I have a Java application running on Websphere 8.5. I am trying to call a 3rd party webservice using below code but it fails the SSLException as follows.
HttpClient httpClient = new HttpClient();
PostMethod post = new PostMethod(clientURL);
post.addRequestHeader(....blah);
httpClient.executeMethod(post); // The error is thrown at this line `
It fails with the below error:
HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector executeWithRetry I/O exception (javax.net.ssl.SSLException) caught when processing request: Received fatal alert: decode_error`
Below is the full stacktrace:
[8/21/15 16:33:08:997 EDT] 00000093 HttpMethodDir I
org.apache.commons.httpclient.HttpMethodDirector executeWithRetry I/O
exception (javax.net.ssl.SSLException) caught when processing request:
Received fatal alert: decode_error [8/21/15 16:33:08:997 EDT] 00000093
HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector
executeWithRetry Retrying request [8/21/15 16:33:09:059 EDT] 00000093
HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector
executeWithRetry I/O exception (javax.net.ssl.SSLException) caught
when processing request: Received fatal alert: decode_error [8/21/15
16:33:09:059 EDT] 00000093 HttpMethodDir I
org.apache.commons.httpclient.HttpMethodDirector executeWithRetry
Retrying request [8/21/15 16:33:09:122 EDT] 00000093 HttpMethodDir I
org.apache.commons.httpclient.HttpMethodDirector executeWithRetry I/O
exception (javax.net.ssl.SSLException) caught when processing request:
Received fatal alert: decode_error [8/21/15 16:33:09:122 EDT] 00000093
HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector
executeWithRetry Retrying request [8/21/15 16:33:09:168 EDT] 00000093
SystemOut O In MessageSender....end of sendMessage() [8/21/15
16:33:09:168 EDT] 00000093 servlet E
com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0014E:
Uncaught service() exception root cause /cova.jsp:
com.ibm.websphere.servlet.error.ServletErrorReport:
com.company.exception.ClientCommunicationException: No response
received at
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:695)
at com.ibm._jsp._cova._jspService(_cova.java:147) at
com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:99) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:668) at
com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1225)
at
com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:775)
at
com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:457)
at
com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at
com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:122)
at
com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:216)
at
com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1032)
at
com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3761)
at
com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at
com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:975)
at
com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
at
com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:283)
at
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at
com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at
com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at
com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at
com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at
com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at
com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1815)
-Thanks.
I'm guessing here, but here's a few possibilities...
Either A: You should be using http as opposed to https in your post URL (or visa versa)
B : You are using https and the SSL Certificate is not valid
Or C : You are using the correct URL and SSL is valid yet the Authentication your providing to the API is invalid and not being handled very well by the third party API
Related
I'm using WebSphere 8.5.5 and have a DataSource created. When I click "Test Connection" from the "Data Sources" page the test is successful! When the application is started though, I get an error message and lengthy stack trace. I have the identical application code and DS setup running fine in another WebSphere instance. Here's the message and a partial stack trace.
[10/18/19 10:37:54:465 EDT] 00000081 SystemOut O 2019-10-18 10:37:54,465 INFO o.h.j.i.u.LogHelper [WebContainer : 3] HHH000204: Processing PersistenceUnitInfo [
name: icegate
...]
