Unable to lookup if SSL is enabled in Websphere 8.5

此生再无相见时 提交于 2019-12-13 14:12:47

问题


I have written a simple ejb thin client to look up the bean deployed in IBM WebSphere 8.5.

When SSL was not enabled on the server I was successfully able to lookup the bean , but as soon as I enabled the SSL , I started getting the below mentioned exception.

This is how I enabled the security thru admin console :

Exception:

javax.naming.NamingException: Error getting WsnNameService properties [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible  vmcid: IBM  minor code: E07  completed: No]
at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1552)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(WsnInitCtxFactory.java:1042)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCtxFactory.java:962)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(WsnInitCtxFactory.java:614)
at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128)
at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:765)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
at javax.naming.InitialContext.lookup(InitialContext.java:436)
at nh.indi.test.S2SCommTest.lookupServiceEJB(S2SCommTest.java:55)
at nh.indi.test.S2SCommTest.main(S2SCommTest.java:22) 
Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible  vmcid: IBM  minor code: E07  completed: No
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1276)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1342)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1164)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1308)
at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1886)
at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1264)
at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458)
at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServiceStub.java:38)
at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1549)
... 10 more

Code :

public static void main(String args[]) throws NamingException {

    Properties ejbProps = new Properties();
    ejbProps.put("org.omg.CORBA.ORBClass", "com.ibm.CORBA.iiop.ORB");
    ejbProps.put(Context.INITIAL_CONTEXT_FACTORY,
            "com.ibm.websphere.naming.WsnInitialContextFactory");
    ejbProps.put(Context.PROVIDER_URL, "corbaloc:iiop:160.XX.XX.XX:2809");

    InitialContext ffmContext = new InitialContext(ejbProps);
    Object remoteObject = ffmContext
            .lookup("ejb/MyAppEar-CLUSTER/MyAppEJB.jar/BatchIdTrackingBean#indi.nh.business.framework.bos.di.BatchIdTrackingBeanRemote");

    BatchIdTrackingBeanRemote serviceTester = (BatchIdTrackingBeanRemote) PortableRemoteObject
            .narrow(remoteObject, BatchIdTrackingBeanRemote.class);

    System.out.println(serviceTester);

}

While running the program I am also passing the sas.client.props file location present in my local file system as mentioned here. 1

-Dcom.ibm.CORBA.ConfigURL=file:///C:/Temp/docs/S2S_Docs/sas.client.props

1 : How to connect to a websphere Application Server 8.5 Message Queue while Administrative Security is enabled

Can anybody please help me how to test it successfully with SSL enabled on the websphere app server or what i am missing in my client side or server side configuration.


回答1:


You also need to add this property to java command: -Dcom.ibm.CORBA.ConfigURL=file:///home/user1/sas.client.props

You can copy the ssl.client.props file (in addition to sas.client.props) from the WebSphere Application Server installation. You need to at least update the location of the key files in the ssl.client.props file to the match where you created or copied the key files. For example,

-Dcom.ibm.ssl.keyStore=/home/user1/etc/key.p12 -Dcom.ibm.ssl.trustStore=/home/user1/etc/trust.p12

When you run the client again, it should prompt you to add signer to the trust store if it is not there.

More details at: https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/tcli_ejbthinclient.html



来源:https://stackoverflow.com/questions/35003351/unable-to-lookup-if-ssl-is-enabled-in-websphere-8-5

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!