Discussion :

[OQPFrancois]

Bonjour,

Je travaille actuellement à la mise en production d’un serveur JBoss sous Windows.

Configuration:
OS: Windows 2003 server SP1
JBoss: JBoss-4.2.2.GA

Pour l’instant, j’ai sécurisé l’accès à « JMX-Console » et « WEB-Console » par authentification et créé un service Windows à l’aide de « jboss-native-2.0.1-windows-i686-ssl ».

Jusqu’ici tout va bien…

Je souhaite désormais encrypter mes données par protocole HTTPS :
Dans un premier temps, j’ai créé un fichier keystore dans le dossier « /server/default/conf/ » à l’aide de la commande :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

 keytool –genkey –alias serverKey –keyAlg RSA –keystore .keystore –storePass monPass

À la suite de quoi, j’ai répondu aux différentes questions.

J’ai ensuite ouvert le fichier server.xml dans le répertoire « server/default/deploy/jboss-web.deployer/ » dans lequel j’ai ajouté un <connector> avec ces paramètres :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
		   clientAuth="false"
		   strategy="ms" address="${jboss.bind.address}"
               keystoreFile="${jboss.server.home.dir}/conf/.keystore" 
               keystorePass="monPass" 
               truststoreFile="${jboss.server.home.dir}/conf/.keystore" 
               truststorePass="monPass" 
               sslProtocol="TLS"/>

Je lance ensuite mon serveur à l'aide de la commande « run.bat –b 192.168.34.3 ».

Voici le contenu du fichier run.log

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

===============================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: C:\jboss-4.2.2.GA

  JAVA: C:\Program Files\Java\jdk1.6.0_02\bin\java

  JAVA_OPTS:  -Djava.library.path="C:\jboss-4.2.2.GA\bin\native;C:\jboss-4.2.2.GA\bin\native;C:\Perl\site\bin;C:\Perl\bin;C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\windows\system32;C:\Program Files\Java\jdk1.6.0_02\bin" -Dprogram.name=run.bat -server -Xms128m -Xmx512m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000

  CLASSPATH: C:\Program Files\Java\jdk1.6.0_02\lib\tools.jar;C:\jboss-4.2.2.GA\bin\run.jar

