• Bug
  • Status: Resolved
  • 2 Major
  • Resolution: Fixed
  • ljacomet
  • Reporter: mmoldenh
  • December 05, 2012
  • 0
  • Watchers: 7
  • January 28, 2013
  • January 28, 2013

Description

I am getting an issue when trying to setup WebLogic Application Server to a secured TerracottaEE cluster.

Apparently, retrieving the tc config from the terracotta server is unsuccessful due to the following Caused by: java.lang.ClassCastException: weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection at com.tc.util.io.ServerURL.openStream(ServerURL.java:64) at com.tc.config.schema.setup.sources.ServerConfigurationSource.getInputStream(ServerConfigurationSource.java:39) at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.trySource(StandardXMLFileConfigurationCreator.java:361) at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.getConfigDataSourceStrean(StandardXMLFileConfigurationCreator.java:307) at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.loadConfigDataFromSources(StandardXMLFileConfigurationCreator.java:240) at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.loadConfigAndSetIntoRepositories(StandardXMLFileConfigurationCreator.java:129) at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.createConfigurationIntoRepositories(StandardXMLFileConfigurationCreator.java:111) at com.terracotta.express.StandaloneL1Boot.resolveEmbedded(StandaloneL1Boot.java:193) at com.terracotta.express.StandaloneL1Boot.resolveConfig(StandaloneL1Boot.java:138) … 115 more

Patching the ServerURL code found here http://svn.terracotta.org/svn/tc/dso/trunk/common/src/main/java/com/tc/util/io/ServerURL.java to override the weblogic StreamURLHandler seems to fix the problem.

For example: java.net.URL wsURL = new URL(…,new sun.net.www.protocol.https.Handler());

Comments

Fiona OShea 2013-01-21

any ideas?

Tim Eck 2013-01-22

alex said he would be very upset if I didn’t assign this to him

Alexander Snaps 2013-01-25

Only so I could delegate it ;)

Louis Jacomet Jacomet 2013-01-25

There are two options in this case: * Configure weblogic to use a different Handler, resulting in a javax.net.ssl.HttpsURLConnection for SSL connections ** Properties to set depend on weblogic version, can be any one or multiple: *** -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol *** -Dssl.SocketFactory.provider=com.sun.net.ssl.internal.SSLSocketFactoryImpl *** -DUseSunHttpHandler=true *** -Dweblogic.ssl.JSSEEnabled=true ** Correct combination to be checked in Weblogic documentation, depending on version * Adapt the code to force a specific handler ** Doing it as indicated in the issue description will work for Sun/Oracle VMs, but may be problematic for other VMs (IBM?).

The final recommendation depends on * Do we want to find a solution inside TC code for all VMs supported? * Is it ok to document that we expect the use of the default SSL handler of the VM and require users to adapt configuration?

Louis Jacomet Jacomet 2013-01-25

After a chat with Alex, there is a more general solution as the issue can be refactored to only happen in “test” security setup, i.e. with self-signed certificates.

Louis Jacomet Jacomet 2013-01-28

Code path where the cast needs to happen has been reduced. It is now required only when using the SSL debug properties: * tc.ssl.disableHostnameVerifier * tc.ssl.trustAllCerts

If you are using these properties with Weblogic, you will need to pass extra properties to Weblogic so that it uses Sun handlers. As this depends on weblogic version, see the documentation of your version.