[10/18/19 10:37:55:650 EDT] 00000081 SystemOut O 2019-10-18 10:37:55,649 WARN o.h.e.j.e.i.JdbcEnvironmentInitiator [WebContainer : 3] HHH000342: Could not obtain connection to query metadata : ORA-01017: invalid username/password; logon denied
DSRA0010E: SQL State = 72000, Error Code = 1,017
[10/18/19 10:37:55:658 EDT] 00000081 SystemOut O 2019-10-18 10:37:55,657 INFO o.h.d.Dialect [WebContainer : 3] HHH000400: Using dialect: org.hibernate.dialect.Oracle9iDialect
[10/18/19 10:37:55:660 EDT] 00000081 SystemOut O 2019-10-18 10:37:55,659 INFO o.h.e.j.e.i.LobCreatorBuilderImpl [WebContainer : 3] HHH000422: Disabling contextual LOB creation as connection was null
[10/18/19 10:37:57:465 EDT] 00000081 SystemOut O 2019-10-18 10:37:57,430 ERROR o.h.h.s.i.IdTableHelper [WebContainer : 3] Unable obtain JDBC Connection
java.sql.SQLException: ORA-01017: invalid username/password; logon denied
DSRA0010E: SQL State = 72000, Error Code = 1,017
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:447) ~[ojdbc6-11.2.0.3.jar:11.2.0.4.0]
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389) ~[ojdbc6-11.2.0.3.jar:11.2.0.4.0]
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382) ~[ojdbc6-11.2.0.3.jar:11.2.0.4.0]
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:675) ~[ojdbc6-11.2.0.3.jar:11.2.0.4.0]
I'm currently trying to connect my spring boot microservice to keycloak to validate all token coming from the front end and validate the user. To do so, I'm using the keycloak adapter for spring boot. It's the first time I'm using Keycloak as an identity provider and I'm trying to figure out how to work with it. I've been successfull so far using the simple rest API to get all the user from Keycloak and information about the realm.
Now that I want to use the adapter providedd with keycloak I encounter a certificate error (I post all the relevant log):
2019-08-27 09:19:58.529 DEBUG 14236 --- [nio-8080-exec-4] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:8080/data/23
2019-08-27 09:19:58.569 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Using provider 'secret' for authentication of client 'authentication-service'
2019-08-27 09:19:58.572 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2019-08-27 09:19:58.574 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2019-08-27 09:19:58.576 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret-jwt
2019-08-27 09:19:58.577 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret
2019-08-27 09:19:58.577 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider jwt
2019-08-27 09:19:58.577 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.a.ClientCredentialsProviderUtils : Loaded clientCredentialsProvider secret-jwt
2019-08-27 09:19:58.587 DEBUG 14236 --- [nio-8080-exec-4] o.keycloak.adapters.KeycloakDeployment : resolveUrls
2019-08-27 09:19:58.589 DEBUG 14236 --- [nio-8080-exec-4] o.k.adapters.KeycloakDeploymentBuilder : Use authServerUrl: https://192.168.222.153:8444/auth/, tokenUrl: https://192.168.222.153:8444/auth/realms/GRCC/protocol/openid-connect/token, relativeUrls: NEVER
2019-08-27 09:19:58.601 TRACE 14236 --- [nio-8080-exec-4] o.k.adapters.RequestAuthenticator : --> authenticate()
2019-08-27 09:19:58.603 TRACE 14236 --- [nio-8080-exec-4] o.k.adapters.RequestAuthenticator : try bearer
2019-08-27 09:19:58.604 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : Found [1] values in authorization header, selecting the first value for Bearer.
2019-08-27 09:19:58.604 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : Verifying access_token
2019-08-27 09:19:58.690 TRACE 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : access_token: eyJhbGciOiJSUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjT3hqT1pOQWtieXhPM0diQ1BLWVNVS2lVY3JPZTRLRXFLN21qQ2JpZHA0In0.eyJqdGkiOiI1N2I0MGU0Ny1kMGQ5LTQ4NWItYmQyNi1hOTViNTczMTU2NzQiLCJleHAiOjE1NjY4MjYwMTMsIm5iZiI6MCwiaWF0IjoxNTY2ODI1NzEzLCJpc3MiOiJodHRwczovLzE5Mi4xNjguMjIyLjE1Mzo4NDQ0L2F1dGgvcmVhbG1zL0dSQ0MiLCJhdWQiOlsicmVhbG0tbWFuYWdlbWVudCIsImFjY291bnQiXSwic3ViIjoiOTYyMWZmMDItYjUwMy00NDk2LTg1ZWUtYjQ3NzJhZDRkMDE1IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXV0aGVudGljYXRpb24tc2VydmljZSIsImF1dGhfdGltZSI6MTU2NjgyNTY5Miwic2Vzc2lvbl9zdGF0ZSI6IjFlMjg4MDgzLWUxODgtNDhhMC04YzcxLTY4MTFiOWFkYzVmYyIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InJlYWxtLW1hbmFnZW1lbnQiOnsicm9sZXMiOlsidmlldy11c2VycyIsInF1ZXJ5LWdyb3VwcyIsInF1ZXJ5LXVzZXJzIl19LCJhdXRoZW50aWNhdGlvbi1zZXJ2aWNlIjp7InJvbGVzIjpbIlVTRVIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwidXNlcl9uYW1lIjoibGxlbWFpcmUiLCJuYW1lIjoiTG_Dr2MgTGVtYWlyZSIsInByZWZlcnJlZF91c2VybmFtZSI6ImxsZW1haXJlIiwiZ2l2ZW5fbmFtZSI6Ikxvw69jIiwiZmFtaWx5X25hbWUiOiJMZW1haXJlIiwiZW1haWwiOiJsb2ljLmxlbWFpcmVAaXJpc2NvcnBvcmF0ZS5jb20ifQ.signature
2019-08-27 09:19:58.752 TRACE 14236 --- [nio-8080-exec-4] o.k.a.rotation.JWKPublicKeyLocator : Going to send request to retrieve new set of realm public keys for client authentication-service
