Submit My Question - Recent Questions - Recent Answer
java >> Security >> Java Secure Socket Extension (JSSE)

HTTPSURLConnection Problem

Java Swing client through HTTPSURLConnection talks to a load-balancer server (Apache 2.2.3 with

mod_ssl /openSSL 0.9.8) running 443 port which inturn forwards request to 2 JBoss servers

(Webserver Tomcat) running in 8080 port.

Above is the setup

When I send a Object through HTTPSURLCOnnection's ObjectOutputStream to servlet through

load-balancer, it throws EOFException while doing the following operation

request.getInputStream().

Below is the code of Java Swing Client :

//

publicvoid swingToSvltSSL(){

try{

HttpsURLConnection conn = getSSLOutputConnection();

OutputStream os = conn.getOutputStream();

//java.io.ByteArrayOutputStream bos = new java.io.ByteArrayOutputStream();

ObjectOutputStream obj =new ObjectOutputStream(os);

System.out.println(" Object table is "+objectTable);

obj.writeObject(objectTable);

os.flush();

os.close();

InputStream is = conn.getInputStream();

//

java.io.ObjectInputStream objIn =new java.io.ObjectInputStream(is);

objectTable = (java.util.Hashtable) objIn.readObject();

//

}

catch(java.io.EOFException ex){

objectTable =null;

}

catch(Exception e){

System.out.println("Exception at the swingToSvlt "+e);

}

}

private HttpsURLConnection getSSLOutputConnection()throws Exception{

try{

buildDocument();

URL url =new URL(protocol, ipAddress, portNumber, document);

System.out.println(" URL is "+url);

hts = (HttpsURLConnection) url.openConnection();

hts.setHostnameVerifier(new javax.net.ssl.HostnameVerifier(){

publicboolean verify(String hostname, javax.net.ssl.SSLSession certHostName)

{

returntrue;

}

});

hts.setUseCaches(false);

hts.setDefaultUseCaches(false);

hts.setDoInput(true);

hts.setDoOutput(true);

hts.setSSLSocketFactory(getSSLFactory());

}

catch(Exception e){

throw e;

}

return hts;

}

private SSLSocketFactory getSSLFactory()

{

System.out.println(" At the ssl factory new");

SSLSocketFactory factory =null;

try{

SSLContext ctx;

factory = createSSLContext().getSocketFactory();

System.out.println(" Factory is "+factory);

return factory;

}catch (Exception e){

e.printStackTrace();

returnnull;

//throw new IOException(e.getMessage());

}

}

}

//

Below is the code in servlet :

publicvoid getFromSwing(HttpServletRequest request)

{

try{

InputStream is = request.getInputStream();

java.io.ObjectInputStream objIn =new java.io.ObjectInputStream(is);

objectTable = (java.util.Hashtable) objIn.readObject();

}

catch(java.io.EOFException ex)

{

ex.printStackTrace();

objectTable =null;

}

catch(Exception e){

System.out.println("Exception is l"+e);

}

// end of servlet part

Getting java.io.EOFException while trying to read the object >>objectTable =

(java.util.Hashtable) objIn.readObject();

Same code works very fine with HTTPUrlConnection (i.e., without SSL)

Whether SSL transportation corrupts the request stream?

Please help me out.[/code]

Rgds

Venquet

[5769 byte] By [venquetta] at [2007-11-15]
«« Send mail from a weblogic web application
»» Data member comman for number of classes
# 1
Get rid of os.close() in the sending code.
ejpa at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 2

Hi,

I removed that os.close() also, still throwing EOFException, my question is whether ServletStream gets encrypted while sending through HTTPS to proxy server, but proxy server talks with Upstream server (JBoss) through HTTP port.

Any one worked with same scenario, if can you plz give me the solution.

Rgds

Venquet

venquetta at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 3
The CONNECT command is sent to the proxy server in plain text.Thereafter, the entire conversation is in SSL. The proxy server doesn't decrypt and re-encrypt, it just passes the raw bytes back and forth without even knowing what they are.
ejpa at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 4

Basically, I set up the SSL port in load-balancer server (Apache) not in JBoss, so this Apache server acts as load-balancer as well as does the SSL also. JBoss server receives HTTP request from the load-balancer server. This is the set-up I have, so swing client connects to Apache HTTP Server through SSL channel, Apache HTTP Server directs the request to JBoss.

Rgds

Venquet

venquetta at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 5
In that case I suspect Apache is absorbing the SSL and talking plaintext to JBoss, but don't quote me.
ejpa at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
# 6
Exactly, Apache talks to jboss as plain text. GET method parameters are accessible in JBoss (i.e., request.getParameter("name") ) but if I tried to read the inputstream of request to ObjectINputstream , I am getting EOFException.RgdsVenquet
venquetta at 2007-7-12 > top of java,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security Hot Topic

Security New Topic

Security

Site Classified