How to ignore SSL certificate in springframe.sock - spring

In my server-demo of springweb,I need a websocket client to connect my server by sockJs.
But it's err now:
SEVERE: TransportRequest[url=wss://localhost:8443/websocket/sj/endpoint-websocket/547/fbc08eaee4fd44dd9aadeb3fa5398e03/websocket] failed. Falling back on next transport.
javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection failed
at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:372)
at org.springframework.web.socket.client.standard.StandardWebSocketClient$1.call(StandardWebSocketClient.java:152)
at org.springframework.web.socket.client.standard.StandardWebSocketClient$1.call(StandardWebSocketClient.java:149)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.java:511)
at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:309)
... 5 more
and:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1325)
... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 13 more
I had study java just one year, and I don't know how to do.
And this is my code :
connect(String url){
// Init
List<Transport> transports = new ArrayList<>(2);
transports.add(new WebSocketTransport(new StandardWebSocketClient()));
transports.add(new RestTemplateXhrTransport());
SockJsClient sockJsClient = new SockJsClient(transports);
WebSocketStompClient stompClient = new WebSocketStompClient(sockJsClient);
stompClient.setMessageConverter(new MappingJackson2MessageConverter());
StompSessionHandler sessionHandler = new StompSessionHandlerImpl();
// Connect
StompSession stompSession = stompClient.connect(url, sessionHandler).get();
}
I want to know:can I use sockJs and ignore certificate in springframe?And how?Thanks.
my springmvc version:4.3.2

Related

How to set a timeout on a POST request using Spring RestTemplate?

I want to set a timeout on the process of sending a POST request via Spring RestTemplate. For example, if request is not finished within X sec for whatever reasons, I want it to throw an exception and stop execution/release resources, if possible.
Initially, I tried to use a HttpComponentsClientHttpRequestFactory, but didn't succeed and degraded to SimpleClientHttpRequestFactory. Now I just want to make it work with SimpleClientHttpRequestFactory in all cases and then try a more complex solution.
I have the following configuration:
#Bean
public RestTemplate restTemplate() {
SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
requestFactory.setConnectTimeout(3_000);
requestFactory.setReadTimeout(30_000);
return new RestTemplate(requestFactory);
}
The I use it as follows:
HttpHeaders headers = new HttpHeaders();
headers.set("Content-Type", "text/xml;charset=UTF-8");
HttpEntity<String> requestEntity = new HttpEntity<>(xmlMsgAsString, headers);
ResponseEntity<String> response = restTemplate.postForEntity(url, requestEntity, String.class);
I have one destination server, which is currently unreachable, and I have a bunch of XML messages that I need to POST to this server. With the code as above, for majority of messages it works as expected, it throws the following exception after 30 sec:
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://X:Y/Z": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:744)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:670)
at org.springframework.web.client.RestTemplate.postForEntity(RestTemplate.java:445)
...
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:171)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:735)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1593)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at org.springframework.http.client.SimpleClientHttpResponse.getRawStatusCode(SimpleClientHttpResponse.java:55)
at org.springframework.web.client.DefaultResponseErrorHandler.hasError(DefaultResponseErrorHandler.java:55)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:766)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:736)
... 18 common frames omitted
However, for one particular message it's stuck for ~955 secs and then throws the following exception:
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://X:Y/Z": Unexpected end of file from server; nested exception is java.net.SocketException: Unexpected end of file from server
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:744)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:670)
at org.springframework.web.client.RestTemplate.postForEntity(RestTemplate.java:445)
...
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Unexpected end of file from server
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:851)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:678)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1593)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at org.springframework.http.client.SimpleClientHttpResponse.getRawStatusCode(SimpleClientHttpResponse.java:55)
at org.springframework.web.client.DefaultResponseErrorHandler.hasError(DefaultResponseErrorHandler.java:55)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:766)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:736)
... 26 common frames omitted
The previous successfully thrown after 30 sec messages and the last one are similar XML messages and destination is the same. The only difference I thought of was the size of messages, the last one is ~204KB, while all previous ones are much smaller. Why the last exception occurs and how to set time restriction on this case?
Spring Boot 2.1.10 running on Jetty

