3 Replies Latest reply: May 20, 2009 11:49 PM by tbeets RSS

    Cannot view or edit OWSM policy on composite reference after HTTPS enabled

    tbeets
      On original install of SOA Suite, I had only enabled the HTTP listener for soa_server1 (i.e. 8001). While testing some specific service policy, I enabled the SSL listener on 8002. Subsequently, I was unable to view or edit policy details on composite references. For example, for client username token policy, I previously could see the csf.key property and set the value. After, enabling SSL on the server, clicking on the policy in EM does nothing and I have the following error in the logs.

      After disabling the SSL listener (port 8002) on soa_server1, the problem went away immediately...

      From the exception trace it looks like WLS doesn't like the default SSL certificates that the installer created, and SSL must be used as the default (i.e. when available) by EM looking up policy details.

      Shouldn't the SSL certs as installed work? How do I fix?

      -Todd

      {noformat}
      2009-05-10 20:52:28,836 [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR wsmmt.model logp.251 - Service lookup failed with URL:t3://eavlab56.qualcomm.com:7001/wsm-pm
      {noformat}
      oracle.wsm.policymanager.PolicyManagerException: WSM-02120 : Unable to connect to the policy access service.
      at oracle.wsm.policymanager.PolicyManagerFactory.getInitialContext(PolicyManagerFactory.java:669)
      at oracle.wsm.policymanager.PolicyManagerFactory.lookupJndiObj(PolicyManagerFactory.java:1013)
      at oracle.wsm.policymanager.PolicyManagerFactory.createQueryService(PolicyManagerFactory.java:343)
      at oracle.sysman.emas.sdk.wsm.WsmHelper.getServiceHandle(WsmHelper.java:213)
      at oracle.sysman.emas.sdk.wsm.WsmHelper.getWsmQueryService(WsmHelper.java:116)
      at oracle.sysman.emas.model.wsmmt.model.PortInfoModel.getQueryService(PortInfoModel.java:138)
      at oracle.sysman.emas.model.wsmmt.model.PortInfoModel.getIPolicyByName(PortInfoModel.java:158)
      at oracle.sysman.emas.view.wsmmt.PortInfoView.policySelectionListener(PortInfoView.java:358)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at com.sun.el.parser.AstValue.invoke(AstValue.java:157)
      at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1282)
      at org.apache.myfaces.trinidad.component.UIXTable.broadcast(UIXTable.java:268)
      at oracle.adf.view.rich.component.UIXTable.broadcast(UIXTable.java:140)
      at oracle.adf.view.rich.component.rich.data.RichTable.broadcast(RichTable.java:364)
      at org.apache.myfaces.trinidad.component.UIXCollection.broadcast(UIXCollection.java:147)
      at org.apache.myfaces.trinidad.component.UIXTable.broadcast(UIXTable.java:271)
      at oracle.adf.view.rich.component.UIXTable.broadcast(UIXTable.java:140)
      at oracle.adf.view.rich.component.rich.data.RichTable.broadcast(RichTable.java:364)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91)
      at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91)
      at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:787)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:280)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
      at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
      at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
      at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
      at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
      at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
      at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:189)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:224)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:139)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
      at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
      at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
      at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
      *Caused by: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://10.47.128.181:8002: Destination unreachable; nested exception is:*
              *javax.net.ssl.SSLKeyException: {noformat}[Security:090504]{noformat}Certificate chain received from eavlab56.qualcomm.com - 10.47.128.181 failed hostname verification check. Certificate contained eavlab56 but check expected eavlab56.qualcomm.com; No available router to destination{noformat}]{noformat}*
      at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
      at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:783)
      at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:365)
      at weblogic.jndi.Environment.getContext(Environment.java:315)
      at weblogic.jndi.Environment.getContext(Environment.java:285)
      at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
      at javax.naming.InitialContext.init(InitialContext.java:223)
      at javax.naming.InitialContext.<init>(InitialContext.java:197)
      at oracle.wsm.policymanager.PolicyManagerFactory.getInitialContext(PolicyManagerFactory.java:667)
      ... 78 more
      Caused by: java.net.ConnectException: t3s://10.47.128.181:8002: Destination unreachable; nested exception is:
      javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from eavlab56.qualcomm.com - 10.47.128.181 failed hostname verification check. Certificate contained eavlab56 but check expected eavlab56.qualcomm.com; No available router to destination
      at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)
      at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
      at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
      at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:344)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
      at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:339)
      ... 86 more
      Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
      javax.net.ssl.SSLKeyException: [Security:090504]Certificate chain received from eavlab56.qualcomm.com - 10.47.128.181 failed hostname verification check. Certificate contained eavlab56 but check expected eavlab56.qualcomm.com; No available router to destination
      at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:464) at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315) at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:251)
      at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:194)
      at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
      at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
      ... 92 more
      *2009-05-10 20:52:28,839 {noformat} [[ACTIVE]{noformat} ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)' {noformat}]{noformat} ERROR wsmmt.model logp.251 - Policy is not found.*
      java.lang.NullPointerException
      at oracle.sysman.emas.model.wsmmt.model.PortInfoModel.getIPolicyByName(PortInfoModel.java:158)
      at oracle.sysman.emas.view.wsmmt.PortInfoView.policySelectionListener(PortInfoView.java:358)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at com.sun.el.parser.AstValue.invoke(AstValue.java:157)
      at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodExpression(UIXComponentBase.java:1282)
      at org.apache.myfaces.trinidad.component.UIXTable.broadcast(UIXTable.java:268)
      at oracle.adf.view.rich.component.UIXTable.broadcast(UIXTable.java:142)
      at oracle.adf.view.rich.component.rich.data.RichTable.broadcast(RichTable.java:364)
      at org.apache.myfaces.trinidad.component.UIXCollection.broadcast(UIXCollection.java:147)
      at org.apache.myfaces.trinidad.component.UIXTable.broadcast(UIXTable.java:272)
      at oracle.adf.view.rich.component.UIXTable.broadcast(UIXTable.java:142)
      at oracle.adf.view.rich.component.rich.data.RichTable.broadcast(RichTable.java:364)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:88)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91)
      at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:88)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298)
      at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91)
      at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:787)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:280)
      at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
      at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
      at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
      at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
      at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:421)
      at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:421)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
      at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
      at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:102)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:189)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:225)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:160)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:183)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:139)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:527)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
      at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
      at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
      at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
      at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
      at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
      at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
      at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
      at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
        • 1. Re: Cannot view or edit OWSM policy on composite reference after HTTPS enabled
          554555
          Engg is looking into it. Will update the thread when we have more information from them.

