Security Configuration doesn't let me use antMatchers() on some pages - security

Security Configuration doesn't let me use antMatchers() on some pages. Below is a configuration code where I'm trying to let not signed in user access "/", "/entries", "/signup". With "/signup" there is no problem it let me visit that page, but it keeps redirecting me to login page if I'm trying to access "/" or "/entries". I've tried to write each uri in separate antMatchers() and switching orders, but no luck so far.
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
#Autowired
DetailService userDetailsService;
#Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(User.PASSWORD_ENCODER);
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/entries","/signup").permitAll()
.antMatchers("/adminpanel/**")
.access("hasRole('ROLE_ADMIN')")
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.successHandler(loginSuccessHandler())
.failureHandler(loginFailureHandler())
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/clearConnection")
.and()
.csrf();
http.headers().frameOptions().disable();
}
public AuthenticationSuccessHandler loginSuccessHandler() {
return (request, response, authentication) -> response.sendRedirect("/");
}
public AuthenticationFailureHandler loginFailureHandler() {
return (request, response, exception) -> {
response.sendRedirect("/login");
};
}
#Bean
public EvaluationContextExtension securityExtension() {
return new EvaluationContextExtensionSupport() {
#Override
public String getExtensionId() {
return "security";
}
#Override
public Object getRootObject() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return new SecurityExpressionRoot(authentication) {
};
}
};
}
}

Apparently I had a UserHandler class that has annotation #ControllerAdvice(basePackages = "myproject.web.controller"). That's means that it applies to all classes for provided package. My addUser() is trying to add User as an attribute and if there is no user it throwing one of exceptions defined in the same class which cause redirection. So, I created separate GuestController outside of the package provided for #ControllerAdvice and handle all logic for a guest in it. That solved my problem. Would appreciate any insights on my approach, if its good practice or not.
#ControllerAdvice(basePackages = "myproject.web.controller")
public class UserHandler {
#Autowired
private UserService users;
#ExceptionHandler(AccessDeniedException.class)
public String redirectNonUser(RedirectAttributes attributes) {
attributes.addAttribute("errorMessage", "Please login before accessing website");
return "redirect:/login";
}
#ExceptionHandler(UsernameNotFoundException.class)
public String redirectNotFound(RedirectAttributes attributes) {
attributes.addAttribute("errorMessage", "Username not found");
return "redirect:/login";
}
#ModelAttribute("currentUser")
public User addUser() {
if(SecurityContextHolder.getContext().getAuthentication() != null) {
String username = SecurityContextHolder.getContext().getAuthentication().getName();
User user = users.findByUsername(username);
if(user != null) {
return user;
} else {
throw new UsernameNotFoundException("Username not found");
}
} else {
throw new AccessDeniedException("Not logged in");
}
}
}

Related

Marshalling via WebServiceGatewaySupport fails with JAXBException: class <classname> nor any of its super class is known to this context

I want to call webservices via clients. The clients are instantiated as beans:
#Configuration
public class ServiceClientConfiguration {
#Bean
public Jaxb2Marshaller marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setContextPath(CONTEXT_PATH);
return marshaller;
}
#Bean
public Service1Client authenticate(Jaxb2Marshaller marshaller) {
Service1Client client = new Service1Client();
client.setDefaultUri("http://localhost:8292/service1");
client.setMarshaller(marshaller);
client.setUnmarshaller(marshaller);
return client;
}
#Bean
public Service2Client broker(Jaxb2Marshaller marshaller) {
Service2Client client = new Service2Client();
client.setDefaultUri("http://localhost:8192/service2");
client.setMarshaller(marshaller);
client.setUnmarshaller(marshaller);
return client;
}
Though the both of the services are different, the request and responses are defined via xsd-files to the same package name - which is provided here as String 'CONTEXT_PATH' to the marshaller.
The clients itself look like this:
public class Service1Client extends WebServiceGatewaySupport {
private static final Logger log = LoggerFactory.getLogger(Tools.getClassName());
public Service1Response process(Service1Request request) {
Service1Response response = null;
try {
response = (Service1Response) getWebServiceTemplate()
.marshalSendAndReceive("http://localhost:8292/service1", request);
} catch (Exception e) {
log.error("", e);
}
return response;
}
}
and
public class Service2Client extends WebServiceGatewaySupport {
private static final Logger log = LoggerFactory.getLogger(Tools.getClassName());
public Service2Response process(Service2Request request) {
Service2Response response = null;
try {
response = (Service2Response) getWebServiceTemplate()
.marshalSendAndReceive("http://localhost:8192/service2", request);
} catch (Exception e) {
log.error("", e);
}
return response;
}
}
While running Service1Client is fine, the Service2Client fails with
javax.xml.bind.JAXBException: class <package>.Service2Request nor any of its super class is known to this context.
I removed "Service1Client" from the code - but the error remained to be the same.
I have renamed the pathname of the CONTEXT_PATH. It was "types.". I changed it to "dto.". Now it works as expected.
For me the reason for the problem looks sort of strange - maybe somebody can explain it.

