Friday, 16 August 2013

Weblogic 10.3 WebService one way SSL HTTP 401: unauthorized

Weblogic 10.3 WebService one way SSL HTTP 401: unauthorized

I am stuck with a web service HTTP 401 issue for last two days. Would
really appreciate if somebody could give me some direction.
Background
I have developed a webservice which is supposed to do a one way SSL
Authentication using weblogic ant commands jwsc and clientgen. I deloped
the same as an HTTP service and the same was working properly with the
client getting appropriate response.
After this I converted the service to work for a 1 way SSL based on the
oracle documentation. After the client was generated I changed the service
class to https and correct port number, created a truststore using the
InstallCert.java from google labs.
Issue When I tested the above code I am getting the following exception
Exception in thread "main"
com.sun.xml.internal.ws.client.ClientTransportException: The server sent
HTTP status code 401: Unauthorized
[java] at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:196)
[java] at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:168)
[java] at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
[java] at
com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
[java] at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
[java] at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
[java] at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
[java] at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
[java] at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
[java] at
com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
[java] at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
[java] at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
[java] at
com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
[java] at $Proxy29.sayHelloWorld(Unknown Source)
[java] at examples.webservices.simple_client.Main.callServer(Unknown
Source)
[java] at examples.webservices.simple_client.Main.main(Unknown Source)
After loads of google searching I figured how to debug SOAP messages on
client side using the <jvmarg
value="-Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true"/>
<jvmarg value="-Djavax.net.debug=ssl"/> <jvmarg
value="-Dweblogic.security.SSL.ignoreHostnameVerify=true"/>
In the output I can see that my server certificate is getting properly
authenticated (based on my understanding from various google search
results due to the below output
Found trusted certificate:
[java] [
[java] [
[java] Version: V1
[java] Subject: CN=myserver, OU=FOR TESTING ONLY, O=MyOrganization,
L=MyTown, ST=MyState, C=US
[java] Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
[java]
[java] Key: Sun RSA public key, 512 bits
[java] modulus:
11399037646943714373129589413160891986565558044118796140794648360486617578069478083040335022051356380275876221883739208839702905668066595828725571636353511
[java] public exponent: 65537
[java] Validity: [From: Tue Oct 11 05:46:19 EDT 2011,
[java] To: Mon Oct 12 05:46:19 EDT 2026]
[java] Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY,
O=MyOrganization, L=MyTown, ST=MyState, C=US
[java] SerialNumber: [ 55a93b5e 2866f87c 4d24e2a3 eb4fe6da]
[java]
[java] ]
[java] Algorithm: [MD5withRSA]
[java] Signature:
[java] 0000: 2A 8C EF C6 93 59 A8 0B 59 CD 28 08 7C D5 EC 50
*....Y..Y.(....P
[java] 0010: B1 31 00 CA 67 DB DE 45 4D B5 40 A8 48 2D 58 5C
.1..g..EM.@.H-X\
[java] 0020: 04 6E 50 7B 58 C5 14 D7 FD 89 BA C3 18 DC A9 BC
.nP.X...........
[java] 0030: 33 4A ED EC 35 51 CB 0F 88 BD 0B FC 99 35 1C 7B
3J..5Q.......5..
[java]
[java] ]
[java] main, READ: TLSv1 Handshake, length = 4
[java] *** ServerHelloDone
[java] *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[java] main, WRITE: TLSv1 Handshake, length = 70
[java] SESSION KEYGEN:
[java] PreMaster Secret:
[java] 0000: 03 01 4E 55 6E B6 7D F3 1A 95 EC 23 1A 26 A1 F4
..NUn......#.&..
[java] 0010: CB 7D 77 0A E2 87 09 34 C9 CD A2 F3 34 5C 7F E8
..w....4....4\..
[java] 0020: D1 35 D7 5E BB 1A 13 2F 06 55 72 C5 2A 43 FD ED
.5.^.../.Ur.*C..
[java] CONNECTION KEYGEN:
[java] Client Nonce:
[java] 0000: 52 0D D7 97 92 E3 75 F1 3C 19 4F 5F B1 DE 38 BE
R.....u.<.O_..8.
