This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
build20060925_1 with AM build6: Execution stock sample with liberty x509 profile and non default key store failed with the following exception in the browser: Caught an exception java.rmi.RemoteException: request handler error: ; nested exception is: javax.xml.rpc.JAXRPCException: com.sun.enterprise.security.jauth.AuthException: Securing Request Failed The following exception is shown in appserver log file in ide output window: [Web-Security] Policy Context ID was: StockClient/StockClient [Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /ClientServlet GET) [Web-Security] hasUserDataPermission isGranted: true [Web-Security] Policy Context ID was: StockClient/StockClient [Web-Security] Codesource with Web URL: file:/StockClient/StockClient [Web-Security] Checking Web Permission with Principals : null [Web-Security] Web Permission = (javax.security.jacc.WebResourcePermission /ClientServlet GET) [Web-Security] hasResource isGranted: false [Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /ClientServlet GET) AMHttpAuthModule.validateRequest: LoginURLhttp://palmtwo:8080/amserver/UI/Login?goto=http://palmtwo:8080/stockclient/ClientServlet AMHttpAuthModule.validateRequest: validSSOToken [Web-Security] Policy Context ID was: StockClient/StockClient [Web-Security] Codesource with Web URL: file:/StockClient/StockClient [Web-Security] Checking Web Permission with Principals : AUTHENTICATED_USERS, AUTHENTICATED_USERS [Web-Security] Web Permission = (javax.security.jacc.WebResourcePermission /ClientServlet GET) [Web-Security] hasResource isGranted: true [Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /ClientServlet GET) [Web-Security] Policy Context ID was: StockClient/StockClient [Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /ClientServlet POST) [Web-Security] hasUserDataPermission isGranted: true [Web-Security] Policy Context ID was: StockClient/StockClient [Web-Security] Codesource with Web URL: file:/StockClient/StockClient [Web-Security] Checking Web Permission with Principals : null [Web-Security] Web Permission = (javax.security.jacc.WebResourcePermission /ClientServlet POST) [Web-Security] hasResource isGranted: false [Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /ClientServlet POST) AMHttpAuthModule.validateRequest: LoginURLhttp://palmtwo:8080/amserver/UI/Login?goto=http://palmtwo:8080/stockclient/ClientServlet AMHttpAuthModule.validateRequest: validSSOToken [Web-Security] Policy Context ID was: StockClient/StockClient [Web-Security] Codesource with Web URL: file:/StockClient/StockClient [Web-Security] Checking Web Permission with Principals : AUTHENTICATED_USERS, AUTHENTICATED_USERS [Web-Security] Web Permission = (javax.security.jacc.WebResourcePermission /ClientServlet POST) [Web-Security] hasResource isGranted: true [Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /ClientServlet POST) AMClientAuthModule.Init WSS: new BAC defaultContext_: com.sun.enterprise.security.jauth.ConfigFile$ConfigClient@102c9f5 superMSD index: -1 onePolicy_: true WSS: getContext returning: com.sun.enterprise.security.jauth.ConfigFile$ConfigClient@102c9f5 Container Auth: ClientAuthContext.secureRequest AMClientAuthModule.secureRequest: SOAPMessage before securing: <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://sun.com/stockquote.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Body><ns0:QuoteRequest><Symbol>SUNW</Symbol></ns0:QuoteRequest></env:Body></env:Envelope> AMClientAuthModule.secureRequest: Failed in Securing the Request. com.sun.identity.wss.security.SecurityException: Securing request failed at com.sun.identity.wss.security.handler.SOAPRequestHandler.getSecureMessageFromLiberty(SOAPRequestHandler.java:737) at com.sun.identity.wss.security.handler.SOAPRequestHandler.secureRequest(SOAPRequestHandler.java:332) at com.sun.identity.agents.jsr196.as9soap.AMClientAuthModule.secureRequest(AMClientAuthModule.java:141) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sun.enterprise.security.jauth.AuthContext.invokePriv(AuthContext.java:128) at com.sun.enterprise.security.jauth.AuthContext$1.run(AuthContext.java:78) at java.security.AccessController.doPrivileged(Native Method) at com.sun.enterprise.security.jauth.AuthContext.invoke(AuthContext.java:75) at com.sun.enterprise.security.jauth.ConfigFile$ConfigClient.secureRequest(ConfigFile.java:609) at com.sun.enterprise.security.wss.WebServiceSecurity.secureRequest(WebServiceSecurity.java:290) at com.sun.enterprise.security.wss.WebServiceSecurity.secureRequest(WebServiceSecurity.java:240) at com.sun.enterprise.webservice.MessageLayerClientHandler.handleRequest(MessageLayerClientHandler.java:128) at com.sun.xml.rpc.client.HandlerChainImpl.handleRequest(HandlerChainImpl.java:103) at com.sun.xml.rpc.client.StreamingSender._callRequestHandlers(StreamingSender.java:786) at com.sun.xml.rpc.client.StreamingSender._preRequestSendingHook(StreamingSender.java:749) at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:108) at com.sun.identity.wss.sample.stockclient.StockQuotePortType_Stub.getStockQuote(StockQuotePortType_Stub.java:67) at com.sun.identity.wss.sample.stockclient.ClientServlet.processPostRequest(ClientServlet.java:71) at com.sun.identity.wss.sample.stockclient.ClientServlet.doPost(ClientServlet.java:156) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:397) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:278) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:179) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:239) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844) at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287) at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212) at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252) at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75) SEC2004: Container-auth: wss: Error securing request com.sun.enterprise.security.jauth.AuthException: Securing Request Failed at