Spring Boot - Multithreading on same Object

I work on project that manages contacts database with CRUD options
But I don't know how to handle multithreading.
I use Java 8 and spring-boot 2.0.4 RELEASE
UPDATE -> Code instead of images
This is Controller :
#RestController
#RequestMapping("/api")
#CrossOrigin(origins = "http://localhost:4200", allowedHeaders="*")
public class ContactController {
#Autowired
private ContactService contactService;
/*--- Toute la liste ---*/
#GetMapping("/contact")
public List<ContactDTO> getDestinataires() {
return contactService.getContacts();
}
/* ------------------------- CRUD ----------------------- */
// Creation contact
#PostMapping("/contact/create")
public boolean create(#Valid #RequestBody ContactDTO contact) {
return contactService.create(contact);
}
// infos d'un contact
#GetMapping("/contact/{id}")
public ContactDTO read(#PathVariable Integer id) {
return contactService.getContact(id);
}
// Maj contact
#PutMapping("/contact/update")
public boolean update(#RequestBody ContactDTO contact) {
return contactService.update(contact);
}
// Maj contact
#DeleteMapping("/contact/delete/{id}")
public boolean delete(#PathVariable Integer id) {
return contactService.delete(id);
}
}
The service (with #Service annotation) retrieves ContactDTO Object sent by the front and set Contact object. It works with CoreServices (without Spring annotations) java class.
This is it:
#Service
public class ContactService extends CoreServices{
private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(ContactService.class);
public boolean update(ContactDTO contactDTOFront) {
logger.info("ContactService - start update method");
try {
// contrôle si contact existe
setContact(getContactRepo().findByIdaicontact(contactDTOFront.getIdaicontact()));
if (getContact() == null) {
return false;
}
// alimentation du bean hibernate par le bean dto.
contactDTOFront.alimBean(this);
// maj de la bdd
if (getContactRepo().save(getContact()) == null) {
return false;
}
} catch (Exception ure) {
logger.error("ContactService - Error update method: " + ExceptionUtils.getStackTrace(ure));
return false;
}
return true;
}
All Beans (DTO and entity) are managed in CoreServices Class :
public class CoreServices {
#Autowired
private ContactRepository contactRepo;
// Bean Contact
Contact contact = new Contact();
ContactDTO contactDTO = new ContactDTO();
List<ContactDTO> contactDTOList = new ArrayList<ContactDTO>();
List<Contact> contactList = new ArrayList<Contact>();
public ContactRepository getContactRepo() {
return contactRepo;
}
public Contact getContact() {
return contact;
}
public void setContact(Contact contact) {
this.contact = contact;
}
public ContactDTO getContactDTO() {
return contactDTO;
}
public void setContactDTO(ContactDTO contactDTO) {
this.contactDTO = contactDTO;
}
public List<ContactDTO> getContactDTOList() {
return contactDTOList;
}
public void setContactDTOList(List<ContactDTO> contactDTOList) {
this.contactDTOList = contactDTOList;
}
public List<Contact> getContactList() {
return contactList;
}
public void setContactList(List<Contact> contactList) {
this.contactList = contactList;
}
To set Contact bean , I use "alimBean" method defined in DTO OBject. This method is called in my service.
public void alimBean(CoreServices service) throws Exception {
logger.info("ContactDTO - start alimBean method");
service.getContact().setIdaicontact(this.getIdaicontact());
service.getContact().setIdentifiant(this.getIdentifiant());
service.getContact().setIdaisite(this.getIdaisite());
service.getContact().setIdaitype(this.getIdaitype());
service.getContact().setNom(this.getNom());
service.getContact().setPrenom(this.getPrenom());
service.getContact().setEmail(this.getEmail());
service.getContact().setComment(this.getComment());
service.getContact().setStatus(this.getStatus());
service.getContact().setLocked(this.getLocked());
service.getContact().setUserlock(this.getUserlock());
service.getContact().setCreuser(this.getCreuser());
service.getContact().setUpduser(this.getUpduser());
// Gestion des dates STRING -> DATE
logger.info("ContactDTO - end alimBean method");
}
Now, assuming two update requests are handled in same time. How does it work ?
I read some Tuto about "synchronization" but they are a little confused for me. I don't know if it's the best way and I don't want to break all the code except if it's the only solution to handle this multithreading case
What can I add to this code to be sure the second request will not set Contact object before the first request ended.
You should synchronize only update and delete actions with for example id if it's unique. You can use my library but it's in alfa version but it is tested and works good.
You must add the dependency:
<dependency>
<groupId>com.jsunsoft.util</groupId>
<artifactId>concurrent</artifactId>
<version>0.0.1-alpha2</version>
</dependency>
and write code like this
import com.jsunsoft.util.concurrent.locks.Lock;
public class ContactService extends CoreServices {
private final Lock contactLock = new StripedLock(minimumNumberOfStripes, lockTimeSec);
public boolean update(ContactDTO contactDTOFront) {
logger.info("ContactService - start update method");
try {
updateSynched(contactDTOFront);
} catch (Exception ure) {
logger.error("Co: " + ExceptionUtils.getStackTrace(ure));
return false;
}
return true;
}
//you can add the method updateSynched
private void updateSynched(ContactDTO contactDTOFront) throws Exception {
contactLock.lock(contactDTOFront.getId(), () -> {
setContact(getContactRepo().findByIdaicontact(contactDTOFront.getIdaicontact()));
if (getContact() == null) {
throw new Exception("msg");
}
// alimentation du bean hibernate par le bean dto.
contactDTOFront.alimBean(this);
// maj de la bdd
if (getContactRepo().save(getContact()) == null) {
throw new Exception("msg");
}
});
}
}
Note: In that library I used the guava striped lock if you want you can use directly the guava API.

