I don't know if the encoding is messed up on this message :(
It showed up as garbage. Use UTF-8 as char encoding.
kedar wrote:
>
>
> vince kraemer wrote:
>> Hmm.
>>
>> I am glad to hear that Bill is trying to make --secure obsolete....
>
> Not really. Making it obsolete would be a bad idea. What he's trying is
> improve user experience in the case where you forgot to put an explicit
> --secure even when server is secure. It's a good practice on users' part
> to have an explicit --secure. I wouldn't advocate for forgetting about
> --secure.
>
>>
>> Since the isSecurePort method tells you that the port is secure, I
>> figure he won't need to retry... why try to connect when you know that
>> it will fail... He may want to go straight to making a Https
>> connection...
>
> Wow. That means you take the overhead every time even when the server is
> secure. Note that asadmin is separate from server. It does not know the
> server is secure unless you tell it so via --secure. The other route is:
> when --secure is false (default for all asadmin) and then when you get
> a known exception (that indicates server might be secure), try a
> secure connection. Retrying is the right thing to do.
>
>> That is what I am doing in the NB plugin.
>
> You could consider changing that, if you are always doing isSecurePort
> first.
>
>> You may end up getting the sun.security.validator.ValidatorException
>> when you try to use the connection... since the domain does not have a
>> nice trusted certificate... The JVM for asadmin may trust the cert
>> from domain1... The NB IDE doesn't.
>
> When the domain is created, its (self-signed) cert is already added to
> asadmin's trust-store (see my other message to users' alias).
>
>>
>> Thanks,
>> vbk
>>
>> kedar wrote:
>>> asadmin attempts a plaintext connection and if it gets a
>>> SocketException,
>>> then it examines to see if the server is actually https and not http.
>>> The code that determines this is in:
>>> <v3>/common/common-util/.../NetUtils.java, method: isSecurePort().
>>>
>>> That method tries to do some test that tells us with some confidence
>>> if the
>>> server is really secure. (JF, you contributed this code, right?) Then
>>> asadmin
>>> just reports the same to the user (i.e. server appears secure, retry
>>> with
>>> --secure).
>>>
>>> Incidentally, Bill is fixing asadmin code such that we are now going to
>>> attempt an https connection if http connection fails (a bug filed by
>>> you,
>>> apparently).
>>>
>>> In the exception stack trace you get, do you have SocketException or
>>> something else? (YMMV, because it's not clear exactly what exception
>>> you'll get when you try something like this).
>>>
>>> vince kraemer wrote:
>>>> sun.security.validator.ValidatorException: PKIX path building
>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException:
>>>> unable to find valid certification path to requested target
>>>> I want to extend the v3 plugin for NetBeans to 'play well' with a
>>>> domain that has a secured admin listener and I am being thwarted by
>>>> this...
>>>>
>>>> I figure we must have code that copes with this in the admin cli. A
>>>> pointer to the right place to start would be great...
>>>>
>>>> Thanks,
>>>> vbk
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>