===============================================================================

15:36:44,125 INFO  [Server] Starting JBoss (MX MicroKernel)...
15:36:44,125 INFO  [Server] Release ID: JBoss [Trinity] 4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)
15:36:44,125 INFO  [Server] Home Dir: C:\jboss-4.2.2.GA
15:36:44,125 INFO  [Server] Home URL: file:/C:/jboss-4.2.2.GA/
15:36:44,125 INFO  [Server] Patch URL: null
15:36:44,125 INFO  [Server] Server Name: default
15:36:44,125 INFO  [Server] Server Home Dir: C:\jboss-4.2.2.GA\server\default
15:36:44,125 INFO  [Server] Server Home URL: file:/C:/jboss-4.2.2.GA/server/default/
15:36:44,140 INFO  [Server] Server Log Dir: C:\jboss-4.2.2.GA\server\default\log
15:36:44,140 INFO  [Server] Server Temp Dir: C:\jboss-4.2.2.GA\server\default\tmp
15:36:44,140 INFO  [Server] Root Deployment Filename: jboss-service.xml
15:36:44,531 INFO  [ServerInfo] Java version: 1.6.0_02,Sun Microsystems Inc.
15:36:44,531 INFO  [ServerInfo] Java VM: Java HotSpot(TM) Server VM 1.6.0_02-b06,Sun Microsystems Inc.
15:36:44,531 INFO  [ServerInfo] OS-System: Windows 2003 5.2,x86
15:36:45,187 INFO  [Server] Core system initialized
15:36:48,437 INFO  [WebService] Using RMI server codebase: http://192.168.34.3:8083/
15:36:48,437 INFO  [Log4jService$URLWatchTimerTask] Configuring from URL: resource:jboss-log4j.xml
15:36:49,078 INFO  [TransactionManagerService] JBossTS Transaction Service (JTA version) - JBoss Inc.
15:36:49,078 INFO  [TransactionManagerService] Setting up property manager MBean and JMX layer
15:36:49,343 INFO  [TransactionManagerService] Starting recovery manager
15:36:49,453 INFO  [TransactionManagerService] Recovery manager started
15:36:49,453 INFO  [TransactionManagerService] Binding TransactionManager JNDI Reference
15:36:54,062 INFO  [EJB3Deployer] Starting java:comp multiplexer
15:36:54,453 INFO  [STDOUT] no object for null
15:36:54,468 INFO  [STDOUT] no object for null
15:36:54,484 INFO  [STDOUT] no object for null
15:36:54,515 INFO  [STDOUT] no object for {urn:jboss:bean-deployer}supplyType
15:36:54,531 INFO  [STDOUT] no object for {urn:jboss:bean-deployer}dependsType
15:36:58,156 INFO  [NativeServerConfig] JBoss Web Services - Native
15:36:58,156 INFO  [NativeServerConfig] jbossws-native-2.0.1.SP2 (build=200710210837)
15:36:59,390 INFO  [Embedded] Catalina naming disabled
15:36:59,500 WARN  [Connector] Property clientAuth not found on the protocol handler.
15:36:59,500 WARN  [Connector] Property strategy not found on the protocol handler.
15:36:59,500 WARN  [Connector] Property keystoreFile not found on the protocol handler.
15:36:59,500 WARN  [Connector] Property keystorePass not found on the protocol handler.
15:36:59,500 WARN  [Connector] Property truststoreFile not found on the protocol handler.
15:36:59,500 WARN  [Connector] Property truststorePass not found on the protocol handler.
15:36:59,609 INFO  [AprLifecycleListener] Loaded Apache Tomcat Native library 1.1.11.
15:36:59,609 INFO  [AprLifecycleListener] APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
15:37:00,343 INFO  [Http11AprProtocol] Initializing Coyote HTTP/1.1 on http-192.168.34.3-8080
15:37:00,359 ERROR [Http11AprProtocol] Error initializing endpoint
java.lang.Exception: No Certificate file specified
	at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
	at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:683)
	at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
	at org.apache.catalina.connector.Connector.initialize(Connector.java:1073)
	...
15:37:00,359 INFO  [Catalina] Initialization processed in 977 ms
15:37:00,359 INFO  [StandardService] Starting service jboss.web
15:37:00,359 INFO  [StandardEngine] Starting Servlet Engine: JBossWeb/2.0.1.GA
15:37:00,421 INFO  [Catalina] Server startup in 53 ms
15:37:00,531 INFO  [TomcatDeployer] deploy, ctxPath=/, warUrl=.../deploy/jboss-web.deployer/ROOT.war/
15:37:01,390 INFO  [TomcatDeployer] deploy, ctxPath=/invoker, warUrl=.../deploy/http-invoker.sar/invoker.war/
15:37:01,546 INFO  [TomcatDeployer] deploy, ctxPath=/jbossws, warUrl=.../deploy/jbossws.sar/jbossws-context.war/
15:37:01,718 INFO  [TomcatDeployer] deploy, ctxPath=/jbossmq-httpil, warUrl=.../deploy/jms/jbossmq-httpil.sar/jbossmq-httpil.war/
15:37:02,937 INFO  [TomcatDeployer] deploy, ctxPath=/web-console, warUrl=.../deploy/management/console-mgr.sar/web-console.war/
15:37:03,593 INFO  [MailService] Mail Service bound to java:/Mail
15:37:03,781 INFO  [RARDeployment] Required license terms exist, view META-INF/ra.xml in .../deploy/jboss-ha-local-jdbc.rar
15:37:04,046 INFO  [RARDeployment] Required license terms exist, view META-INF/ra.xml in .../deploy/jboss-ha-xa-jdbc.rar
15:37:04,125 INFO  [RARDeployment] Required license terms exist, view META-INF/ra.xml in .../deploy/jboss-local-jdbc.rar
15:37:04,203 INFO  [RARDeployment] Required license terms exist, view META-INF/ra.xml in .../deploy/jboss-xa-jdbc.rar
15:37:04,312 INFO  [RARDeployment] Required license terms exist, view META-INF/ra.xml in .../deploy/jms/jms-ra.rar
15:37:04,375 INFO  [RARDeployment] Required license terms exist, view META-INF/ra.xml in .../deploy/mail-ra.rar
15:37:04,421 INFO  [RARDeployment] Required license terms exist, view META-INF/ra.xml in .../deploy/quartz-ra.rar
15:37:04,437 INFO  [QuartzResourceAdapter] start quartz!!!
15:37:04,515 INFO  [SimpleThreadPool] Job execution threads will use class loader of thread: main
15:37:04,546 INFO  [QuartzScheduler] Quartz Scheduler v.1.5.2 created.
15:37:04,546 INFO  [RAMJobStore] RAMJobStore initialized.
15:37:04,546 INFO  [StdSchedulerFactory] Quartz scheduler 'DefaultQuartzScheduler' initialized from default resource file in Quartz package: 'quartz.properties'
15:37:04,546 INFO  [StdSchedulerFactory] Quartz scheduler version: 1.5.2
15:37:04,546 INFO  [QuartzScheduler] Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED started.
15:37:05,500 INFO  [ConnectionFactoryBindingService] Bound ConnectionManager 'jboss.jca:service=DataSourceBinding,name=DefaultDS' to JNDI name 'java:DefaultDS'
15:37:05,796 INFO  [A] Bound to JNDI name: queue/A
15:37:05,796 INFO  [B] Bound to JNDI name: queue/B
15:37:05,796 INFO  [C] Bound to JNDI name: queue/C
15:37:05,796 INFO  [D] Bound to JNDI name: queue/D
15:37:05,796 INFO  [ex] Bound to JNDI name: queue/ex
15:37:05,828 INFO  [testTopic] Bound to JNDI name: topic/testTopic
15:37:05,828 INFO  [securedTopic] Bound to JNDI name: topic/securedTopic
15:37:05,828 INFO  [testDurableTopic] Bound to JNDI name: topic/testDurableTopic
15:37:05,828 INFO  [testQueue] Bound to JNDI name: queue/testQueue
15:37:05,890 INFO  [UILServerILService] JBossMQ UIL service available at : /192.168.34.3:8093
15:37:05,921 INFO  [DLQ] Bound to JNDI name: queue/DLQ
15:37:06,062 INFO  [ConnectionFactoryBindingService] Bound ConnectionManager 'jboss.jca:service=ConnectionFactoryBinding,name=JmsXA' to JNDI name 'java:JmsXA'
15:37:06,203 INFO  [ConnectionFactoryBindingService] Bound ConnectionManager 'jboss.jca:service=DataSourceBinding,name=TimesheetDB' to JNDI name 'java:TimesheetDB'
15:37:10,812 INFO  [TomcatDeployer] deploy, ctxPath=/Timesheet, warUrl=.../tmp/deploy/tmp10338TimeSheet-exp.war/
15:37:11,109 ERROR [STDERR] log4j:ERROR A "org.jboss.logging.appender.FileAppender" object is not assignable to a "org.apache.log4j.Appender" variable.
15:37:11,109 ERROR [STDERR] log4j:ERROR The class "org.apache.log4j.Appender" was loaded by 
15:37:11,109 ERROR [STDERR] log4j:ERROR [WebappClassLoader
  delegate: false
  repositories:
    /WEB-INF/classes/
----------> Parent Classloader:
java.net.FactoryURLClassLoader@1677737
] whereas object of type 
15:37:11,109 ERROR [STDERR] log4j:ERROR "org.jboss.logging.appender.FileAppender" was loaded by [org.jboss.system.server.NoAnnotationURLClassLoader@1e4457d].
15:37:11,109 ERROR [STDERR] log4j:ERROR Could not instantiate appender named "FILE".
15:37:11,890 INFO  [STDOUT] 15:37:11,875 INFO  [TilesPlugin] Tiles definition factory loaded for module ''.
15:37:11,890 INFO  [STDOUT] 15:37:11,890 INFO  [ValidatorPlugIn] Loading validation rules file from '/WEB-INF/validator-rules.xml'
15:37:11,890 INFO  [STDOUT] 15:37:11,890 INFO  [ValidatorPlugIn] Loading validation rules file from '/WEB-INF/validation.xml'
15:37:12,265 INFO  [TomcatDeployer] deploy, ctxPath=/jmx-console, warUrl=.../deploy/jmx-console.war/
15:37:12,671 INFO  [Http11AprProtocol] Starting Coyote HTTP/1.1 on http-192.168.34.3-8080
15:37:12,765 ERROR [Http11AprProtocol] Error starting endpoint
java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted.  
	at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:611)
	at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:716)
	at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
	at org.apache.catalina.connector.Connector.start(Connector.java:1146)
	