MVC Repository, Unity, Identity Error

I'm starting a new project using MVC 5, Identity 2.x, Unity, and Dapper. I'm using the standard EF functionality for Identity but using Dapper for the rest of the DB access. I'm using a Repository Pattern for all my (non-Identity) DB calls.
I'm fairly new to Unity and Dapper but keep gettin a "Object reference not set to an instance of an object." error whenever I make a call to the DB interface in the Account Controller line from below:
var result = _companyaccountrepository.AddToCompanyUsers(model);
Can anyone point out what I'm doing wrong? Thanks in advance.
Account Controller
private ICompanyAccountRepository _companyaccountrepository { get; set; }
public ICompanyAccountRepository companyaccountrepository
{
get { return _companyaccountrepository ?? (_companyaccountrepository = new CompanyAccountRepository()); }
}
private ApplicationUserManager _userManager;
public ApplicationUserManager UserManager
{
get
{
return _userManager ?? HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
}
private set
{
_userManager = value;
}
}
private ApplicationSignInManager _signInManager;
public ApplicationSignInManager SignInManager
{
get
{
return _signInManager ?? HttpContext.GetOwinContext().Get<ApplicationSignInManager>();
}
private set { _signInManager = value; }
}
public AccountController()
{
}
public AccountController(ApplicationUserManager userManager, ApplicationSignInManager signInManager, ICompanyAccountRepository companyaccountrepository)
{
UserManager = userManager;
SignInManager = signInManager;
_companyaccountrepository = companyaccountrepository;
}
...
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> SignUp(RegisterUserAndCompanyViewModel model)
{
if (ModelState.IsValid)
{
var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
user.FirstName = model.FirstName;
user.LastName = model.LastName;
var result = await UserManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
var result = _companyaccountrepository.AddToCompanyUsers(model); //*** THIS IS WHERE THE PROBLEM OCCURS ****
return RedirectToAction("Confirmation");
}
AddErrors(result);
}
// If we got this far, something failed, redisplay form
return View(model);
}
Interface/Dapper SQL (dummy code to make it simple)
public interface ICompanyAccountRepository
{
CompanyUser AddToCompanyUsers(RegisterUserAndCompanyViewModel user);
}
public class CompanyAccountRepository : ICompanyAccountRepository
{
private string dbconn = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;
public bool AddToCompanyUsers(RegisterUserAndCompanyViewModel user);
{
using (SqlConnection cn = new SqlConnection(dbconn))
{
cn.Open();
cn.Insert(new CompanyUser() { CompanyId = user.companyid, UserId = user.id });
cn.Close();
}
return true;
}
}
Unity.Config
public static void RegisterTypes(IUnityContainer container)
{
// NOTE: To load from web.config uncomment the line below. Make sure to add a Microsoft.Practices.Unity.Configuration to the using statements.
// container.LoadConfiguration();
// TODO: Register your types here
//12-1-16 Need this for Identity
container.RegisterType<ApplicationDbContext>();
