How to configure DFC to work with SSL-service

KerkhoffC

Hi all,

our application needs to get data from a web-service via https/SSL.

We tested the web-service using SoapUI on the client machine (works fine).

When the service is launched from within the DCTM-JAR file, it returns "401 (unauthorized)".

We use "cacerts" as keystore located in the jre/lib/security directory.

I found some documentation on SSL-configuration for DFC.PROPERTIES but none of them showed effects.

Where/How do we have to configure SSL-settings.

Any hints appreciated

best regards,

Carsten

SapConsistencyService.java

check_consistencyServiceLocator.java

_check_consistencySoapBindingStub.java

_check_consistencyProxy.java

_check_consistency.java

Find more posts tagged with

Comments

Hartmut_Clausen

Could you please post the code that you use to call the webservice?

KerkhoffC

Code-files added...

Hope they don't confuse

Hartmut_Clausen

Can you please tell us where (file name and line number) the error occurs?

You wrote:

When the service is launched from within the DCTM-JAR file, it returns "401 (unauthorized)".

That is not very clear. The only dctm.jar I know off belongs to the DFC and contains only a manifest. I believe you mean something different.

Maybe you should also post the stacktrace of the error.

KerkhoffC

Had to recode/redeploy for stacktrace...

Exception is thrown in file _Bay0_Ad_edm0005_consistencySoapBindingStub.java (line 117, Last line of following code):

public void _BAY0_AD_EDM0005_CONSISTENCY(java.lang.String IV_EQUNR, java.lang.String IV_MATNR, java.lang.String IV_TPLNR, javax.xml.rpc.holders.StringHolder EV_EXISTS, javax.xml.rpc.holders.StringHolder EV_LVORM, javax.xml.rpc.holders.StringHolder EV_MSTAE) throws java.rmi.RemoteException {

if (super.cachedEndpoint == null) {

throw new org.apache.axis.NoEndPointException();

}

org.apache.axis.client.Call _call = createCall();

_call.setOperation(_operations[0]);

_call.setUseSOAPAction(true);

_call.setSOAPActionURI("");

_call.setEncodingStyle(null);

_call.setProperty(org.apache.axis.client.Call.SEND_TYPE_ATTR, Boolean.FALSE);

_call.setProperty(org.apache.axis.AxisEngine.PROP_DOMULTIREFS, Boolean.FALSE);

_call.setSOAPVersion(org.apache.axis.soap.SOAPConstants.SOAP11_CONSTANTS);

_call.setOperationName(new javax.xml.namespace.QName("urn:sap-com:document:sap:rfc:functions", "_-BAY0_-AD_EDM0005_CONSISTENCY"));

setRequestHeaders(_call);

setAttachments(_call);

try { java.lang.Object _resp = _call.invoke(new java.lang.Object[] {IV_EQUNR, IV_MATNR, IV_TPLNR});

...

EXCEPTION-LOG:

19:19:38,234 ERROR [http-8801-1] SapConsistencyService.checkFunctionalLocationConsistency - StackTrace: AxisFault

faultCode: {http://xml.apache.org/axis/}HTTP

faultSubcode:

faultString: (401)Unauthorized

faultActor:

faultNode:

faultDetail:

{}:return code: 401

<html><head><title>Logon Error Message</title><META http-equiv="Content-Type" content="text/html;charset=UTF-8"><style type="text/css">body { font-family:tahoma,helvetica,sans-serif;color:#333333;background-color:#FFFFFF; }td { font-family:tahoma,helvetica,sans-serif;font-size:70%;color:#333333; }h1 { font-family:tahoma,helvetica,sans-serif;font-size:160%;font-weight:bold;margin-top:15px;margin-bottom:3px;color:#003366; }h2 { font-family:verdana,helvetica,sans-serif;font-size:120%;font-style:italic;font-weight:bold;margin-top:6px;margin-bottom:6px;color:#999900; }p { font-family:tahoma,helvetica,sans-serif;color:#333333;margin-top:4px;margin-bottom:4px; }ul { font-family:tahoma,helvetica,sans-serif;color:#333333;list-style-type:square;margin-top:8px;margin-bottom:8px; }li { font-family:tahoma,helvetica,sans-serif;color:#33333;margin-top:4px; }.emphasize { color:#333333;background-color:#C8E3FF;padding:5px;}.note { color:#CC6600; }a { font-family:tahoma,helvetica,sans-serif;text-decoration:underline;color:#336699; }a:visited { color:#001166; }a:hover { text-decoration:none; }</style></head><body><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td><h1>Anmeldung fehlgeschlagen</h1><br><h2>Was ist passiert ?</h2><p>Der Aufruf der URL https://xxxxxxxxx.com:44300/sap/bc/srt/rfc/BAY0/_-bay0_-ad_edm0005_consistencySoapBinding wurde aufgrund fehlerhafter Anmeldedaten abgebrochen.</p></td></tr><tr><td>&nbsp;</td></tr><tr><td class="emphasize"><strong>Hinweis</strong><br>Die Anmeldung wurde im System D2C ausgeführt. Hierbei wurden keine Anmeldedaten bereitgestellt.</td></tr><tr><td>&nbsp;</td></tr><tr><td><p> &nbsp;</p><h2>Was können Sie tun ?</h2><ul><li> Falls Sie noch über keine Benutzerkennung verfügen, so wenden Sie sich an Ihren Systemadministrator. </li></ul></br><p class="note">Fehlercode: ICF-LE-https-c:528-l:-T:-C:6-U:-P:-L:6</p></br><p> HTTP 401 - Unauthorized</br><p> Ihr xxxxxxxxxxxxxxxk Team</p></td></tr></table></body></html>