15:37:12,781 INFO  [Server] JBoss (MX MicroKernel) [4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)] Started in 28s:641ms

Cette erreur est survenue après la mise en place du service windows jboss. Auparavant le connector HTTPS fonctionnait.
Le fichier keystore est donc au bon endroit et le keystorePass est également juste de même que la configuration du connector dans server.xml.

Je reste tout de même sceptique quand au lien entre la mise en place du service windows et cette erreur.

Il semblerait, d'après les logs de démarrage, que les 5 warnings avant la première exception soit déterminants puisqu'ils notifient que les "property" keystoreFile, KeystorePass ... n'ont pas été créées.

Me manque-t'il une configuration? La mienne est-elle fausse?
Ou, s'agît-il d'un bug? Et si oui, Peut-il être fixé?

...merci!

[OQPFrancois]

Dans mon message, j'etais sceptique quand au lien entre l'échec du connector HTTPS et la mise en place d'un service windows pour JBoss à l'aide Jboss native.

Après plusieurs tests, je me suis rendu compte que Jboss Native provoquait cette erreur. Je n'ai parcontre pas pu identifier la vrai source du problème...

J'ai donc utilisé JavaServiceWrapper pour créer mon service windows.
J'ai suivi les instructions présentes sur cette page : http://wiki.jboss.org/wiki/Wiki.jsp?...rviceOnWindows

Petit conseil : il faut reprendre l'installation de JBoss depuis le début (supprimer l'installation et et en créer une nouvelle), sinon l'échec du connector https persiste.