Connection Timed out issue while consuming REST API service

I have developed a microservice using Reactive WebFlux of Spring 5. In this, using webClient, I'm trying to consume another REST API service. Everything works fine when I'm using my personal home network however I always get connection timed out error whenever I try to consume this same REST service using my microservice while working in my office.
I suspect it has something to do with the firewall or proxy in my office network. I have already disabled the windows firewall in my machine but still not working. Any advise on this issue.
Following is the code snippet:
#RestController
public class MyRestController {
private final WebClient webClient;
public TweetController(WebClient.Builder webClientBuilder) {
this.webClient = webClientBuilder.baseUrl("https://mockapi.demo.com").build();
}
#GetMapping("/get-customers")
public Mono<String> someRestCall(String name) {
System.out.println("****************** /get-customers *******************");
return this.webClient
.get()
.uri("/catalogs")
.retrieve()
.bodyToMono(String.class);
}
Error:
ERROR 17996 --- [ctor-http-nio-3] .a.w.r.e.DefaultErrorWebExceptionHandler : Failed to handle request
[GET http://localhost:8080/get-customers]
io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection
timed out: no further information: test.usdemo.xyz.com/92.54.41.24:443
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
~[na:1.8.0_171] at
sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
~[na:1.8.0_171] at
io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:325)
~[netty-transport-4.1.24.Final.jar:4.1.24.Final] at
io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:340)
~[netty-transport-4.1.24.Final.jar:4.1.24.Final] at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:633)
~[netty-transport-4.1.24.Final.jar:4.1.24.Final] at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
~[netty-transport-4.1.24.Final.jar:4.1.24.Final] at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
~[netty-transport-4.1.24.Final.jar:4.1.24.Final] at
io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
~[netty-transport-4.1.24.Final.jar:4.1.24.Final] at
io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
~[netty-common-4.1.24.Final.jar:4.1.24.Final] at
java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_171] Caused by:
java.net.ConnectException: Connection timed out: no further
information ... 10 common frames omitted

How to make Jersey ignore ssl certificate error?

Error Trace :
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target##
at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:287)
at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:252)
at org.glassfish.jersey.client.JerseyInvocation$2.call(JerseyInvocation.java:701)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:228)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:697)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:420)
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:316)
at com.xxx.rest.RestClient.execRequest(RestClient.java:49)
at com.xxx.RestClientTest.test(RestClientTest.java:24)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:394)
at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:285)
... 36 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 51 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 57 more
Like all other client like apache httpclient, by default, Jersey checks SSL certificate, which is correct way. But in some cases, like development phase, highly probability is that we don't have CA trusted SSL certificate. So question is, how can we make Jersey ignore SSL certificate error?
Please note that trusting all certificates is extremely risky. Be careful when doing it.
The following piece of code is not much different from the one shown in yukuan's answer. However, the following solution uses only the JAX-RS Client API. In theory, it should work with other JAX-RS implementations too:
TrustManager[] trustManager = new X509TrustManager[] { new X509TrustManager() {
#Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
#Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
#Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManager, null);
Client client = ClientBuilder.newBuilder().sslContext(sslContext).build();
Note 1: At the time of writing, the standard solution described above won't work with RESTEasy. RESTEasy delegates HTTP calls to HttpClient from the Apache HttpComponents project. To trust all certificates with RESTEasy, the HttpClient must be customized. For more details, have a look at this answer.
Note 2: You may find https://badssl.com a useful resource to test clients against bad SSL configs.
package com.xxxxxxx.rest;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import org.glassfish.jersey.client.JerseyClientBuilder;
public class RestClient {
private Client client;
public RestClient(Properties properties) {
super();
ClientBuilder clientBuilder = new JerseyClientBuilder();
SSLContext sslContext = null;
TrustManager[] trustAllCerts = new X509TrustManager[] { new X509TrustManager() {
#Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
#Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
#Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
try {
sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, null);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
}
clientBuilder.sslContext(sslContext);
client = clientBuilder.build();
}
public <T> T execRequest(String uri, Class<T> type) {
return client.target(uri).request().get(type);
}
}
Rather than attempting to ignore the error it is much preferable to avoid it in the first place. Adding code as a workaround is risky because anecdotal experiences suggest the code will eventually end up in production.
For development purposes you should create a suitable trust store such that your development certificate is trusted. The accepted answer for this related question documents how to create such a trust store for such a scenario. If you have the server certificate to hand, which you almost certainly will, you can avoid the browser step and script everything.
Ideally this gets baked into to a process that fails noisily if the certificate cannot be found (such that you don't accidentally deploy a development certificate configuration to a production machine).