          Thanks,
          Vikas
          • 2. Re: Cannot view or edit OWSM policy on composite reference after HTTPS enab
            702610
            Looks like the reason that this is failing is because the hostname verification inside of WLS. Hostname verification tries to ensure that the hostname that you are talking to over SSL is truly who they say they are. You could try a couple of things:

            1 - Change the hostname verification method in the server. This can be found under Server->SSL->Advanced from inside the WLS console. You can basically disable the check by changing the value from BEA Hostname Verification to None. Not a best practice for production, but could get you moving forward.
            2 - Change your hostname mappings. The reason that its failing is that it is resolving the IP Address to the fully qualified name eavlab56.qualcomm.com, but the certificate only has the hostname eavlab56. I suspect that if you change so that the first hostname for the IP address is eavlab56, then the hostname will resolve properly.
            • 3. Re: Cannot view or edit OWSM policy on composite reference after HTTPS enab
              tbeets
              Thanks Josh. Yep. Mostly I was hinting that the OFM installer routine that makes the decision of what hostname string to encode in the default server certificate that is created should be looked at. Logically, probably it should do the same lookup at install time that WLS will do by default at runtime. -OR- have some install pre-requisite documentation that requires /etc/hosts to be provisioned in a certain way. I've seen this before in Oracle middleware product pre-reqs.

              -Todd