS IMPORTANT
--------------
Ce message ?lectronique et ses pi?ces jointes peuvent contenir des
renseignements confidentiels, exclusifs ou l?galement privil?gi?s destin?s au
seul usage du destinataire vis?. L'exp?diteur original ne renonce ? aucun
privil?ge ou ? aucun autre droit si le pr?sent message a ?t? transmis
involontairement ou s'il est retransmis sans son autorisation. Si vous n'?tes
pas le destinataire vis? du pr?sent message ou si vous l'avez re?u par erreur,
veuillez cesser imm?diatement de le lire et le supprimer, ainsi que toutes ses
pi?ces jointes, de votre syst?me. La lecture, la distribution, la copie ou
tout autre usage du pr?sent message ou de ses pi?ces jointes par des personnes
autres que le destinataire vis? ne sont pas autoris?s et pourraient ?tre
ill?gaux. Si vous avez re?u ce courrier ?lectronique par erreur, veuillez en
aviser l'exp?diteur.
--
WARNING
-------
This electronic message and its attachments may contain confidential,
proprietary or legally privileged information, which is solely for the use of
the intended recipient. No privilege or other rights are waived by any
unintended transmission or unauthorized retransmission of this message. If you
are not the intended recipient of this message, or if you have received it in
error, you should immediately stop reading this message and delete it and all
attachments from your system. The reading, distribution, copying or other use
of this message or its attachments by unintended recipients is unauthorized and
may be unlawful. If you have received this e-mail in error, please notify the
sender.
AVIS IMPORTANT
--------------
Ce message electronique et ses pieces jointes peuvent contenir des
renseignements confidentiels, exclusifs ou legalement privilegies destines au
seul usage du destinataire vise. L'expediteur original ne renonce a aucun
privilege ou a aucun autre droit si le present message a ete transmis
involontairement ou s'il est retransmis sans son autorisation. Si vous n'etes
pas le destinataire vise du present message ou si vous l'avez recu par erreur,
veuillez cesser immediatement de le lire et le supprimer, ainsi que toutes ses
pieces jointes, de votre systeme. La lecture, la distribution, la copie ou
tout autre usage du present message ou de ses pieces jointes par des personnes
autres que le destinataire vise ne sont pas autorises et pourraient etre
illegaux. Si vous avez recu ce courrier electronique par erreur, veuillez en
aviser l'expediteur.