2019-08-27 09:19:59.166 ERROR 14236 --- [nio-8080-exec-4] o.k.a.rotation.JWKPublicKeyLocator : Error when sending request to retrieve realm keys
org.keycloak.adapters.HttpClientAdapterException: IO error
at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(HttpAdapterUtils.java:58) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.JWKPublicKeyLocator.sendRequest(JWKPublicKeyLocator.java:99) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.JWKPublicKeyLocator.getPublicKey(JWKPublicKeyLocator.java:63) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.AdapterTokenVerifier.getPublicKey(AdapterTokenVerifier.java:121) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.AdapterTokenVerifier.createVerifier(AdapterTokenVerifier.java:111) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.rotation.AdapterTokenVerifier.verifyToken(AdapterTokenVerifier.java:47) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:103) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:88) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:203) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:50) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.doAuthenticate(KeycloakAuthenticatorValve.java:57) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181) [spring-boot-container-bundle-6.0.1.jar:6.0.1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587) [tomcat-embed-core-9.0.21.jar:9.0.21]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.21.jar:9.0.21]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.21.jar:9.0.21]
at java.base/java.lang.Thread.run(Thread.java:834) [na:na]
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) [na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) [na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) [na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361) [na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) [na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) [na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) [na:na]
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178) [na:na]
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) [na:na]
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) [na:na]
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) [na:na]
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) [na:na]
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:570) [httpclient-4.5.9.jar:4.5.9]
at org.keycloak.adapters.SniSSLSocketFactory.createLayeredSocket(SniSSLSocketFactory.java:114) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554) [httpclient-4.5.9.jar:4.5.9]
at org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:109) [keycloak-adapter-core-6.0.1.jar:6.0.1]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:415) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) [httpclient-4.5.9.jar:4.5.9]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) [httpclient-4.5.9.jar:4.5.9]
at org.keycloak.adapters.HttpAdapterUtils.sendJsonHttpRequest(HttpAdapterUtils.java:37) [keycloak-adapter-core-6.0.1.jar:6.0.1]
... 26 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [na:na]
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290) [na:na]
at java.base/sun.security.validator.Validator.validate(Validator.java:264) [na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321) [na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221) [na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) [na:na]
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626) [na:na]
... 51 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) [na:na]
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) [na:na]
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) [na:na]
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [na:na]
... 57 common frames omitted
2019-08-27 09:19:59.166 ERROR 14236 --- [nio-8080-exec-4] o.k.a.rotation.AdapterTokenVerifier : Didn't find publicKey for kid: cOxjOZNAkbyxO3GbCPKYSUKiUcrOe4KEqK7mjCbidp4
2019-08-27 09:19:59.166 DEBUG 14236 --- [nio-8080-exec-4] o.k.a.BearerTokenRequestAuthenticator : Failed to verify token
2019-08-27 09:19:59.169 DEBUG 14236 --- [nio-8080-exec-4] o.k.adapters.RequestAuthenticator : Bearer FAILED
I already have resolved this problem while I was using the rest API with RestEasy by simply adding the certificate in the process.
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "changeit";
keystore.load(new ClassPathResource("truststore").getInputStream(), password.toCharArray());
.resteasyClient(new ResteasyClientBuilder().trustStore(keystore).connectionPoolSize(1).hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY).build())
After dealing with the DNS problem, everything was fine. But now, I have the exact same problem with the adapter.
After some researches, I have added the certificate to my java cacerts and even install the certificate with windows. But none of this worked. I keep having the same error.
Here is my application properties:
#Keycloak configuration
keycloak.auth-server-url=https://192.168.222.153:8444/auth/
keycloak.realm=GRCC
keycloak.resource=authentication-service
keycloak.verify-token-audience=true
keycloak.ssl-required=none
keycloak.credentials.secret=49632b4b-5f8d-43af-b10d-3ecea7c114cf
keycloak.principal-attribute=preferred_username
logging.level.org.keycloak=TRACE
keycloak.security-constraints[0].authRoles[0]=user
keycloak.security-constraints[0].securityCollections[0].patterns[0]=/projects/*
keycloak.security-constraints[0].securityCollections[0].patterns[1]=/data/*
And my keycloak configuration:
I also tried to use the keycloak truststore parameter in the application properties but it doesn't work either.
Is there anything wrong with how I'm using Keycloak?
Thx in advance
Figure it out!
I was using the realm certificate instead of the Keycloak global certificate.
To get the realm certificate, you need to provide the global certificate to the JVM.
Using the openssl call to get the right certificate showed me there are two different kind of certificate.
I have the following error, could someone help me? Thank you in advance for your help.
11/24/17 4:21:43:949 EST] 000000a2 ContextLoader I
org.springframework.web.context.ContextLoader
initWebApplicationContext Root WebApplicationContext: initialization
completed in 15836 ms
[11/24/17 4:21:43:949 EST] 000000a2 SystemOut O TRIMS.properties file getting loaded on path:
/opt/applications/trims_main_ASIA/SIT1/config/TRIMSConfig.properties
[11/24/17 4:21:44:021 EST] 000000a2 SystemOut O MenuServletContextListener:: Menu XML config loaded.
[11/24/17 4:21:44:147 EST] 000000a2 webapp E com.ibm.ws.webcontainer.webapp.WebApp notifyServletContextCreated
SRVE0283E: Exception caught while initializing context: {0}
java.lang.NullPointerException
at com.citigroup.trims.framework.cache.Cache.loadStaticCache(Cache.java:112)
at com.citigroup.trims.framework.cache.Cache.init(Cache.java:83)
at com.citigroup.trims.framework.cache.CacheManager.initialize(CacheManager.java:112)
at com.citigroup.trims.framework.cache.CacheStartup.contextInitialized(CacheStartup.java:30)
at com.ibm.ws.webcontainer.webapp.WebApp.notifyServletContextCreated(WebApp.java:1732)
at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:415)
at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:88)
at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:171)
at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:904)
at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:789)
at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:427)
at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:719)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1201
I really appreciate!
we're encountering an error in websphere version 6.1 running on a windows 2003 environment.
The server suddenly stops but there was no one who issued a stop on the server.
here is the logs of the server
what is weird is we did not an issue a stop it just suddenly stops.
it does not start after this
anyone encountered this error?
what do i need to look at?
Tried to retrieve a localized string for a component that has not yet been added to the page. This can sometimes lead to an invalid or no localized resource returned. Make sure you are not calling Component#getString() inside your Component's constructor. Offending component: [MarkupContainer [Component id = content]]
[1/16/13 11:10:15:150 CST] 000008ec AdminHelper A ADMN1020I: An attempt is made to stop the server1 server. (User ID = defaultWIMFileBasedRealm/testadmin)
[1/16/13 11:10:15:259 CST] 00000010 TCPChannel I TCPC0002I: TCP Channel TCP_3 has stopped listening on host * (IPv4) port 9043.
[1/16/13 11:10:15:259 CST] 00000010 TCPChannel I TCPC0002I: TCP Channel TCP_2 has stopped listening on host * (IPv4) port 9080.
[1/16/13 11:10:15:275 CST] 00000010 TCPChannel I TCPC0002I: TCP Channel TCP_1 has stopped listening on host * (IPv4) port 9060.
[1/16/13 11:10:20:275 CST] 00000010 ApplicationMg A WSVR0217I: Stopping application: 10012012-TEST-66-V105-tester-ufm_war
[1/16/13 11:10:20:306 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-tester-ufm_war] [/ufm] [com_ibm_ws_rrd_webservices_service_remote_RRDServiceSOAPBindingImplLTPA]: Destroy successful.
[1/16/13 11:10:20:322 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-tester-ufm_war] [/ufm] [com_ibm_ws_rrd_webservices_service_remote_RRDServiceSOAPBindingImplCustom]: Destroy successful.
[1/16/13 11:10:20:322 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-tester-ufm_war] [/ufm] [com_ibm_ws_rrd_webservices_service_remote_RRDServiceSOAPBindingImpl]: Destroy successful.
[1/16/13 11:10:20:322 CST] 00000010 WebApp A SRVE0180I: [10012012-TEST-66-V105-tester-ufm_war#10012012-TEST-66-V105-tester-ufm.war] [/ufm] [Servlet.LOG]: Closing Spring root WebApplicationContext
[1/16/13 11:10:20:603 CST] 00000010 XmlWebApplica I org.apache.commons.logging.impl.Jdk14Logger info Closing org.springframework.web.context.support.XmlWebApplicationContext#61c461c4: display name [Root WebApplicationContext]; startup date [Fri Jan 11 15:48:22 CST 2013]; root of context hierarchy
[1/16/13 11:10:21:228 CST] 00000010 LocalSessionF I org.apache.commons.logging.impl.Jdk14Logger info Closing Hibernate SessionFactory
[1/16/13 11:10:21:228 CST] 00000010 SystemOut O INFO - SessionFactoryImpl - closing
INFO - essionFactoryObjectFactory - Unbinding factory from JNDI name: sessionFactory
INFO - NamingHelper - JNDI InitialContext properties:{}
INFO - essionFactoryObjectFactory - Unbound factory from JNDI name: sessionFactory
[1/16/13 11:10:21:260 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-tester-ufm_war] [/ufm] [context]: Destroy successful.
[1/16/13 11:10:21:431 CST] 00000010 ApplicationMg A WSVR0220I: Application stopped: 10012012-TEST-66-V105-tester-ufm_war
[1/16/13 11:10:21:447 CST] 00000010 ApplicationMg A WSVR0217I: Stopping application: SchedulerCalendars
[1/16/13 11:10:21:463 CST] 00000010 EJBContainerI I WSVR0041I: Stopping EJB jar: Calendars.jar
[1/16/13 11:10:21:463 CST] 00000010 EJBContainerI I WSVR0059I: EJB jar stopped: Calendars.jar
[1/16/13 11:10:21:478 CST] 00000010 ApplicationMg A WSVR0220I: Application stopped: SchedulerCalendars
[1/16/13 11:10:21:494 CST] 00000010 ApplicationMg A WSVR0217I: Stopping application: filetransfer
[1/16/13 11:10:21:494 CST] 00000010 ServletWrappe I SRVE0253I: [filetransfer] [/FileTransfer] [transfer]: Destroy successful.
[1/16/13 11:10:21:525 CST] 00000010 ApplicationMg A WSVR0220I: Application stopped: filetransfer
[1/16/13 11:10:21:525 CST] 00000010 ApplicationMg A WSVR0217I: Stopping application: ManagementEJB
[1/16/13 11:10:21:525 CST] 00000010 EJBContainerI I WSVR0041I: Stopping EJB jar: mejb.jar
[1/16/13 11:10:21:525 CST] 00000010 EJBContainerI I WSVR0059I: EJB jar stopped: mejb.jar
[1/16/13 11:10:21:556 CST] 00000010 ApplicationMg A WSVR0220I: Application stopped: ManagementEJB
[1/16/13 11:10:21:556 CST] 00000010 ApplicationMg A WSVR0217I: Stopping application: 10012012-TEST-66-V105-test-management_war
[1/16/13 11:10:21:556 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-test-management_war] [/] [com_ibm_ws_rrd_webservices_service_remote_RRDServiceSOAPBindingImplLTPA]: Destroy successful.
[1/16/13 11:10:21:572 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-test-management_war] [/] [com_ibm_ws_rrd_webservices_service_remote_RRDServiceSOAPBindingImplCustom]: Destroy successful.
