I am trying to use AsyncHttpClient with a proxy server configuration to connect using wss and am having no luck. I've been using async-http-client 1.7.5 and grizzly-websockets 2.2.13 My first attempt
AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()
.setSSLContext(sc)
.setProxyServer(
new ProxyServer(Protocol.HTTP, "192.168.1.130", 3128))
.build();
NettyWebSocket w = (NettyWebSocket)c.prepareGet("wss://192.168.1.124/atmosphere-chat/chat")
.execute(handler).get();
using the default netty configuration fails to work, This attempt appears to at least go through the proxy and connect to the remote server. The exception I get there is
java.lang.IllegalArgumentException: unsupported message type: class org.jboss.netty.handler.codec.http.websocketx.TextWebSocketFrame
When I switch to using grizzly through
AsyncHttpClient c = new AsyncHttpClient(new GrizzlyAsyncHttpProvider(config), config);
Things are better/worse. In this instance it appears that grizzly fails to send the connect verb through the http proxy, and instantly starts communicating via ssl, which fails. I would think this would be a well supported situation because of the increased likelyhood that a websocket connection would work through a proxy when using SSL. ]
Exception in thread "main" java.util.concurrent.ExecutionException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Am I way outside the bounds of what should be working?
Turns out this was a bug in AHC ( https://github.com/sonatype/async-http-client/issues/131#issuecomment-7745037 ) That gets fixed in 1.8.0.
Related
We have to connect out java camel application with an external system over https. In the middle we have a proxy, but this proxy only accepts http connections.
I have configured http and https proxies in the camel context but it seems that this does not help. The http4s component runs into connection closed exception. So I configured the proxy directly at the https4 endpoint. This configuration works but it seems that the component wants to communicate over https with our proxy and I receive this exception.
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
I inspect the debug log and I can see this log entry which indicates that the connection to the proxy is done over https
[DEBUG]: org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {tls}->https://<proxy>:<port>->https://<3rdPartySystem>:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 200]
here the camel component configuration
to("https4:<3rdPartySystem>/services/oauth2/token?proxyAuthHost=...&proxyAuthPort=...")
So my question is: How can I configure a proxy in java in a way that https traffic is done over http between the java app and the proxy. From proxy to the 3rd party system communication should be done over https.
By the way the "old" http-camel component works perfect with the same proxy.
use proxyAuthScheme=http to avoid the SSLException
I am trying to implement spring boot webservice application as given in spring docs :
https://spring.io/guides/gs/consuming-web-service/
Build was successful, request and response java files was created and , but when executed spring-boot:run , it gives
Caused by: org.springframework.ws.client.WebServiceIOException: I/O error: Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:561)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390)
at hello.WeatherClient.getCityForecastByZip(WeatherClient.java:30)
at hello.Application.main(Application.java:20)
But the URL is accessible via web browser in eclipse. Kindly help me solve this issue
Make sure all your tests declared with same #SpringBootTest annotation parameters.
I had same issue because of different parameters in two tests. Problem gone when I made all annotations same:
#SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT))
The web Service URL you are trying to call may be not reachable or it gets timeout. Ensure the web Service URL path is correct and is listening. also verify the timeout duration set and the time taken from your request.
PS. Also check if there is some firewall issue at Server side.
For firewall issue, you might need to provide proxy details(proxyHost and proxyPort) In client code.
EDIT:
I am not able to find appropriate blog or something which explains it better. but found one question on stackoverflow which has similar answer : here
I have a MQ spring jms application that has been working fine using SSL channel. However after a recent java security patch that was applied the application stopped working with below error.
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:209) ~[com.ibm.mqjms-7.5.0.0.jar:7.5.0.0 - p000-L120604]
... 45 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:438) ~[na:1.6.0_34]
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1414) ~[na:1.6.0_34]
I notice that the new java security file has this line added that is causing this failure in SSL connection to MQ.
jdk.tls.disabledAlgorithms=SSLv3
I can not get this line removed as this is shared environment, what are my options to make this work. I am using MQQueueConnectionFactory configured and injected into my spring JMS components.
