3

I have a glassfish server and I want to connect to EJB from standalone swing client over SSL. Without SSL everything works fine.

When I try to create InitialContext in client with this env:

hashtable.put("java.naming.factory.initial", "com.sun.enterprise.naming.impl.SerialInitContextFactory");
hashtable.put("java.naming.factory.url.pkgs", "com.sun.enterprise.naming");
hashtable.put("java.naming.factory.state", "com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
hashtable.put("org.omg.CORBA.ORBInitialHost", serverIp);
hashtable.put("org.omg.CORBA.ORBInitialPort", 3820);

Besides I use the following JVM parameters:

-Djavax.net.ssl.trustStorePassword=changeit \
-Djavax.net.ssl.trustStore=./myTrustStore\
-Dcom.sun.CSIV2.ssl.standalone.client.required=true\
-Dorg.omg.CORBA.ORBInitialPort=3820 \

I get the following on cient side:

javax.naming.CommunicationException: Communication exception for SerialContext[myEnv={org.omg.CORBA.ORBInitialPort=3700, java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory, org.omg.CORBA.ORBInitialHost=10.0.17.2, java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl, java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root exception is java.rmi.MarshalException: CORBA COMM_FAILURE 1330446337 No; nested exception is: 
    org.omg.CORBA.COMM_FAILURE: FINE: 00410001: Connection failure: socketType: SSL; hostname: 127.0.0.1; port: 3820  vmcid: OMG  minor code: 1  completed: No]
....
Caused by: java.rmi.MarshalException: CORBA COMM_FAILURE 1330446337 No; nested exception is: 
    org.omg.CORBA.COMM_FAILURE: FINE: 00410001: Connection failure: socketType: SSL; hostname: 127.0.0.1; port: 3820  vmcid: OMG  minor code: 1  completed: No
...
Caused by: org.omg.CORBA.COMM_FAILURE: FINE: 00410001: Connection failure: socketType: SSL; hostname: 127.0.0.1; port: 3820  vmcid: OMG  minor code: 1  completed: No
    at com.sun.proxy.$Proxy17.connectFailure(Unknown Source)
...
Caused by: java.lang.RuntimeException: java.io.IOException: Error opening SSL socket to host=home.home port=3820
...
Caused by: java.io.IOException: Error opening SSL socket to host=home.home port=3820
...
Caused by: java.net.ConnectException: Connection refused

home.home is my workstation. Full log is here.

Please, explain why it tries to open connection to localhost instead of serverIp.

EDIT: This is my sun-ejb-jar.xml (server side)

<sun-ejb-jar>
    <enterprise-beans>
        <ejb>
            <ejb-name>OrganizationDirBean</ejb-name>
            <ior-security-config>
                <transport-config>
                    <integrity>required</integrity>
                    <confidentiality>required</confidentiality>
                    <establish-trust-in-target>supported</establish-trust-in-target>
                    <establish-trust-in-client>supported</establish-trust-in-client>
                </transport-config>
                <sas-context>
                    <caller-propagation>supported</caller-propagation>
                </sas-context>
            </ior-security-config>
        </ejb>
    </enterprise-beans>
</sun-ejb-jar>

EDIT 2
I use the following code for creating initial context (env is above). I use OSGI on client side (on server side EJB application bundle, EAB), that's why I need to work here with classloaders:

   ClassLoader thatLoader = Thread.currentThread().getContextClassLoader();
    Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
    try {
        InitialContext ctx = new InitialContext(hashtable);
        Directory directory = (Directory) ctx.lookup("ejb/OrganizationDirBean");
        action=directory.read(action);
    } catch (Exception e) {
        e.printStackTrace();
    }finally {
        Thread.currentThread().setContextClassLoader(thatLoader);
    }

EDIT 3
I have build glassfish from sources myself (GF 4.0.1). What I have now. When client and server are on the same host everything seems to work. Client get EJB and EJB writes info to log. Yes. I checked one more time. All packets go through interface lo. On server side port 3820. Everything is ok.

But when they at different hosts now I get no exception. Tcpdump shows that appreciatively every minute we have following, and this continues endlessly (I left for night all the same):

