I like it when users can be successful and focusing on their app.
vbk
kedar wrote:
> I don't know if the encoding is messed up on this message :(
> It showed up as garbage. Use UTF-8 as char encoding.
>
> kedar wrote:
>>
>>
>> vince kraemer wrote:
>>> Hmm.
>>>
>>> I am glad to hear that Bill is trying to make --secure obsolete....
>>
>> Not really. Making it obsolete would be a bad idea. What he's trying is
>> improve user experience in the case where you forgot to put an explicit
>> --secure even when server is secure. It's a good practice on users' part
>> to have an explicit --secure. I wouldn't advocate for forgetting about
>> --secure.
>>
>>>
>>> Since the isSecurePort method tells you that the port is secure, I
>>> figure he won't need to retry... why try to connect when you know
>>> that it will fail... He may want to go straight to making a Https
>>> connection...
>>
>> Wow. That means you take the overhead every time even when the server is
>> secure. Note that asadmin is separate from server. It does not know the
>> server is secure unless you tell it so via --secure. The other route is:
>> when --secure is false (default for all asadmin) and then when you get
>> a known exception (that indicates server might be secure), try a
>> secure connection. Retrying is the right thing to do.
>>
>>> That is what I am doing in the NB plugin.
>>
>> You could consider changing that, if you are always doing
>> isSecurePort first.
>>
>>> You may end up getting the sun.security.validator.ValidatorException
>>> when you try to use the connection... since the domain does not have
>>> a nice trusted certificate... The JVM for asadmin may trust the cert
>>> from domain1... The NB IDE doesn't.
>>
>> When the domain is created, its (self-signed) cert is already added to
>> asadmin's trust-store (see my other message to users' alias).
>>
>>>
>>> Thanks,
>>> vbk
>>>
>>> kedar wrote:
>>>> asadmin attempts a plaintext connection and if it gets a
>>>> SocketException,
>>>> then it examines to see if the server is actually https and not http.
>>>> The code that determines this is in:
>>>> <v3>/common/common-util/.../NetUtils.java, method: isSecurePort().
>>>>
>>>> That method tries to do some test that tells us with some
>>>> confidence if the
>>>> server is really secure. (JF, you contributed this code, right?)
>>>> Then asadmin
>>>> just reports the same to the user (i.e. server appears secure,
>>>> retry with
>>>> --secure).
>>>>
>>>> Incidentally, Bill is fixing asadmin code such that we are now
>>>> going to
>>>> attempt an https connection if http connection fails (a bug filed
>>>> by you,
>>>> apparently).
>>>>
>>>> In the exception stack trace you get, do you have SocketException or
>>>> something else? (YMMV, because it's not clear exactly what exception
>>>> you'll get when you try something like this).
>>>>
>>>> vince kraemer wrote:
>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>> failed:
>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>> to find valid certification path to requested target
>>>>> I want to extend the v3 plugin for NetBeans to 'play well' with
>>>>> a domain that has a secured admin listener and I am being thwarted
>>>>> by this...
>>>>>
>>>>> I figure we must have code that copes with this in the admin cli.
>>>>> A pointer to the right place to start would be great...
>>>>>
>>>>> Thanks,
>>>>> vbk