Thank you
Can you not use this -
java.security.Security.setProperty("jdk.tls.disabledAlgorithms","")
This change was introduced in JDK8.
For reactive support purposes where you have to get this working (as soon as possible), comment/disable that policy in that security file. This will allow the Spring application to continue as it is before.
But you need to work towards a permanent fix either by using the TLS version of the same cipher or moving to a new TLS cipher.
You need to set matching SipherSpecs suited for TLS on both the server connection channel on the queue manager and your client.
This should help with the client side:
http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113220_.htm
While doing the QM side is easiest by using MQ Explorer, and just looking at the SSL properties of the server connection channel specified in the connection factory.
I have written a Spring Websocket server which is assessible from a browser via Stomp.js. I am now attempting to implement a Java client in order to connect my server to a secondary system. I am able to connect to the server using the following code
String destUri = "ws://localhost:8080/sample";
WebSocketClient client = new WebSocketClient();
SimpleEchoSocket socket = new SimpleEchoSocket();
try {
client.start();
URI echoUri = new URI(destUri);
ClientUpgradeRequest request = new ClientUpgradeRequest();
client.connect(socket, echoUri, request);
System.out.printf("Connecting to : %s%n", echoUri);
socket.awaitClose(5, TimeUnit.SECONDS);
} catch (Throwable t) {
t.printStackTrace();
}
The connection is opened, and now I would like to connect to my topic /price-stream. This is achieved by stomp.js :
stompClient.subscribe('/topic/pricechannel1', renderPrice);
what is the equivalent subscribe method for my Jetty websocket client? I cant find anything in the documentation I have found on the net.
Additional info:
I am trying to implement the stockticker example found here into another project. I can connect to the server through the provided Stomp.js interface in a web browser. Now I am attempting to create a Java client for use within a Swing GUI using Jetty websocket-client to connect.
I need to connect to the price stream, but it seems I am missing some kind of configuration request to latch on as a destination for the topic
In general, plain websocket clients (as the one provided by Jetty) support the websocket standard. STOMP is a protocol that sits on top of that transport.
Here, you'd need to implement your own STOMP client or interface an existing one with the websocket client you're using.
Spring 4.2 (to be published soon) includes a new STOMP client for this particular use case. See the reference documentation of 4.2.RC2.
I am a beginner with SSL/HTTPS. Hopefully, this isn't a dumb question.
I am writing a web service client that runs on JBOSS 4.3 which communicates with an external web service over https. I have generated the client using the wsimport tool (JAX-WS) that now comes with JDK 1.6. I am sucesfully able to communicate with the web service but I keep getting this warning message in the logs:
WARN [HTTPClientInvoker] Unable to create SSL Socket Factory for client invoker: Error initializing socket factory SSL context: Can not find truststore url.
From what I understand, as long as the JDK recognizes the certificate (CA) that the service provider is using, there should be no problem with the communication over https. I see that the service provider is using Equifax Secure. I checked my jdk and see that it's already there by default. I am also able to communicate with the service provider but I can't figure out why I am getting the warning message. I read elsewhere that I can potentially solve this problem by setting:
javax.net.ssl.keyStore and javax.net.ssl.trustStore in my jboss run.conf
I'm not sure why I need to do this when my jdk already trusts this certificate. Can someone explain to me why I'm getting this warning message even though my communication is going through. Aslo, can someone explain to me when someone should set the two configuration (javax.net.ssl.keyStore and javax.net.ssl.trustStore) above ?
Thanks.
See JBoss JIRA:
Error creating SSL Socket Factory for client invoker: Error initializing socket factory SSL context: Can not find truststore url.
https://issues.jboss.org/browse/TEIID-1133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs