我已经设置了一个 EJB 客户端,它可以在没有 SSL/TLS 的情况下成功连接到remote+http://localhost:8080。
现在,我已经创建了一个信任库和密钥库,并按照此处的 Wildfly 文档中的说明设置 SSL/TLS。
我的wildfly-config.xml包含以下内容:
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default-config"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default-config">
<set-user-name name="${user}"/>
<credentials>
<clear-password password="${password}"/>
</credentials>
<sasl-mechanism-selector selector="#ALL" />
<providers>
<use-service-loader />
</providers>
</configuration>
</authentication-configurations>
<key-stores>
<key-store name="im-keystore" type="JKS">
<file name="client.truststore"/>
<key-store-clear-password password="xxx"/>
</key-store>
</key-stores>
<ssl-contexts>
<ssl-context name="im-ssl-context">
<trust-store key-store-name="im-keystore"/>
<protocol names="TLSv1.2"/>
</ssl-context>
</ssl-contexts>
<ssl-context-rules>
<rule use-ssl-context="im-ssl-context"/>
</ssl-context-rules>
</authentication-client>
服务器配置如下:
<tls>
<key-stores>
<key-store name="httpsKS">
<credential-reference clear-text="xxx"/>
<implementation type="JKS"/>
<file path="server.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="httpsKM" key-store="httpsKS">
<credential-reference clear-text="xxx"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="httpsSSC" protocols="TLSv1.2" key-manager="httpsKM"/>
</server-ssl-contexts>
</tls>
和
<https-listener name="https" socket-binding="https" ssl-context="httpsSSC" enable-http2="true"/>
现在,ejb 客户端在连接到 remote+https://localhost:8443 时抛出以下异常:
LOG 2019-06-13T12:12:56Z [XNIO-1 task-1] TRACE org.jboss.remoting.endpoint - Registered exception result
org.xnio.http.UpgradeFailedException: Invalid response code 200
at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:471) ~[xnio-api-3.6.5.Final.jar:3.6.5.Final]
at org.xnio.http.HttpUpgrade$HttpUpgradeState$UpgradeResultListener.handleEvent(HttpUpgrade.java:400) ~[xnio-api-3.6.5.Final.jar:3.6.5.Final]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) ~[xnio-api-3.6.5.Final.jar:3.6.5.Final]
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) ~[xnio-api-3.6.5.Final.jar:3.6.5.Final]
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) ~[xnio-nio-3.6.5.Final.jar:3.6.5.Final]
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) ~[xnio-nio-3.6.5.Final.jar:3.6.5.Final]
有什么想法吗?
事实证明,缺少一个额外的远程连接器,该连接器指向undertow小节中定义的https-listener connector-ref:
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
<http-connector name="https-remoting-connector" connector-ref="https" security-realm="ApplicationRealm"/>
</subsystem>