    10.0.18.5.55618 > 10.0.17.2.3820: Flags [.], cksum 0xa8e4 (correct), seq 76855, ack 136375, win 499, options [nop,nop,TS val 669632607 ecr 224087792], length 0
08:44:46.148416 IP (tos 0x0, ttl 64, id 38301, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.18.5.55618 > 10.0.17.2.3820: Flags [.], cksum 0xa7c1 (correct), seq 76855, ack 136668, win 497, options [nop,nop,TS val 669632607 ecr 224087792], length 0
08:45:48.965565 IP (tos 0x0, ttl 64, id 38302, offset 0, flags [DF], proto TCP (6), length 238)
    10.0.18.5.55618 > 10.0.17.2.3820: Flags [P.], cksum 0xdf9c (correct), seq 76855:77041, ack 136668, win 499, options [nop,nop,TS val 669695423 ecr 224087792], length 186
08:45:48.966448 IP (tos 0x0, ttl 64, id 3268, offset 0, flags [DF], proto TCP (6), length 89)
    10.0.17.2.3820 > 10.0.18.5.55618: Flags [P.], cksum 0x3752 (incorrect -> 0xe28f), seq 136668:136705, ack 77041, win 501, options [nop,nop,TS val 224150610 ecr 669695423], length 37
08:45:48.966520 IP (tos 0x0, ttl 64, id 3269, offset 0, flags [DF], proto TCP (6), length 345)
    10.0.17.2.3820 > 10.0.18.5.55618: Flags [P.], cksum 0x3852 (incorrect -> 0xbd0f), seq 136705:136998, ack 77041, win 501, options [nop,nop,TS val 224150610 ecr 669695423], length 293
08:45:48.966702 IP (tos 0x0, ttl 64, id 38303, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.18.5.55618 > 10.0.17.2.3820: Flags [.], cksum 0xbc1b (correct), seq 77041, ack 136705, win 499, options [nop,nop,TS val 669695424 ecr 224150610], length 0
08:45:48.966962 IP (tos 0x0, ttl 64, id 38304, offset 0, flags [DF], proto TCP (6), length 52)
    10.0.18.5.55618 > 10.0.17.2.3820: Flags [.], cksum 0xbaf8 (correct), seq 77041, ack 136998, win 497, options [nop,nop,TS val 669695424 ecr 224150610], length 0

Where 10.0.17.2 my GF server. And this is the end of the log from server:

[2014-06-04T09:17:18.369+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=143 _ThreadName=Thread-8] [timeMillis: 1401859038369] [levelValue: 800] [[
  p: thread-pool-1; w: 2, WRITE: TLSv1 Application Data, length = 32]]
[2014-06-04T09:17:18.369+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=143 _ThreadName=Thread-8] [timeMillis: 1401859038369] [levelValue: 800] [[
  p: thread-pool-1; w: 2, WRITE: TLSv1 Application Data, length = 288]]
[2014-06-04T09:18:21.220+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=142 _ThreadName=Thread-8] [timeMillis: 1401859101220] [levelValue: 800] [[
  p: thread-pool-1; w: 1, READ: TLSv1 Application Data, length = 32]]
[2014-06-04T09:18:21.220+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=142 _ThreadName=Thread-8] [timeMillis: 1401859101220] [levelValue: 800] [[
  p: thread-pool-1; w: 1, READ: TLSv1 Application Data, length = 144]]
[2014-06-04T09:18:21.222+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=142 _ThreadName=Thread-8] [timeMillis: 1401859101222] [levelValue: 800] [[
  p: thread-pool-1; w: 1, WRITE: TLSv1 Application Data, length = 32]]
[2014-06-04T09:18:21.222+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=142 _ThreadName=Thread-8] [timeMillis: 1401859101222] [levelValue: 800] [[
  p: thread-pool-1; w: 1, WRITE: TLSv1 Application Data, length = 288]]

I mean WRITE, READ, WRITE, READ etc. As I understand if it works when on the same host it means that client at some point connects to 127.0.0.1 3820. So, it's necessary in settings to change this to real sever ip.

  • see this http://stackoverflow.com/questions/18526745/calling-a-remote-ejb-on-a-different-glassfish-4-0-instance – TheMP May 28 '14 at 17:40
  • @Niemand I've read that question. But there it tries to connect to right IP. Here I don't know why client tries to connect to its localhost instead of server. –  May 28 '14 at 17:44
  • 2
    what is in your serverIp variable? Why hashtable and not just Properties class? – TheMP May 28 '14 at 17:46
  • 1
    As I used to test long time ago, I set the `ORBInitialPort` to the default IIOP port e.g. `3700` and during calling the EJB it will be redirect to SSL port. – Charlee Chitsuk Jun 04 '14 at 08:21
  • @Charlee Chitsuk When I set port 3700 I get on client: connection failed plain text? And here the problem is not with port but with ip as it seems to me. –  Jun 04 '14 at 08:57
  • 2
    @Charlee Chitsuk I mean the with 3700 port I get on client javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection. Why doesn't GF redirect it to 3820? –  Jun 04 '14 at 09:05

1 Answers1

0

I solved this problem by myself. On linux machines it's necessary to set server IP in /etc/hosts file. Because glassfish uses function

InetAddress.getLocalHost()

to get server IP. I didn't set server IP in this file. That's why during ssl negotiation when a new connection was established the glassfish tried to open this connection to 127.0.0.1 instead of the real server IP.