admin@glassfish.java.net

Re: Problem with secure admin?

From: Joe Di Pol <joe.dipol_at_oracle.com>
Date: Wed, 12 Jan 2011 10:53:56 -0800

To close the loop on this: pilot error!

Both Tim and I were mistakenly using an older JDK on the client when
we saw the problem. Lesson learned:

Use the following to double check your asadmin client Java version:

$ asadmin version --local --verbose
Using locally retrieved version string from version class.
Version = GlassFish Server Open Source Edition 3.1-b37 (build 37)
asadmin Java Runtime Environment version: 1.6.0_23



On 01/12/11 09:44 AM, Tim Quinn wrote:
> I have just updated the issue because I can reproduce the problem on a Linux system and
> build 37, but only with Java SE 1.6.0_23. _22 works fine.
>
> Joe, can you drop back to _22 on Solaris and update the issue with what you find?
>
> - Tim
>
> On Jan 12, 2011, at 11:34 AM, Joe Di Pol wrote:
>
>> On 01/12/11 07:59 AM, Tim Quinn wrote:
>>> Hi, Joe.
>>>
>>> I have not seen anything like this, although I routinely run on Mac OS X. I just updated
>>> to r 44436 and rebuilt and it still works fine for me.
>>>
>>> Is this a consistent failure for you or intermittent?
>>>
>>> Are you positive that both the client and the server are using 1.6.0_22 or later?
>>
>> I'm going to triple check this again. It is a consistent failure. Chris
>> is going to try and reproduce it as well.
>>
>> I filed a bug on this. I'll update it with my findings:
>> http://java.net/jira/browse/GLASSFISH-15539
>>
>> Joe
>>
>>
>>>
>>> - Tim
>>>
>>> On Jan 11, 2011, at 8:28 PM, Joe Di Pol wrote:
>>>
>>>>
>>>> I'm running a private build based on r44408. When I enable secure-admin
>>>> I start having trouble making connections to the DAS -- sometimes even
>>>> when on the same host. I'm using JDK 1.6.0_23. I've seen this on Linux
>>>> and Solaris 11. Here is what I do:
>>>>
>>>> asadmin start-domain
>>>> asadmin enable-secure-admin
>>>> asadmin stop-domain
>>>> asadmin start-domain
>>>>
>>>> This all seems to work OK. Then I try:
>>>>
>>>> asadmin version
>>>>
>>>> and it can't connect to localhost:4848
>>>>
>>>> Note that I was never presented with a certificate to accept.
>>>>
>>>> The DAS log has the exception below. Is anybody else seeing a problem?
>>>> I will try to reproduce with an formal build.
>>>>
>>>> Joe
>>>>
>>>>
>>>> [#|2011-01-11T18:10:07.674-0800|WARNING|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=19;_ThreadName=Thread-1;|processorTask.exceptionSSLcert
>>>>
>>>>
>>>> javax.net.ssl.SSLHandshakeException: Insecure renegotiation is not allowed
>>>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.kickstartHandshake(SSLEngineImpl.java:635)
>>>> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:689)
>>>> at com.sun.grizzly.util.SSLUtils.doPeerCertificateChain(SSLUtils.java:559)
>>>> at com.sun.grizzly.filter.SSLReadFilter.doPeerCertificateChain(SSLReadFilter.java:340)
>>>> at com.sun.grizzly.ssl.SSLProcessorTask.action(SSLProcessorTask.java:153)
>>>> at com.sun.grizzly.tcp.Request.action(Request.java:430)
>>>> at com.sun.grizzly.tcp.http11.GrizzlyRequest.getAttribute(GrizzlyRequest.java:835)
>>>> at com.sun.grizzly.tcp.http11.GrizzlyRequest.getUserPrincipal(GrizzlyRequest.java:1834)
>>>> at com.sun.enterprise.v3.admin.AdminAdapter.authenticate(AdminAdapter.java:266)
>>>> at com.sun.enterprise.v3.admin.AdminAdapter.authenticate(AdminAdapter.java:309)
>>>> at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:218)
>>>> at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
>>>> at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
>>>> at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:234)
>>>> at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:818)
>>>> at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
>>>> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1008)
>>>> at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
>>>> at
>>>> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
>>>> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
>>>> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
>>>> at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
>>>> at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
>>>> at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
>>>> at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
>>>> at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
>>>> at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
>>>> at java.lang.Thread.run(Thread.java:662)
>>>> |#]
>>>>
>>>> [#|2011-01-11T18:10:07.682-0800|SEVERE|glassfish3.1|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=19;_ThreadName=Thread-1;|service
>>>>
>>>> exception
>>>> java.lang.RuntimeException: ClientAbortException: java.io.IOException: SSLOutputWriter:
>>>> CLOSED
>>>> at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:254)
>>>> at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
>>>> at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
>>>> at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:234)
>>>> at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:818)
>>>> at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
>>>> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1008)
>>>> at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
>>>> at
>>>> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
>>>> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
>>>> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
>>>> at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
>>>> at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
>>>> at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
>>>> at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
>>>> at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
>>>> at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
>>>> at java.lang.Thread.run(Thread.java:662)
>>>> Caused by: ClientAbortException: java.io.IOException: SSLOutputWriter: CLOSED
>>>> at com.sun.grizzly.tcp.http11.GrizzlyOutputBuffer.doFlush(GrizzlyOutputBuffer.java:439)
>>>> at com.sun.grizzly.tcp.http11.GrizzlyOutputBuffer.flush(GrizzlyOutputBuffer.java:405)
>>>> at com.sun.grizzly.tcp.http11.GrizzlyOutputStream.flush(GrizzlyOutputStream.java:140)
>>>> at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:251)
>>>> ... 17 more
>>>> Caused by: java.io.IOException: SSLOutputWriter: CLOSED
>>>> at com.sun.grizzly.util.SSLOutputWriter.flushChannel(SSLOutputWriter.java:98)
>>>> at com.sun.grizzly.ssl.SSLOutputBuffer.flushChannel(SSLOutputBuffer.java:138)
>>>> at
>>>> com.sun.grizzly.http.SocketChannelOutputBuffer.flushBuffer(SocketChannelOutputBuffer.java:398)
>>>>
>>>>
>>>> at
>>>> com.sun.grizzly.http.SocketChannelOutputBuffer.flush(SocketChannelOutputBuffer.java:376)
>>>> at com.sun.grizzly.http.ProcessorTask.action(ProcessorTask.java:1236)
>>>> at com.sun.grizzly.ssl.SSLProcessorTask.action(SSLProcessorTask.java:164)
>>>> at com.sun.grizzly.tcp.Response.action(Response.java:268)
>>>> at com.sun.grizzly.tcp.http11.GrizzlyOutputBuffer.doFlush(GrizzlyOutputBuffer.java:434)
>>>> ... 20 more
>>>> |#]
>>>>
>>>
>>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.