com.sun.identity.agents.jsr196.as9soap.AMClientAuthModule.secureRequest(AMClientAuthModule.java:156) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sun.enterprise.security.jauth.AuthContext.invokePriv(AuthContext.java:128) at com.sun.enterprise.security.jauth.AuthContext$1.run(AuthContext.java:78) at java.security.AccessController.doPrivileged(Native Method) at com.sun.enterprise.security.jauth.AuthContext.invoke(AuthContext.java:75) at com.sun.enterprise.security.jauth.ConfigFile$ConfigClient.secureRequest(ConfigFile.java:609) at com.sun.enterprise.security.wss.WebServiceSecurity.secureRequest(WebServiceSecurity.java:290) at com.sun.enterprise.security.wss.WebServiceSecurity.secureRequest(WebServiceSecurity.java:240) at com.sun.enterprise.webservice.MessageLayerClientHandler.handleRequest(MessageLayerClientHandler.java:128) at com.sun.xml.rpc.client.HandlerChainImpl.handleRequest(HandlerChainImpl.java:103) at com.sun.xml.rpc.client.StreamingSender._callRequestHandlers(StreamingSender.java:786) at com.sun.xml.rpc.client.StreamingSender._preRequestSendingHook(StreamingSender.java:749) at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:108) at com.sun.identity.wss.sample.stockclient.StockQuotePortType_Stub.getStockQuote(StockQuotePortType_Stub.java:67) at com.sun.identity.wss.sample.stockclient.ClientServlet.processPostRequest(ClientServlet.java:71) at com.sun.identity.wss.sample.stockclient.ClientServlet.doPost(ClientServlet.java:156) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:397) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:278) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:179) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:239) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844) at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287) at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212) at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252) at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75) Caused by: com.sun.identity.wss.security.SecurityException: Securing request failed at com.sun.identity.wss.security.handler.SOAPRequestHandler.getSecureMessageFromLiberty(SOAPRequestHandler.java:737) at com.sun.identity.wss.security.handler.SOAPRequestHandler.secureRequest(SOAPRequestHandler.java:332) at com.sun.identity.agents.jsr196.as9soap.AMClientAuthModule.secureRequest(AMClientAuthModule.java:141) ... 45 more java.rmi.RemoteException: request handler error: ; nested exception is: javax.xml.rpc.JAXRPCException: com.sun.enterprise.security.jauth.AuthException: Securing Request Failed at com.sun.xml.rpc.client.StreamingSender._callRequestHandlers(StreamingSender.java:788) at com.sun.xml.rpc.client.StreamingSender._preRequestSendingHook(StreamingSender.java:749) at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:108) at com.sun.identity.wss.sample.stockclient.StockQuotePortType_Stub.getStockQuote(StockQuotePortType_Stub.java:67) at com.sun.identity.wss.sample.stockclient.ClientServlet.processPostRequest(ClientServlet.java:71) at com.sun.identity.wss.sample.stockclient.ClientServlet.doPost(ClientServlet.java:156) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:397) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:278) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:179) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:239) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844) at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287) at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212) at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252) at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75) Caused by: javax.xml.rpc.JAXRPCException: com.sun.enterprise.security.jauth.AuthException: Securing Request Failed at com.sun.enterprise.webservice.MessageLayerClientHandler.handleRequest(MessageLayerClientHandler.java:133) at com.sun.xml.rpc.client.HandlerChainImpl.handleRequest(HandlerChainImpl.java:103) at com.sun.xml.rpc.client.StreamingSender._callRequestHandlers(StreamingSender.java:786) ... 31 more
The liberty profile to be executed with non default keystore requires some manual setup than just changing the provider config through the security panels. Please make sure all steps are performed. Please let me know if you performed any manual updates to the AMConfig.properties.
Tried with build20060927 After manually changed the following properties to custom keystore alias in AMConfig.properties, it worked. 1. com.sun.identity.liberty.wsc.certalias 2. com.sun.identity.liberty.ws.trustedca:certalias
We need to document the manual steps in online docs. Assigning this to docs and requesting that this be fixed for 55 as it is a usability issue.
Suggested topic text sent to reviewers before integration.
Fixes integrated into release55 (after discussion with Vidhya). May need to do another integration if QE/Eng finds any issues.
*** Issue 87363 has been marked as a duplicate of this issue. ***
Peter provided this dditional info as part of QA review (for Hong): The missing info is as follow: 1. The online help fails to mention that the user needs to cut and paste the listed certificate value starting with "---BEGIN CERTIFICATE----" and ending with "----END CERTIFICATE----" into the file. Without this step, the save certificate has the wrong format. Note that there is a better way to do this. Instead of using the -list command, we can use the -export command. For example, keytool -export -keystore keystore.jks -alias amserver -rfc -file server.cer This will automatically save the certificate in the server.cer file with the correct format. I suggest that this is what we tell the user to do instead of doing cut and paste. 2. The online help fails to mention what the password for the ksystore under the amflatfiledir is which is "secret". Without this password, importing the client.cer into the keystore will fail with a NPE.
The additional steps from Peter looks good to me. I have tested the steps EXCEPT the export command. Peter and Malla have confirmed.
Modified topic approved by QE and Engineering and integrated into release55_Dev branch.
Integrated into release55 branch.
verified.