{http://xml.apache.org/axis/}HttpErrorCode:401

(401)Unauthorized

at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)

at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)

at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)

at org.apache.axis.client.Call.invokeEngine(Call.java:2784)

at org.apache.axis.client.Call.invoke(Call.java:2767)

at org.apache.axis.client.Call.invoke(Call.java:2443)

at org.apache.axis.client.Call.invoke(Call.java:2366)

at org.apache.axis.client.Call.invoke(Call.java:1812)

at com.cxf.sap.webservice.consistency._Bay0_Ad_edm0005_consistencySoapBindingStub._BAY0_AD_EDM0005_CONSISTENCY(_Bay0_Ad_edm0005_consistencySoapBindingStub.java:117)

at com.cxf.sap.webservice.consistency.SapConsistencyService.checkFunctionalLocationConsistency(SapConsistencyService.java:53)

at com.cxf.dctm.OfDocumentController.fillInvalidValuesList(OfDocumentController.java:4808)

at com.cxf.dctm.OfDocumentController.checkTechnicalObjectsConsistency(OfDocumentController.java:4768)

at com.cxf.dctm.bof.tbo.Impl.OfType.checkSapConsistency(OfType.java:329)

at com.cxf.dctm.bof.tbo.Impl.OfType.doCheckin(OfType.java:265)

at com.documentum.fc.client.DfSysObject.checkinEx(DfSysObject.java:800)

at com.documentum.fc.client.DfSysObject.checkin(DfSysObject.java:793)

at com.cxf.dctm.bof.tbo.Impl.OfType___PROXY.checkin(OfType___PROXY.java)

at com.documentum.operations.nodeactions.inbound.DfCheckinObject.checkin(DfCheckinObject.java:309)

at com.documentum.operations.nodeactions.inbound.DfCheckinObject.execute(DfCheckinObject.java:39)

at com.documentum.operations.steps.impl.OperationStep.executeStep(OperationStep.java:151)

at com.documentum.operations.steps.impl.OperationStep.execute(OperationStep.java:40)

at com.documentum.operations.impl.OperationExecutionEngine.execute(OperationExecutionEngine.java:51)

at com.documentum.operations.DfOperation.execute(DfOperation.java:342)

at com.documentum.operations.inbound.impl.InboundOperation.execute(InboundOperation.java:104)

at com.docway.server.library.z.b(Unknown Source)

at com.docway.server.library.z.a(Unknown Source)

at com.docway.server.transfer.TransferServer.checkin(Unknown Source)

at com.docway.api.v6.util.TransferServlet.processRequest(Unknown Source)

at com.docway.api.v6.util.CredentialedServlet.handleRequest(Unknown Source)

at com.wingspan.web.http.servlet.impl.PlatformServlet.service(Unknown Source)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)

at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)

at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)

at java.lang.Thread.run(Thread.java:619)

jmalyik

Hi,

The webservice is hosted on linux? If I'm right, the host OS under your service runs out of entropy.

It works properly from SOAPUi becuase the manual tests not results so many parallel connections that the application occurs while run.

I think this should be the first thing that you have to check if you want to use Linux with HTTPS/SSL.

Regards,

Magic

Ps.: A good starting point about entropy

Ps2.: A useful JVM parameter

KerkhoffC

After detail-checking the stacktrace and compare it with SoapUI-data we discovered a wrong address used as URL.

We will recreate the webService-client to check this.

The currently used URL brings up an authentication-dialog, which definitly cannot be answered/handled by the webservice-client.

Thanls so far for the responses...

mnmnmnmnm

http://playive.com/soccer/002sc.html

mnmnmnmnm

http://playive.com/soccer/002sc.html