container.RegisterType<ApplicationSignInManager>();
container.RegisterType<ApplicationUserManager>();
container.RegisterType<EmailService>();
container.RegisterType<IAuthenticationManager>(
new InjectionFactory(c => HttpContext.Current.GetOwinContext().Authentication));
container.RegisterType<IUserStore<ApplicationUser>, UserStore<ApplicationUser>>(
new InjectionConstructor(typeof(ApplicationDbContext)));
container.RegisterType<AccountController>(
new InjectionConstructor(typeof(ApplicationUserManager), typeof(ApplicationSignInManager), typeof(ICompanyAccountRepository)));
container.RegisterType<AccountController>(
new InjectionConstructor());
//Identity / Unity stuff below to fix No IUserToken Issue - http://stackoverflow.com/questions/24731426/register-iauthenticationmanager-with-unity
//container.RegisterType<DbContext, ApplicationDbContext>(
// new HierarchicalLifetimeManager());
container.RegisterType<UserManager<ApplicationUser>>(
new HierarchicalLifetimeManager());
container.RegisterType<IUserStore<ApplicationUser>, UserStore<ApplicationUser>>(
new HierarchicalLifetimeManager());
container.RegisterType<ICompanyAccountRepository, CompanyAccountRepository>();
}
Thanks again for any suggestions.
NOTE: If I add instantiate the repository just before the AddToCompanyUsers call (below), it works fine. However, this breaks Unity/IOC
_companyaccountrepository= new CompanyAccountRepository();
var result = _companyaccountrepository.AddToCompanyUsers(model);
You can try it like this:
(this should fix your repository error. As for your userManager and signInManager, I believe you can improve how they are configured as well, but that will take to take a look on your startup.auth and your ApplicationDbContext and with all the Identity configuration)
Account Controller
private readonly ICompanyAccountRepository _companyaccountrepository;// { get; set; } -- remove the getter and setter here
//remove this
// public ICompanyAccountRepository companyaccountrepository
// {
// get { return _companyaccountrepository ?? (_companyaccountrepository = new CompanyAccountRepository()); }
// }
private ApplicationUserManager _userManager;
public ApplicationUserManager UserManager
{
get
{
return _userManager ?? HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
}
private set
{
_userManager = value;
}
}
private ApplicationSignInManager _signInManager;
public ApplicationSignInManager SignInManager
{
get
{
return _signInManager ?? HttpContext.GetOwinContext().Get<ApplicationSignInManager>();
}
private set { _signInManager = value; }
}
//I think you can remove the parameterless constructor as well
//public AccountController()
//{
//
//}
public AccountController(ApplicationUserManager userManager, ApplicationSignInManager signInManager, ICompanyAccountRepository companyaccountrepository)
{
UserManager = userManager;
SignInManager = signInManager;
_companyaccountrepository = companyaccountrepository;
}
...
EDIT
Change your constructor to:
public AccountController(ICompanyAccountRepository companyaccountrepository)
{
_companyaccountrepository = companyaccountrepository;
}

