dev@glassfish.java.net

Re: how does asadmin avoid this exception...

From: vince kraemer <Vince.Kraemer_at_Sun.COM>
Date: Thu, 15 Oct 2009 07:51:51 -0700

Hmm.

I am glad to hear that Bill is trying to make --secure obsolete....

Since the isSecurePort method tells you that the port is secure, I
figure he won't need to retry... why try to connect when you know that
it will fail... He may want to go straight to making a Https connection...

That is what I am doing in the NB plugin.

You may end up getting the sun.security.validator.ValidatorException
when you try to use the connection... since the domain does not have a
nice trusted certificate... The JVM for asadmin may trust the cert from
domain1... The NB IDE doesn't.

Thanks,
vbk

kedar wrote:
> asadmin attempts a plaintext connection and if it gets a SocketException,
> then it examines to see if the server is actually https and not http.
> The code that determines this is in:
> <v3>/common/common-util/.../NetUtils.java, method: isSecurePort().
>
> That method tries to do some test that tells us with some confidence
> if the
> server is really secure. (JF, you contributed this code, right?) Then
> asadmin
> just reports the same to the user (i.e. server appears secure, retry with
> --secure).
>
> Incidentally, Bill is fixing asadmin code such that we are now going to
> attempt an https connection if http connection fails (a bug filed by you,
> apparently).
>
> In the exception stack trace you get, do you have SocketException or
> something else? (YMMV, because it's not clear exactly what exception
> you'll get when you try something like this).
>
> vince kraemer wrote:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>> I want to extend the v3 plugin for NetBeans to 'play well' with a
>> domain that has a secured admin listener and I am being thwarted by
>> this...
>>
>> I figure we must have code that copes with this in the admin cli. A
>> pointer to the right place to start would be great...
>>
>> Thanks,
>> vbk
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.