[java] 0010: 43 13 D3 0A D8 C0 0D 87 8F 82 32 58 07 1B 09 91
C.........2X....
[java] Server Nonce:
[java] 0000: 52 0D D7 97 29 8A F0 E1 31 85 01 D0 B7 6F CC AC
R...)...1....o..
[java] 0010: 1E C0 F3 69 5C 19 01 C5 05 96 5D 61 ED 34 DE B0
...i\.....]a.4..
[java] Master Secret:
[java] 0000: 2A AC FE C3 23 DC C8 4C B3 43 52 9A C3 AD 6C 7D
*...#..L.CR...l.
[java] 0010: 86 64 06 C7 71 7B 0A C2 41 2D D8 85 80 C7 09 2C
.d..q...A-.....,
[java] 0020: 8D 4B BF BE D7 6A 14 E0 FD 71 7C 42 33 9E E9 3E
.K...j...q.B3..>
[java] Client MAC write Secret:
[java] 0000: C7 C4 4B B0 17 63 EF 15 49 10 41 C9 8E F5 4D B8
..K..c..I.A...M.
[java] Server MAC write Secret:
[java] 0000: 43 D5 66 32 E6 8D 85 5F 4A 59 4E 22 E2 2D 63 9B
C.f2..._JYN".-c.
[java] Client write key:
[java] 0000: C7 A0 5E 3C 95 7D 5B C1 76 58 33 50 32 9F 32 60
..^<..[.vX3P2.2`
[java] Server write key:
[java] 0000: 8E C1 C7 DE A4 46 89 4D CB 27 19 98 20 59 69 9E
.....F.M.'.. Yi.
[java] ... no IV used for this cipher
[java] main, WRITE: TLSv1 Change Cipher Spec, length = 1
[java] *** Finished
[java] verify_data: { 177, 168, 133, 8, 117, 184, 224, 201, 35, 12,
96, 25 }
[java] ***
[java] main, WRITE: TLSv1 Handshake, length = 32
[java] main, READ: TLSv1 Change Cipher Spec, length = 1
[java] main, READ: TLSv1 Handshake, length = 32
[java] *** Finished
[java] verify_data: { 202, 0, 249, 55, 208, 218, 164, 49, 228, 244,
138, 164 }
[java] ***
[java] %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[java] main, WRITE: TLSv1 Application Data, length = 225
[java] main, READ: TLSv1 Application Data, length = 175
[java] main, READ: TLSv1 Application Data, length = 3040
[java] main, called close()
[java] main, called closeInternal(true)
[java] main, SEND TLSv1 ALERT: warning, description = close_notify
[java] main, WRITE: TLSv1 Alert, length = 18
[java] Allow unsafe renegotiation: false
[java] Allow legacy hello messages: true
[java] Is initial handshake: true
[java] Is secure renegotiation: false
[java] %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[java] %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from
port 56321
[java] *** ClientHello, TLSv1
[java] RandomCookie: GMT: 1376573079 bytes = { 81, 111, 75, 50, 149,
29, 122, 231, 125, 64, 236, 168, 67, 7, 127, 120, 207, 8, 204, 91,
43, 124, 235, 162, 123, 13, 168, 6 }
[java] Session ID: {202, 36, 120, 65, 56, 38, 121, 89, 214, 122, 192,
105, 176, 215, 37, 182}
[java] Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
[java] Compression Methods: { 0 }
[java] ***
[java] main, WRITE: TLSv1 Handshake, length = 97
[java] main, READ: TLSv1 Handshake, length = 58
[java] *** ServerHello, TLSv1
[java] RandomCookie: GMT: 1376573079 bytes = { 255, 58, 121, 2, 103,
75, 164, 168, 47, 33, 30, 118, 219, 155, 5, 87, 78, 50, 248, 87, 55,
98, 140, 75, 1, 34, 94, 8 }
[java] Session ID: {202, 36, 120, 65, 56, 38, 121, 89, 214, 122,
192, 105, 176, 215, 37, 182}
[java] Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
[java] Compression Method: 0
[java] ***
[java] Warning: No renegotiation indication extension in ServerHello
[java] CONNECTION KEYGEN:
[java] Client Nonce:
[java] 0000: 52 0D D7 97 51 6F 4B 32 95 1D 7A E7 7D 40 EC A8
R...QoK2..z..@..