[1/16/13 11:10:21:572 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-test-management_war] [/] [com_ibm_ws_rrd_webservices_service_remote_RRDServiceSOAPBindingImpl]: Destroy successful.
[1/16/13 11:10:21:572 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-test-management_war] [/] [JasperObject]: Destroy successful.
[1/16/13 11:10:22:119 CST] 00000010 ServletWrappe I SRVE0253I: [10012012-TEST-66-V105-test-management_war] [/] [wicket.test-management]: Destroy successful.
[1/16/13 11:10:22:119 CST] 00000010 WebApp A SRVE0180I: [10012012-TEST-66-V105-test-management_war#10012012-TEST-66-V105-test-management.war] [/] [Servlet.LOG]: Closing Spring root WebApplicationContext
[1/16/13 11:10:22:416 CST] 00000010 XmlWebApplica I org.apache.commons.logging.impl.Jdk14Logger info Closing org.springframework.web.context.support.XmlWebApplicationContext#55a955a9: display name [Root WebApplicationContext]; startup date [Thu Jan 10 15:33:28 CST 2013]; root of context hierarchy
[1/16/13 11:10:22:760 CST] 00000794 WebContainer E Servlet.has.become.temporarily.unavailable.for.service
[1/16/13 11:10:27:057 CST] 00000010 LocalSessionF I org.apache.commons.logging.impl.Jdk14Logger info Closing Hibernate SessionFactory
closing
[1/16/13 11:10:27:072 CST] 00000010 SystemOut O Unbinding factory from JNDI name: sessionFactory
testadmin is the user that has requested for the server shutdown.
Are there other credentials on this server?
Is this "testadmin" credentials stored in the config file (sas/soap client properties)?
we can see it clearly on the logs. The new cloned server is the one causing the server from which is cloned from to stop. The stopserver commands are issued on the cloned server, and it is affecting the production server. This is quite a really weird behavior....
Is there anything I should look at ?
Thanks
Ticket to IBM Software Support would help you with root cause. Also I would run the mustgather utility to see all the logs that could be involved in the stoppage.
I have deployed a war file in Websphere 7.0 console . Deployment was successful . On starting the application throws error as " Failed to Start "
Error logs are as below.
[9/19/11 12:50:36:679 EDT] 0000001f CompositionUn A WSVR0190I: Starting composition unit WebSphere:cuname=EPROVIDER in BLA WebSphere:blaname=EPROVIDER.
[9/19/11 12:50:36:694 EDT] 0000001f ApplicationMg A WSVR0200I: Starting application: EPROVIDER
[9/19/11 12:50:36:694 EDT] 0000001f ApplicationMg A WSVR0204I: Application: EPROVIDER Application build level: Unknown
[9/19/11 12:50:37:038 EDT] 0000001f ApplicationMg E WSVR0101W: An error occurred starting, EPROVIDER
[9/19/11 12:50:37:038 EDT] 0000001f ApplicationMg A WSVR0217I: Stopping application: EPROVIDER
[9/19/11 12:50:37:038 EDT] 0000001f ApplicationMg A WSVR0220I: Application stopped: EPROVIDER
[9/19/11 12:50:37:038 EDT] 0000001f CompositionUn E WSVR0194E: Composition unit WebSphere:cuname=EPROVIDER in BLA WebSphere:blaname=EPROVIDER failed to start.
[9/19/11 12:50:37:038 EDT] 0000001f MBeanHelper E Could not invoke an operation on object: WebSphere:name=ApplicationManager,process=server1,platform=proxy,node=L67695M1Node02,version=7.0.0.11,type=ApplicationManager,mbeanIdentifier=ApplicationManager,cell=L67695M1Node02Cell,spec=1.0 because of an mbean exception: com.ibm.ws.exception.RuntimeError: java.lang.RuntimeException: java.lang.NullPointerException
You need to give us more info pal.
If you provide us with the full console log, we could surely help.
You can find the log of the server here :
C:*Your installed directory*\IBM\SDP75\runtimes\base_v7\profiles*YourProfile*\logs*yourServerName*
and the file is startServer.log.
You can also try this :
Stop the server.
Manually delete temp and wstemp directories under your profile directory.
Clean publish.
Good luck