How to configure SSL in Spring LDAP?

I am new to spring ldap and facing issue while connecting to LDAP over SSL.
I am using Spring LDAP 2.0 to connect LDAP.
applicationContext.xml
<context:property-placeholder location="classpath:ldap.properties" ignore- unresolvable="true"/>
<ldap:context-source id="contextSource" password="${ldap.password}"
url="${ldap.url}" username="${ldap.userDn}" base="${ldap.base}" >
</ldap:context-source>
<ldap:ldap-template id="ldapTemplate" context-source-ref="contextSource" />
Entries from Ldap property file:
ldap.url=ldaps://eun4p3.stp-dev.st.com:636
ldap.userDn=CN=IP User,OU=AdminAccounts,DC=stp-dev,DC=st,DC=com
ldap.password=useme#123
ldap.base=OU=ST,OU=People,DC=stp-dev,DC=st,DC=com
ldap.clean=false
I have imported self signed certificate provided into cacerts file using :
keytool -keystore cacerts -importcert -alias addevcer -file C:\Users\kadianr\Desktop\eun4p3.cer
Below is the error I am getting while making call to ldaps://url:636
Caused by: org.springframework.ldap.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636; nested exception is javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1836) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1857) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.findOne(LdapTemplate.java:1865) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at com.st.liotroevo.web.dao.UserADRepository.findBySamAccountName(UserADRepository.java:48) [classes:]
at com.st.liotroevo.web.service.UserService.findUserBySamAccName(UserService.java:75) [classes:]
at com.st.liotroevo.web.service.UserService.generateSamAccount(UserService.java:145) [classes:]
at com.st.liotroevo.web.service.UserService.populateUserBaiscADAttributes(UserService.java:101) [classes:]
at com.st.liotroevo.web.service.serviceImpl.IPRegistrationServiceImpl.createUser(IPRegistrationServiceImpl.java:48) [classes:]
... 39 more
Caused by: javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_21]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_21]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_21]
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
... 55 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882) [jsse.jar:1.7.0_21]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) [jsse.jar:1.7.0_21]
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read(BufferedInputStream.java:334) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.Connection.run(Connection.java:849) [rt.jar:1.7.0_21]
... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [rt.jar:1.7.0_21]
at sun.security.validator.Validator.validate(Validator.java:260) [rt.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) [jsse.jar:1.7.0_21]
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) [rt.jar:1.7.0_21]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [rt.jar:1.7.0_21]
I have been through documentation at http://docs.spring.io/autorepo/docs/spring-ldap/2.0.3.CI-SNAPSHOT/reference/#configuration
I have resolved problem. Issue is with certificate installed in jdk. We tried installing different certificate signed by CA and that works.
We just need to use ldaps with port 636 and install certificate in cacerts..thats it.
If your company has an intranet site with its certificates you can actually just create a truststore at your application startup like this:
final String KS_PASSWORD = "dummy";
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, KS_PASSWORD.toCharArray());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
try (InputStream cert = new URL("http://pki.yourcompany.intranet/root.pem").openStream()) {
Certificate certificate = cf.generateCertificate(cert);
ks.setCertificateEntry(certificateName, certificate);
}
File keystore = new File("truststore.jks").getAbsoluteFile();
try (FileOutputStream fos = new FileOutputStream(keystore)) {
ks.store(fos, KS_PASSWORD.toCharArray());
}
System.setProperty("javax.net.ssl.trustStore", keystore.getAbsolutePath());
System.setProperty("javax.net.ssl.trustStorePassword", KS_PASSWORD);
Remember to set javax.* properties before Spring instantiates LDAP beans. Instead of going through the network you can also store certificates on the classpath (in your jar) and inject them using Spring's Resource.

Spring WebSockets exception when using Spring 4.0.3.RELEASE

I have the following web socket configuration
#Configuration
#EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
private static final long heartbeatTime = 60000L; // 1 minute
#Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint(Constants.BASE_NOTI).withSockJS().setInterceptors(new HttpSessionHandshakeInterceptor()).setHeartbeatTime(heartbeatTime).setSessionCookieNeeded(true);
}
#Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
.....
}
#Override
public void configureClientOutboundChannel(ChannelRegistration registration) {
registration.taskExecutor().corePoolSize(2).maxPoolSize(3);
}
#Override
public void configureWebSocketTransport(WebSocketTransportRegistration registration) {
registration.setMessageSizeLimit(128 * 1024).setSendTimeLimit(15 * 1000).setSendBufferSizeLimit(512 * 1024);
}
}
The exception which i see from time to time is
ERROR] org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator - Transport error for SockJS session id=le1yrwx7
java.io.IOException: java.util.concurrent.ExecutionException: java.net.SocketException: Software caused connection abort: socket write error
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:243)
at org.apache.tomcat.websocket.WsSession.sendCloseMessage(WsSession.java:483)
at org.apache.tomcat.websocket.WsSession.onClose(WsSession.java:440)
at org.apache.tomcat.websocket.WsFrameBase.processDataControl(WsFrameBase.java:324)
at org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:270)
at org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:116)
at org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:54)
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onDataAvailable(WsHttpUpgradeHandler.java:194)
at org.apache.coyote.http11.upgrade.AbstractServletInputStream.onDataAvailable(AbstractServletInputStream.java:189)
at org.apache.coyote.http11.upgrade.AbstractProcessor.upgradeDispatch(AbstractProcessor.java:92)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:605)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.util.concurrent.ExecutionException: java.net.SocketException: Software caused connection abort: socket write error
at org.apache.tomcat.websocket.FutureToSendHandler.get(FutureToSendHandler.java:102)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:238)
... 14 more
Caused by: java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(Unknown Source)
at java.net.SocketOutputStream.write(Unknown Source)
at org.apache.coyote.http11.upgrade.BioServletOutputStream.doWrite(BioServletOutputStream.java:37)
at org.apache.coyote.http11.upgrade.AbstractServletOutputStream.writeInternal(AbstractServletOutputStream.java:125)
at org.apache.coyote.http11.upgrade.AbstractServletOutputStream.write(AbstractServletOutputStream.java:92)
at org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.onWritePossible(WsRemoteEndpointImplServer.java:94)
at org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:81)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:378)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:279)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:233)
... 14 more
after updating to nio connector i still receive the following exceptions
[ERROR] org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator - Transport error for SockJsSession[id=g4v7irfv, state=OPEN, sinceCreated=12010, sinceLastActive=12010]
java.io.IOException: java.util.concurrent.ExecutionException: java.io.IOException: An established connection was aborted by the software in your host machine
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:219)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:185)
at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:49)
at org.springframework.web.socket.adapter.standard.StandardWebSocketSession.sendTextMessage(StandardWebSocketSession.java:197)
at org.springframework.web.socket.adapter.AbstractWebSocketSession.sendMessage(AbstractWebSocketSession.java:104)
at org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession.initializeDelegateSession(WebSocketServerSockJsSession.java:160)
at org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler.afterConnectionEstablished(SockJsWebSocketHandler.java:72)
at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.onOpen(StandardWebSocketHandlerAdapter.java:101)
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:129)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:633)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1720)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.util.concurrent.ExecutionException: java.io.IOException: An established connection was aborted by the software in your host machine
at org.apache.tomcat.websocket.FutureToSendHandler.get(FutureToSendHandler.java:102)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:214)
... 15 more
Caused by: java.io.IOException: An established connection was aborted by the software in your host machine
at sun.nio.ch.SocketDispatcher.write0(Native Method)
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
at sun.nio.ch.IOUtil.write(IOUtil.java:65)
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:487)
at org.apache.tomcat.util.net.NioChannel.write(NioChannel.java:123)
at org.apache.tomcat.util.net.NioSelectorPool.write(NioSelectorPool.java:185)
at org.apache.coyote.http11.upgrade.NioServletOutputStream.doWriteInternal(NioServletOutputStream.java:93)
at org.apache.coyote.http11.upgrade.NioServletOutputStream.doWrite(NioServletOutputStream.java:60)
at org.apache.coyote.http11.upgrade.AbstractServletOutputStream.writeInternal(AbstractServletOutputStream.java:125)
