Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    HttpProxyServet not working with 2 way SSL and SmartGWT v6

    We are in the process of updating our code base to work with SmartGWT v6. We have encountered an issue with making web service calls on the client to a server different from the web server. This has been working with the same java keystore, Tomcat configuration and java code and an older version of SmartGWT. The only thing that changed was upgrading to SmartGWT v6 from a much older version. Below is information on the problem. Note the below code will work properly if we use a non-SSL REST server. The problem appears as though the HttpProxyServlet does not forward the web server cert to the remote REST server.

    Any ideas?


    Brower: Firefox
    Tomcat: v7
    SmartGWT: v11.0p_2016-05-12/PowerEdition Deployment 2016-05-12

    Code Snippet
    DataSource ds = new DataSource();
    ds.setDataFormat(DSDataFormat.XML);
    ds.setDataURL("https://mysite.com/employee.xml?employeeId=123");
    ds.fetchData();

    SmartGWT log snippets
    2016-06-03 13:13:51,100 INFO [com.isomorphic.servlet.HttpProxyServlet] HttpProxy - No rules defined - proxying all incoming URLs.
    ...
    2016-06-03 13:13:52,100 INFO [com.isomorphic.servlet.HttpProxyServlet] HttpProxy - ProxyData is: { xsi:"blahschema",
    url:"https://mysite.com/employee.xml?employeeId=123", httpMethod:"GET", params:{}, contentType:null, requestBody:null, username:null,
    password:null, httpHeaders:null, uploadFileName:null,callbackParam:null}
    2016-06-03 13:13:53,100 INFO [com.isomorphic.servlet.HttpProxyServlet] HttpProxy - Fatal transport error: Remote host close connection during
    handshake



    On Tomcat/REST server
    ssl logging enabled and it says "SSLHandshakeException: null cert chain"


    #2
    SSL is configured directly with the JVM, not through SmartGWT. So it seems like in your upgrade process, you are testing in a new JVM where you do not have your certs installed.

    Comment


      #3
      I went back and did more testing with previous versions of SmartGWT to isolate the problem. I recompiled our application using SmartGWT v3.1, 4.1, 5.1 and 6.0. With everything the same (our application code, jvm version, tomcat version, config files), HttpProxy with 2 way SSL works fine with SmartGWT v3.1 and v4.1 but FAILS with v5.1 and v6.0. I also noticed in the 5.0 release notes (http://www.smartclient.com/smartgwt/release_notes.html) something changed with the underlying libraries used for HttpProxyServlet as shown below.

      Since this used to work up to v4.1 but no longer works, can you go back and see if there is something missing or broken in SmartGWT?
      Maven Support

      • Maven: switched HttpProxyServlet and other server-side users of httpClient library to new library

      Comment


        #4
        Again, this configuration is done at the JVM level - in a proxy implementation like ours, we don't have or need code to handle SSL. So there is not normally a way for our code to specifically break SSL, and what has likely happened here is that the JVM-level configuration needed is slightly different.

        You should first verify that you can make SSL connections at all through the proxy, to a public SSL site such as https://www.google.com. If that's not working, try just making such a connection from a single Java program with no SmartGWT at all, and get that working before returning to SmartGWT's HttpProxyServlet.

        Note also, we do have a documented setting - setAcceptInvalidAndExpiredSSLCertificates() - which you might try, even if you believe your certificates are not the problem, just to see if you get a better error message from the low-level JVM code that is throwing this error. You should also share more details of that error message here - the full server log for the request is the standard thing to post.

        Comment

        Working...
        X