[java] 0010: 43 07 7F 78 CF 08 CC 5B 2B 7C EB A2 7B 0D A8 06
C..x...[+.......
[java] Server Nonce:
[java] 0000: 52 0D D7 97 FF 3A 79 02 67 4B A4 A8 2F 21 1E 76
R....:y.gK../!.v
[java] 0010: DB 9B 05 57 4E 32 F8 57 37 62 8C 4B 01 22 5E 08
...WN2.W7b.K."^.
[java] Master Secret:
[java] 0000: 2A AC FE C3 23 DC C8 4C B3 43 52 9A C3 AD 6C 7D
*...#..L.CR...l.
[java] 0010: 86 64 06 C7 71 7B 0A C2 41 2D D8 85 80 C7 09 2C
.d..q...A-.....,
[java] 0020: 8D 4B BF BE D7 6A 14 E0 FD 71 7C 42 33 9E E9 3E
.K...j...q.B3..>
[java] Client MAC write Secret:
[java] 0000: E9 45 08 20 F4 70 E3 F0 B7 EF CB 17 A3 D0 F2 28 .E.
.p.........(
[java] Server MAC write Secret:
[java] 0000: 12 5D 3C 63 FE FA FA AC DC 31 0E C5 AE 52 71 2C
.]<c.....1...Rq,
[java] Client write key:
[java] 0000: CE E5 02 F1 A4 EA 87 B3 C7 AF 35 89 DD 3E BD 64
..........5..>.d
[java] Server write key:
[java] 0000: 6E 02 D3 5C A7 3F C5 57 D7 B7 84 CD 8D 4A 17 2C
n..\.?.W.....J.,
[java] ... no IV used for this cipher
[java] %% Server resumed [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[java] main, READ: TLSv1 Change Cipher Spec, length = 1
[java] main, READ: TLSv1 Handshake, length = 32
[java] *** Finished
[java] verify_data: { 253, 116, 209, 250, 88, 31, 151, 15, 134, 162,
94, 55 }
[java] ***
[java] main, WRITE: TLSv1 Handshake, length = 32
[java] main, WRITE: TLSv1 Application Data, length = 225
[java] main, READ: TLSv1 Application Data, length = 175
[java] main, READ: TLSv1 Application Data, length = 3040
[java] main, called close()
[java] main, called closeInternal(true)
[java] main, SEND TLSv1 ALERT: warning, description = close_notify
[java] main, WRITE: TLSv1 Alert, length = 18
[java] the wsdl location is
https://myserver:myport/HelloWorldImpl/HelloWorldService?WSDL
[java] the ports is {https://myserver:myport}HelloWorldPortTypePort
[java] Allow unsafe renegotiation: false
[java] Allow legacy hello messages: true
[java] Is initial handshake: true
[java] Is secure renegotiation: false
[java] %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[java] %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from
port 56322
[java] *** ClientHello, TLSv1
[java] RandomCookie: GMT: 1376573079 bytes = { 110, 65, 69, 188,
135, 246, 1, 160, 40, 124, 7, 13, 57, 253, 194, 185, 195, 172, 61,
188, 32, 74, 61, 241, 66, 54, 12, 11 }
[java] Session ID: {202, 36, 120, 65, 56, 38, 121, 89, 214, 122,
192, 105, 176, 215, 37, 182}
[java] Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
[java] Compression Methods: { 0 }
[java] ***
[java] main, WRITE: TLSv1 Handshake, length = 97
[java] main, READ: TLSv1 Handshake, length = 58
[java] *** ServerHello, TLSv1
[java] RandomCookie: GMT: 1376573079 bytes = { 62, 17, 208, 2, 106,
161, 176, 178, 192, 167, 106, 98, 252, 176, 9, 52, 142, 121, 171,
228, 11, 115, 9, 179, 2, 28, 133, 193 }
[java] Session ID: {202, 36, 120, 65, 56, 38, 121, 89, 214, 122,
192, 105, 176, 215, 37, 182}
[java] Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
[java] Compression Method: 0
[java] ***
[java] Warning: No renegotiation indication extension in ServerHello
[java] CONNECTION KEYGEN:
[java] Client Nonce:
[java] 0000: 52 0D D7 97 6E 41 45 BC 87 F6 01 A0 28 7C 07 0D
R...nAE.....(...