RhinoMocks AssertWasCalled throws Exception

I am new to TDD and RhinoMocks.
I am trying to test AssertWasCalled but having problems. The constructor to my test is as follows:
public AccountControllerTests()
{
_webAuthenticator = MockRepository.GenerateMock<IWebAuthenticator>();
}
And my test is like this:
[TestMethod]
public void AccountControllerCallsWebAuthenticator_CreateSignInTicketForGoodLoginCredentials()
{
const string username = "good-username";
const string password = "good-password";
var model = new LoginModel { Username = username, Password = password };
_webAuthenticator.Stub(w => w.Authenticate(username, password)).Return(true);
var mockHttpContextBase = MockRepository.GenerateMock<HttpContextBase>();
var accountController = new AccountController(_webAuthenticator);
accountController.Login(model);
_webAuthenticator.AssertWasCalled(x => x.CreateSignInTicket(mockHttpContextBase, username));
}
The error I get is:
Test method Paxium.Music.WebUI.Tests.Controllers.AccountControllerTests.AccountControllerCallsWebAuthenticator_CreateSignInTicketForGoodLoginCredentials threw exception:
Rhino.Mocks.Exceptions.ExpectationViolationException: IWebAuthenticator.CreateSignInTicket(Castle.Proxies.HttpContextBaseProxy7f274f09b6124e6da32d96dc6d3fface, "good-username"); Expected #1, Actual #0.
I have now changed my code as below - Before and after code:
Before:
public class AccountController : Controller
{
private readonly IWebAuthenticator _webAuthenticator;
public AccountController(IWebAuthenticator webAuthenticator)
{
_webAuthenticator = webAuthenticator;
}
[HttpGet]
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Login(LoginModel model)
{
if (ModelState.IsValid)
{
if (_webAuthenticator.Authenticate(model.Username, model.Password))
{
_webAuthenticator.CreateSignInTicket(HttpContext, model.Username);
return RedirectToAction("Index", "Home");
}
return View(model);
}
return View(model);
}
}
After:
public class AccountController : Controller
{
private readonly IWebAuthenticator _webAuthenticator;
private readonly HttpContextBase _contextBase;
public AccountController()
{
}
public AccountController(IWebAuthenticator webAuthenticator, HttpContextBase contextBase)
{
_webAuthenticator = webAuthenticator;
_contextBase = contextBase;
}
[HttpGet]
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Login(LoginModel model)
{
if (ModelState.IsValid)
{
if (_webAuthenticator.Authenticate(model.Username, model.Password))
{
_webAuthenticator.CreateSignInTicket(_contextBase, model.Username);
return RedirectToAction("Index", "Home");
}
return View(model);
}
return View(model);
}
}
My tests now pass. How I inject in the contextBase though when my controller is used for real?? I am using StructureMap.
The error message you are receiving indicates that the Assert failed, i.e. the webAuthenticator object was not called with those specific arguments (hence expected #1, actual #0 exception message).
From the limited context you provide, I suspect that the fake instance of the HttpContextBase (mockHttpContextBase) in your test is not the same object that's being passed to the webAuthenticator from your production code.
There's two ways you can go about this: make the assert less strict or make sure the production code uses the fake http context object. If you don't care which instance of HttpContext gets passed to the webAuthenticator in this test, you can use argument matchers (Rhinomocks calls them argument constraints).
In your case, this would turn out something like this:
_webAuthenticator.AssertWasCalled(x => x.CreateSignInTicket(Arg<HttpContextBase>.Is.Anything, Arg<string>.Is.Equal(username)));

