1

I have been stuck with this issue longer than i want to admit. I am trying to use postgres db connection for my small spring mvc project over liberty. My server.xml looks like below.

<server description="new server">

    <!-- Enable features -->
    <featureManager>
        <feature>jdbc-4.2</feature>
        <feature>jsp-2.3</feature>
        <feature>localConnector-1.0</feature>
        <feature>servlet-4.0</feature>
        <feature>ldapRegistry-3.0</feature>
        <feature>appSecurity-3.0</feature>
        <feature>transportSecurity-1.0</feature>
    </featureManager>

    <ssl id="defaultSSLSettings" keyStoreRef="defaultKeyStore" trustDefaultCerts="true" />

    <keyStore id="defaultKeyStore"
        location="/opt/ibm/wlp/usr/servers/defaultServer/resources/security/key.jks"
        password="changeIt"/>

    <dataSource id="DefaultDataSource" jndiName="jdbc/postgres"
        transactional='true' type='javax.sql.ConnectionPoolDataSource'>
        <jdbcDriver libraryRef="PostgresLib" />
        <properties databaseName="clouddb"
            password=""
            serverName="ea957de9-2271-4d6c-999e-f2c250575850.budepemd0im5pmu4u60g.databases..cloud"
            user="admin" portNumber="30352" />
    </dataSource>

    <library id="PostgresLib">
        <fileset
            dir="C:/Users/AkanchaSingh/Desktop/iit-test-app/test-app"
            includes="postgresql-42.2.5.jre6.jar" />
    </library>

    <httpEndpoint host="*" httpPort="9080" httpsPort="9443"
        id="defaultHttpEndpoint">
        <tcpOptions soReuseAddr="true" />
        <httpOptions maxKeepAliveRequests="-1" />
    </httpEndpoint>

    <applicationManager autoExpand="true"
        startTimeout="600" stopTimeout="600"></applicationManager>

    <applicationMonitor updateTrigger="mbean" />

    <webApplication autoStart="true" contextRoot="test"
        id="test" location="/opt/ibm/wlp/usr/servers/defaultServer/test.war"
        name="test">
    </webApplication>


</server>

I have tried connecting to postgres by all methods eg: datasource and also connection manager

Properties info = new Properties();
            String url = "jdbc:postgresql://ea957de9-2271-4d6c-999e-f2c250575850.budepemd0im5pmu4u60g.databases.appdomain.cloud:30352/clouddb";
            info.setProperty("user", "");
            info.setProperty("password", "");
            info.setProperty("ssl", "true");
            info.setProperty("sslfactory", "org.postgresql.ssl.SingleCertValidatingFactory");
            info.setProperty("sslfactoryarg", loadFile("/opt/ibm/wlp/usr/servers/defaultServer/resources/security/PGSSLROOTCERT.crt"));

Even after providing the root.crt from the postgres db connection page I keep getting

[err] org.postgresql.util.PSQLException: SSL error: Received fatal alert: handshake_failure [err] at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:42) [err] at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:435) [err] at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94) [err] at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192) [err] at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) [err] at org.postgresql.jdbc.PgConnection.(PgConnection.java:195)

I also have tried to pass the certificate in my keystore and truststore.. Nothing seems to work in this case.. I can connect successfully to the postgres db locally via IDE and also through psql but as soon as i dockerize it and run, it throws this exception.

DockerFile:

FROM websphere-liberty:19.0.0.12-full-java8-ibmjava
ENTRYPOINT ["/opt/ibm/wlp/bin/server","run","defaultServer"]
USER root
EXPOSE 9080
COPY --chown=1001:0 server.xml /opt/ibm/wlp/usr/servers/defaultServer/
RUN mkdir -p /root/.postgresql
COPY --chown=1001:0 root.crt /root/.postgresql/
COPY --chown=1001:0 key.jks /opt/ibm/wlp/usr/servers/defaultServer/resources/security/
RUN chmod -R 777 /opt/ibm/wlp/usr/servers/defaultServer/resources/security
COPY --chown=1001:0 target/test.war /opt/ibm/wlp/usr/servers/defaultServer/
RUN installUtility install --acceptLicense defaultServer
RUN chmod -R 777 /opt/ibm/wlp/output/defaultServer/workarea
RUN chmod a+rwx /opt/ibm/wlp/output/defaultServer
Akancha Singh
  • 83
  • 1
  • 13
  • Also answering this question here: https://github.com/OpenLiberty/open-liberty/issues/17204 – KyleAure May 18 '21 at 14:11
  • Thank you so much for pointing out the sslfactory option. I tried that along with some TLS version mismatch corrections and it works fine now! Had to also add the below for it to work. System.setProperty("com.ibm.jsse2.overrideDefaultTLS", "true"); – Akancha Singh May 19 '21 at 06:12
  • could you please provide your final server.xml? i am currently facing a similar issue .. – sofarsoghood Jun 01 '21 at 11:37
  • I didnt make any change in server.xml. I added the ssl factory option in DB connection url – Akancha Singh Jun 05 '21 at 18:07

1 Answers1

0

OpenLiberty has an automated test bucket that runs with PostgreSQL in a docker container, where 2 of the Liberty servers use SSL successfully. Here is one of them:

https://github.com/OpenLiberty/open-liberty/blob/integration/dev/com.ibm.ws.jdbc_fat_postgresql/publish/servers/server-PostgreSQLSSLTest/server.xml

Try using the <properties.postgresql> element under your <dataSource> instead of the generic <properties>. The former has additional properties for ssl on it, as illustrated in the server.xml of the test case.

njr
  • 3,399
  • 9
  • 7