8 Replies Latest reply: Mar 2, 2011 2:34 PM by Darryl Burke RSS

    cannot validate soap request over https

    824058
      Hi all,

      I am using glassfish v2 and netbeans 6.9. Have implemented my web service on http which is working fine, and now have moved it to https.

      From client machine I am able to request the web service and able to see the request in the server side log files. But my request cannot be validated, throwing following exception:

      [#|2011-02-24T01:36:02.575+1200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=15;_ThreadName=httpSSLWorkerThread-8443-1;_RequestID=e507e78e-9db1-4e99-b1d6-3da8cce6b3f7;|SEC2002: Container-auth: wss: Error validating request
      java.lang.NullPointerException
           at com.sun.xml.ws.api.message.Packet.createServerResponse(Packet.java:686)
           at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:326)
           at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:211)
           at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
           at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
           at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
           at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
           at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
           at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
           at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
           at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
           at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
           at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
           at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
           at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
           at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
           at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
           at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
           at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
           at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
           at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
           at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
           at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
           at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
           at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
           at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
           at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
           at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
           at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:440)
           at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:228)
           at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
           at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
      |#]



      Could any one let me know what could be the issue here.

      Thanks in advance.

      Deepak

      Edited by: deepak on Feb 23, 2011 2:21 PM
        • 1. Re: cannot validate soap request over https
          handat
          Are you using the SSL certificate that was bundled with glassfish? If you are then you need to get a newer v3 certifcate that contains SubjectKeyIdentifier and AuthorityKeyIdentifier extensions.

          Note that keytool that comes with Java7 will automatically generate those extensions but earlier versions won't
          • 2. Re: cannot validate soap request over https
            824058
            Hi,

            I have created new one using keytool. Do I still need to upgrade to java 7.

            Please let me know.

            Thanks
            • 3. Re: cannot validate soap request over https
              handat
              You do not need to upgrade to java7, however, your SSL certificate you created using the old keytool won't have the required SSL v3 extensions. You need to create the certificates using a tool that can.
              • 4. Re: cannot validate soap request over https
                824058
                Thanks. Any tools you recommend.

                All the while we have been using keel tool.

                Pls advice.
                • 5. Re: cannot validate soap request over https
                  824058
                  Hi Guys,

                  Have upgraded to jdk 7 and created certificate, but still getting same error.

                  Getting following exception in the server logs:

                  [#|2011-02-24T21:10:54.622+1200|SEVERE|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=14;_ThreadName=httpSSLWorkerThread-8443-0;_RequestID=ee6d9b1f-e7a5-42dc-8c55-af0f9b37e16b;|SEC2002: Container-auth: wss: Error validating request
                  java.lang.NullPointerException
                       at com.sun.xml.ws.api.message.Packet.createServerResponse(Packet.java:686)
                       at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:326)
                       at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:211)
                       at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168)
                       at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129)
                       at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115)
                       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:595)
                       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:554)
                       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:539)
                       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:436)
                       at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:243)
                       at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:444)
                       at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244)
                       at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135)
                       at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:159)
                       at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
                       at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
                       at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
                       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290)
                       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
                       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
                       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
                       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
                       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
                       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
                       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
                       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
                       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
                       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
                       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
                       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
                       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
                       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
                       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
                       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
                       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
                       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
                       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
                       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
                       at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:440)
                       at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:228)
                       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
                       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
                  |#]

                  On the client side, following exception is thrown:
                  javax.xml.ws.soap.SOAPFaultException: A required header representing a Message Addressing Property is not present

                  Note that when I run the client from same machine it works fine, but when I execute the client from different machine, the above error occurs.

                  Please help

                  Thanks
                  Deepak
                  • 6. Re: cannot validate soap request over https
                    handat
                    Did you add RespectBindingFeature() to WebServiceFeature?

                    Btw, I wrote my own tool to generate, export, import certificates because keytool doesn't do an adequate job for most of it. I recommend the BouncyCastle API for that. It makes it really simple.
                    • 7. Re: cannot validate soap request over https
                      824058
                      Hi,

                      Would you have any idea how to add RespectBindingFeature()

                      Is it using annotations:

                      @RespectBinding(enabled=true)

                      Thanks

                      Edited by: deepak on Feb 24, 2011 8:39 PM
                      • 8. Re: cannot validate soap request over https
                        Darryl Burke
                        Moderator advice: Please don't double post the same question.
                        Moderator action: Removing the other thread. The sole response is quoted below.

                        db
                        YoungWinston wrote:
                        deepak wrote:
                        Hi experts,
                        Need your assistance.
                        Thanks
                        This appears to be a copy of your thread [url http://forums.oracle.com/forums/thread.jspa?threadID=2180477&tstart=0]here, which I suspect is better targeted. Have you tried Googling the last part of your error message (ie, the bit from 'SEC2002' onwards)?
                        Winston