Accessing secure restful web services using jersey client

I have created web services based on Jersey (auto generated via Netbeans).
I have also created a user names “testClient” with password “secret” and created User group “Users” and used file Realm using glassfish 3.0.1 admin console.
I have also mapped web.xml and sun-web.xml accordingly.
My web services are secured successfully; as I access the web site I receive a security warning and then I am prompt to give username and password to access any content of the website. It is working fine when accessed via web browser.
Now I have written a simple client based on jersey and tried to access the web services offered by the 1st project; the client code is here
Auto generated Jersey client code
public class JerseyClient {
private WebResource webResource;
private Client client;
private static final String BASE_URI = "https://localhost:9028/testsecurity2/resources";
public JerseyClient() {
com.sun.jersey.api.client.config.ClientConfig config = new com.sun.jersey.api.client.config.DefaultClientConfig(); // SSL configuration
// SSL configuration
config.getProperties().put(com.sun.jersey.client.urlconnection.HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new com.sun.jersey.client.urlconnection.HTTPSProperties(getHostnameVerifier(), getSSLContext()));
client = Client.create(config);
webResource = client.resource(BASE_URI).path("manufacturers");
}
public <T> T get_XML(Class<T> responseType) throws UniformInterfaceException {
return webResource.accept(javax.ws.rs.core.MediaType.APPLICATION_XML).get(responseType);
}
public <T> T get_JSON(Class<T> responseType) throws UniformInterfaceException {
return webResource.accept(javax.ws.rs.core.MediaType.APPLICATION_JSON).get(responseType);
}
public void close() {
client.destroy();
}
public void setUsernamePassword(String username, String password) {
client.addFilter(new com.sun.jersey.api.client.filter.HTTPBasicAuthFilter(username, password));
}
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
#Override
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
return true;
}
};
}
private SSLContext getSSLContext() {
javax.net.ssl.TrustManager x509 = new javax.net.ssl.X509TrustManager() {
#Override
public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
return;
}
#Override
public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
return;
}
#Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
SSLContext ctx = null;
try {
ctx = SSLContext.getInstance("SSL");
ctx.init(null, new javax.net.ssl.TrustManager[]{x509}, null);
} catch (java.security.GeneralSecurityException ex) {
}
return ctx;
}
}
Code in Main Method; uses auto generated code
JerseyClient client = new JerseyClient();
client.setUsernamePassword("testClient", "secret");
Object response = client.get_XML(String.class);
// do whatever with response
client.close();
Results:
Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:128)
at com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:78)
at com.sun.jersey.api.client.Client.handle(Client.java:457)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:557)
at com.sun.jersey.api.client.WebResource.access$300(WebResource.java:69)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:451)
at clients.JerseyClient.get_XML(JerseyClient.java:23)
at clients.NewMain1.main(NewMain1.java:20)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:215)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:126)
... 7 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
... 17 more
Java Result: 1
I also want to inform that these are two different projects running on different servers both are glassfish 3.0.1. I also tried to run client and services on the same server but all in vain. I am stuck; kindly help me.
Cheers!
i have found a good resource regarding my problem. Here it is
http://wiki.open-esb.java.net/attach/RestBCEchoSSL/SslClient.java
I made few changes in my code regarding the given source and it worked perfectly. Actually I was not passing the certificate and key stores properly.
Here is the full code.
package clients;
import com.sun.jersey.api.client.*;
import javax.net.ssl.*;
import java.io.*;
import java.net.Socket;
import java.security.*;
import javax.ws.rs.core.UriBuilder;
import com.sun.jersey.client.urlconnection.HTTPSProperties;
public class JerseyClient {
private WebResource webResource;
private Client client;
//private static final String BASE_URI = "https://localhost:9028/testsecurity2/resources";
private static final String truststore_path = "D:/Practice Apps/glassfish-3.0.1 Stand Alone/glassfish/domains/domain2/config/cacerts.jks";
private static final String truststore_password = "changeit";
private static final String keystore_path = "D:/Practice Apps/glassfish-3.0.1 Stand Alone/glassfish/domains/domain2/config/keystore.jks";
private static final String keystore_password = "changeit";
private static final String url = "https://localhost:9029/testsecurity2/resources/manufacturers/";
public JerseyClient() {
com.sun.jersey.api.client.config.ClientConfig config = new com.sun.jersey.api.client.config.DefaultClientConfig(); // SSL configuration
// SSL configuration
config.getProperties().put(com.sun.jersey.client.urlconnection.HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new com.sun.jersey.client.urlconnection.HTTPSProperties(getHostnameVerifier(), getSSLContext()));