[java] 0010: 39 FD C2 B9 C3 AC 3D BC 20 4A 3D F1 42 36 0C 0B
9.....=. J=.B6..
[java] Server Nonce:
[java] 0000: 52 0D D7 97 3E 11 D0 02 6A A1 B0 B2 C0 A7 6A 62
R...>...j.....jb
[java] 0010: FC B0 09 34 8E 79 AB E4 0B 73 09 B3 02 1C 85 C1
...4.y...s......
[java] Master Secret:
[java] 0000: 2A AC FE C3 23 DC C8 4C B3 43 52 9A C3 AD 6C 7D
*...#..L.CR...l.
[java] 0010: 86 64 06 C7 71 7B 0A C2 41 2D D8 85 80 C7 09 2C
.d..q...A-.....,
[java] 0020: 8D 4B BF BE D7 6A 14 E0 FD 71 7C 42 33 9E E9 3E
.K...j...q.B3..>
[java] Client MAC write Secret:
[java] 0000: FC B9 1E 90 2C A4 A2 2F 34 9B F2 FB F5 FD 16 35
....,../4......5
[java] Server MAC write Secret:
[java] 0000: 0D 31 04 6F CE 64 64 8F 5E C0 62 2C 4C 87 BC 7C
.1.o.dd.^.b,L...
[java] Client write key:
[java] 0000: B6 21 C1 68 57 93 BB E1 CF 66 6B CC 91 FA C2 24
.!.hW....fk....$
[java] Server write key:
[java] 0000: 82 82 6D 40 AD 98 98 27 29 38 C1 DC D0 2B 1C DC
..m@...')8...+..
[java] ... no IV used for this cipher
[java] %% Server resumed [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[java] main, READ: TLSv1 Change Cipher Spec, length = 1
[java] main, READ: TLSv1 Handshake, length = 32
[java] *** Finished
[java] verify_data: { 118, 17, 113, 93, 80, 136, 119, 75, 181, 180,
92, 119 }
[java] ***
[java] main, WRITE: TLSv1 Change Cipher Spec, length = 1
[java] *** Finished
[java] verify_data: { 161, 172, 242, 50, 208, 52, 88, 200, 8, 141,
79, 241 }
[java] ***
[java] main, WRITE: TLSv1 Handshake, length = 32
[java] main, WRITE: TLSv1 Application Data, length = 338
[java] main, WRITE: TLSv1 Application Data, length = 242
[java] main, READ: TLSv1 Application Data, length = 227
[java] main, READ: TLSv1 Application Data, length = 300
[java] Exception in thread "main"
com.sun.xml.internal.ws.client.ClientTransportException: The server
sent HTTP status code 401: Unauthorized
[java] at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:196)
[java] at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:168)
[java] at
com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:83)
[java] at
com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:105)
[java] at
com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:587)
[java] at
com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:546)
[java] at
com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:531)
[java] at
com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:428)
[java] at com.sun.xml.internal.ws.client.Stub.process(Stub.java:211)
[java] at
com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:124)
[java] at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:98)
[java] at
com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
[java] at
com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107)
[java] at $Proxy29.sayHelloWorld(Unknown Source)
In my webservice the authentication policy that I am using is
policy:Wssp1.2-2007-Https.xml.
What I understand is that my request is being rejected from server side.
How to debug or identify this? Can anybody please help me in understanding
what is happening here.
Thanks in Advance Paddy
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)