Hi!

I'm developing an application that needs to sync two different web services on both .NET and J2EE platform, using JBoss AS 7. I've already created all the WS-T stuff (MSTDC on .NET, WS-AT wsdl, JBOSSTS with XTS configuration, handlers for the J2EE services, etc).

After a lot of reading, all seems to be working fine.., except for just one las thing. When the JaxWSHeaderContextProcessor receives the request with an incoming transaction, it detects it ok and tries to register on MSTDC service as a participant. MS requires this communication to be done with SSL and sends the coordinator URL as https.

At this moment, JBoss initates the communication with this endpoint creating a CXF client, but when sending the register message, fails throwing an SSL exception pasted at the end of this post.

I've configured the standalone-xts.xml with system properties and the corresponding certificates (both signing and trustore, paired with the MSTDC configuration so there is mutual trust between Jboss and .NET).

I've also tried by creating the cxf.xml configuration on WEB-INF/classes and setting it by parameter (on standalone.sh as -Dcxf.config.file) without success.

Finally, trying to detect where could be the problem, I've downloaded Apache CXF source (2.4.6 version, same as included on JBoss) and debugged it to see how the HttpConduit is being configured. To test it, I've setted the attribute "disableCNCheck="true", but on debug time, the HttpConduit used to send the message to MSDTC has that property setted to false.

At this point, it seems clear to me that CXF is ignoring my configuration for the dynamic client. ¿Any clues on what i could be doing wrong? ¿Could be that JBoss is ignoring the cxf configuration? I'm running out of ideas .

Thanks in advance!

Here is my cxf configuration file:

 <http:conduit name="*.http-conduit">


             <http:tlsClientParameters disableCNCheck="true">
                <sec:keyManagers keyPassword="123456">
                     <sec:keyStore type="JKS" password="123456"
                          file="C:\\wsat.keystore"/>
                </sec:keyManagers>
                <sec:trustManagers>
                    <sec:keyStore type="JKS" password="123456"
                         file="C:\\wsat.truststore"/>
                </sec:trustManagers>
                <sec:cipherSuitesFilter>
                  <!-- these filters ensure that a ciphersuite with
                    export-suitable or null encryption is used,
                    but exclude anonymous Diffie-Hellman key change as
                    this is vulnerable to man-in-the-middle attacks -->
                  <sec:include>.*_EXPORT_.*</sec:include>
                  <sec:include>.*_EXPORT1024_.*</sec:include>
                  <sec:include>.*_WITH_DES_.*</sec:include>
                <sec:include>.*_WITH_AES_.*</sec:include>
                  <sec:include>.*_WITH_NULL_.*</sec:include>
                  <sec:exclude>.*_DH_anon_.*</sec:exclude>
                </sec:cipherSuitesFilter>
            </http:tlsClientParameters>
      <http:client AutoRedirect="true" Connection="Keep-Alive"/>


   </http:conduit>

And finally the exception:

[org.apache.cxf.phase.PhaseInterceptorChain] (http--127.0.0.1-8080-1) Inter

ceptor for {http://docs.oasis-open.org/ws-tx/wscoor/2006/06}RegistrationService#{http://docs.oasis-o

pen.org/ws-tx/wscoor/2006/06}RegisterOperation has thrown exception, unwinding now: org.apache.cxf.i

nterceptor.Fault: Could not send Message.

        at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handle

Message(MessageSenderInterceptor.java:64)

        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:364)

        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317)

        at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)

        at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)

        at $Proxy102.registerOperation(Unknown Source)  at com.arjuna.wsc11.RegistrationCoordinator.

register(RegistrationCoordinator.java:54) [jbossxts-4.16.2.Final.jar:]

        at com.arjuna.mwlabs.wst11.at.remote.TransactionManagerImple.registerParticipant(Transaction

ManagerImple.java:156) [jbossxts-4.16.2.Final.jar:]

        at com.arjuna.mwlabs.wst11.at.remote.TransactionManagerImple.enlistForDurableTwoPhase(Transa

ctionManagerImple.java:41) [jbossxts-4.16.2.Final.jar:]

        at org.jboss.jbossts.txbridge.inbound.InboundBridgeManager.createMapping(InboundBridgeManage

r.java:140) [jbosstxbridge-4.16.2.Final.jar:]

        at org.jboss.jbossts.txbridge.inbound.InboundBridgeManager.getInboundBridge(InboundBridgeMan

ager.java:77) [jbosstxbridge-4.16.2.Final.jar:]

        at org.jboss.jbossts.txbridge.inbound.JaxWSTxInboundBridgeHandler.handleInbound(JaxWSTxInbou

ndBridgeHandler.java:93) [jbosstxbridge-4.16.2.Final.jar:]

        at org.jboss.jbossts.txbridge.inbound.JaxWSTxInboundBridgeHandler.handleMessage(JaxWSTxInbou

ndBridgeHandler.java:59) [jbosstxbridge-4.16.2.Final.jar:]

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandleMessage(HandlerChainInvoker.

java:335)

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeHandlerChain(HandlerChainInvoker.j

ava:253)

        at org.apache.cxf.jaxws.handler.HandlerChainInvoker.invokeProtocolHandlers(HandlerChainInvok

er.java:131)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessageInternal(SOAPHandle

rInterceptor.java:168)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterce

ptor.java:123)

        at org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterce

ptor.java:70)

        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:1

21)

        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java

:207)

        at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:91)

        at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:169

)

        at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.ja

va:185)

        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-

1.0.0.Final.jar:1.0.0.Final]

        at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135)

        at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.0.3.G

A.jar:2.0.3.GA]

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-

1.0.0.Final.jar:1.0.0.Final]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j

ava:329) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

[jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbos

sweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbos

sweb-7.0.13.Final.jar:]

        at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)

[jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]

        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociati

onValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7

.0.13.Final.jar:]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7

.0.13.Final.jar:]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossw

eb-7.0.13.Final.jar:]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0

.13.Final.jar:]

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.

13.Final.jar:]

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja

va:671) [jbossweb-7.0.13.Final.jar:]

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.

Final.jar:]

        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_29]

Caused by: javax.net.ssl.SSLException: SSLException invoking https://localhost/WsatService/

Registration/Coordinator11/: Unrecognized SSL message, plaintext connection?

        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.6.0_29]

        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:

39) [rt.jar:1.6.0_29]

        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorIm

pl.java:27) [rt.jar:1.6.0_29]

        at java.lang.reflect.Constructor.newInstance(Constructor.java:513) [rt.jar:1.6.0_29]

        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.ja

va:1430)

        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1415

)

        at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)

        at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:648)

        at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handle

Message(MessageSenderInterceptor.java:62)

        ... 47 more

Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

        at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523) [jsse.

jar:1.6]

        at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355) [jsse.jar:1.6]

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830) [jsse.jar:1

.6]

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:117

0) [jsse.jar:1.6]

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) [jsse.

jar:1.6]

        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) [jsse.

jar:1.6]

        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) [jsse.jar:1.6]

        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHtt

psURLConnection.java:166) [jsse.jar:1.6]

        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)

[rt.jar:1.6.0_29]

        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.

java:230) [jsse.jar:1.6]

        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(H

TTPConduit.java:1367)

        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.ja

va:1309)

        at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:42)

        at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:

69)

        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1387

)

        ... 50 more

09:56:07,506 ERROR [org.jboss.jbossts.txbridge] (http--127.0.0.1-8080-1) com.arjuna.wst.SystemExcept

ion: javax.xml.ws.WebServiceException: Could not send Message.