at org.apache.coyote.http11.upgrade.AbstractServletOutputStream.write(AbstractServletOutputStream.java:92)
at org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.onWritePossible(WsRemoteEndpointImplServer.java:94)
at org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:81)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:393)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:287)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:687)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:210)
... 15 more
[WARN] org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession - Failed to send SockJS close frame: java.util.concurrent.ExecutionException: java.io.IOException: Key must be cancelled
[ERROR] org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator - Transport error for SockJsSession[id=g4v7irfv, state=CLOSED, sinceCreated=12020, sinceLastActive=0]
java.io.IOException: java.util.concurrent.ExecutionException: java.io.IOException: Key must be cancelled
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:243)
at org.apache.tomcat.websocket.WsSession.sendCloseMessage(WsSession.java:487)
at org.apache.tomcat.websocket.WsSession.doClose(WsSession.java:418)
at org.apache.tomcat.websocket.WsSession.close(WsSession.java:395)
at org.springframework.web.socket.adapter.standard.StandardWebSocketSession.closeInternal(StandardWebSocketSession.java:217)
at org.springframework.web.socket.adapter.AbstractWebSocketSession.close(AbstractWebSocketSession.java:139)
at org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession.disconnect(WebSocketServerSockJsSession.java:229)
at org.springframework.web.socket.sockjs.transport.session.AbstractSockJsSession.close(AbstractSockJsSession.java:290)
at org.springframework.web.socket.sockjs.transport.session.AbstractSockJsSession.tryCloseWithSockJsTransportError(AbstractSockJsSession.java:321)
at org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession.initializeDelegateSession(WebSocketServerSockJsSession.java:170)
at org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler.afterConnectionEstablished(SockJsWebSocketHandler.java:72)
at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.onOpen(StandardWebSocketHandlerAdapter.java:101)
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:129)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:633)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1720)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.util.concurrent.ExecutionException: java.io.IOException: Key must be cancelled
at org.apache.tomcat.websocket.FutureToSendHandler.get(FutureToSendHandler.java:102)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:238)
... 19 more
Caused by: java.io.IOException: Key must be cancelled
at org.apache.coyote.http11.upgrade.NioServletOutputStream.doWriteInternal(NioServletOutputStream.java:83)
at org.apache.coyote.http11.upgrade.NioServletOutputStream.doWrite(NioServletOutputStream.java:60)
at org.apache.coyote.http11.upgrade.AbstractServletOutputStream.writeInternal(AbstractServletOutputStream.java:125)
at org.apache.coyote.http11.upgrade.AbstractServletOutputStream.write(AbstractServletOutputStream.java:92)
at org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.onWritePossible(WsRemoteEndpointImplServer.java:94)
at org.apache.tomcat.websocket.server.WsRemoteEndpointImplServer.doWrite(WsRemoteEndpointImplServer.java:81)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:393)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:287)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessageBlock(WsRemoteEndpointImplBase.java:233)
... 19 more
[ERROR] org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator - Transport error for SockJsSession[id=g4v7irfv, state=CLOSED, sinceCreated=12031, sinceLastActive=11]
java.nio.channels.ClosedChannelException
at sun.nio.ch.SocketChannelImpl.ensureReadOpen(SocketChannelImpl.java:252)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:295)
at org.apache.tomcat.util.net.NioChannel.read(NioChannel.java:136)
at org.apache.coyote.http11.upgrade.NioServletInputStream.fillReadBuffer(NioServletInputStream.java:136)
at org.apache.coyote.http11.upgrade.NioServletInputStream.doRead(NioServletInputStream.java:80)
at org.apache.coyote.http11.upgrade.AbstractServletInputStream.read(AbstractServletInputStream.java:133)
at org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:45)
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onDataAvailable(WsHttpUpgradeHandler.java:194)
at org.apache.coyote.http11.upgrade.AbstractServletInputStream.onDataAvailable(AbstractServletInputStream.java:189)
at org.apache.coyote.http11.upgrade.AbstractProcessor.upgradeDispatch(AbstractProcessor.java:92)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:605)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1720)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Judging from this Software caused connection abort: socket write error, it looks like the server is trying to write to the socket but the connection is already closed.
Some reasons I can think of:
the client closed the connection willingly (by hitting the "stop" button in the browser, or closing the browser alltogether)
some network issue happened and the connection got closed
a timeout expired somewhere
For this case at least, this happens during the HTTP upgrade phase, which leads me to ask: do you have browser network/console logs for these cases? Maybe the client does not support the HTTP upgrade and closes the connection?
In any case, I strongly suggest you to configure your Tomcat server to use the NIO connector.

Resources