client = Client.create(config);
webResource = client.resource(url);
}
public <T> T get_XML(Class<T> responseType) throws UniformInterfaceException {
return webResource.accept(javax.ws.rs.core.MediaType.APPLICATION_XML).get(responseType);
}
public <T> T get_JSON(Class<T> responseType) throws UniformInterfaceException {
return webResource.accept(javax.ws.rs.core.MediaType.APPLICATION_JSON).get(responseType);
}
public void close() {
client.destroy();
}
public void setUsernamePassword(String username, String password) {
client.addFilter(new com.sun.jersey.api.client.filter.HTTPBasicAuthFilter(username, password));
}
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
#Override
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
return true;
}
};
}
private SSLContext getSSLContext() {
TrustManager mytm[] = null;
KeyManager mykm[] = null;
try {
mytm = new TrustManager[]{new MyX509TrustManager(truststore_path, truststore_password.toCharArray())};
mykm = new KeyManager[]{new MyX509KeyManager(keystore_path, keystore_password.toCharArray())};
} catch (Exception ex) {
ex.printStackTrace();
}
SSLContext ctx = null;
try {
ctx = SSLContext.getInstance("SSL");
ctx.init(mykm, mytm, null);
} catch (java.security.GeneralSecurityException ex) {
}
return ctx;
}
/**
* Taken from http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
*
*/
static class MyX509TrustManager implements X509TrustManager {
/*
* The default PKIX X509TrustManager9. We'll delegate
* decisions to it, and fall back to the logic in this class if the
* default X509TrustManager doesn't trust it.
*/
X509TrustManager pkixTrustManager;
MyX509TrustManager(String trustStore, char[] password) throws Exception {
this(new File(trustStore), password);
}
MyX509TrustManager(File trustStore, char[] password) throws Exception {
// create a "default" JSSE X509TrustManager.
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(trustStore), password);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
/*
* Iterate over the returned trustmanagers, look
* for an instance of X509TrustManager. If found,
* use that as our "default" trust manager.
*/
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
pkixTrustManager = (X509TrustManager) tms[i];
return;
}
}
/*
* Find some other way to initialize, or else we have to fail the
* constructor.
*/
throw new Exception("Couldn't initialize");
}
/*
* Delegate to the default trust manager.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
try {
pkixTrustManager.checkClientTrusted(chain, authType);
} catch (CertificateException excep) {
// do any special handling here, or rethrow exception.
}
}
/*
* Delegate to the default trust manager.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
try {
pkixTrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException excep) {
/*
* Possibly pop up a dialog box asking whether to trust the
* cert chain.
*/
}
}
/*
* Merely pass this through.
*/
public X509Certificate[] getAcceptedIssuers() {
return pkixTrustManager.getAcceptedIssuers();
}
}
/**
* Inspired from http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
*
*/
static class MyX509KeyManager implements X509KeyManager {
/*
* The default PKIX X509KeyManager. We'll delegate
* decisions to it, and fall back to the logic in this class if the
* default X509KeyManager doesn't trust it.
*/
X509KeyManager pkixKeyManager;
MyX509KeyManager(String keyStore, char[] password) throws Exception {
this(new File(keyStore), password);
}
MyX509KeyManager(File keyStore, char[] password) throws Exception {
// create a "default" JSSE X509KeyManager.
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyStore), password);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
kmf.init(ks, password);
KeyManager kms[] = kmf.getKeyManagers();
/*
* Iterate over the returned keymanagers, look
* for an instance of X509KeyManager. If found,
* use that as our "default" key manager.
*/
for (int i = 0; i < kms.length; i++) {
if (kms[i] instanceof X509KeyManager) {
pkixKeyManager = (X509KeyManager) kms[i];
return;
}
}
/*
* Find some other way to initialize, or else we have to fail the
* constructor.
*/
throw new Exception("Couldn't initialize");
}
public PrivateKey getPrivateKey(String arg0) {
return pkixKeyManager.getPrivateKey(arg0);
}
public X509Certificate[] getCertificateChain(String arg0) {
return pkixKeyManager.getCertificateChain(arg0);
}
public String[] getClientAliases(String arg0, Principal[] arg1) {
return pkixKeyManager.getClientAliases(arg0, arg1);
}
public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) {
return pkixKeyManager.chooseClientAlias(arg0, arg1, arg2);
}
public String[] getServerAliases(String arg0, Principal[] arg1) {
return pkixKeyManager.getServerAliases(arg0, arg1);
}
public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) {
return pkixKeyManager.chooseServerAlias(arg0, arg1, arg2);
}
}
}
and code to run the client in main class
public static void main(String[] args) {
JerseyClient client = new JerseyClient();
client.setUsernamePassword("testClient", "secret");
Object response = client.get_XML(String.class);
System.out.println(response);
// do whatever with response
client.close();
}

Resources