Menu
▾
▴
Re: [Ejbca-develop] WebServerRA for RA adminstrator
|
From: Tomas G. <to...@pr...> - 2011-05-30 07:43:05
|
This is already there, it's in modules/ejbca-ws/resources/META-INF/jboss.xml. This is the reason requests for port 8080 are re-directed to a secure port. Since 8442 already is a secure port, no redirection is made from that. Cheers, Tomas On 05/29/2011 09:13 AM, eilaf mugbil wrote: > Hi Tomas, > > I didn't get you when you said that there is > transport-guarantee=CONFIDENTIAL for the web services. where to put this > option? > > > > Eilaf > > > > On Fri, May 27, 2011 at 9:34 AM, Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > That's probably right. There is a transport-guarantee=CONFIDENTIAL for > the web services. You can use https on port 8442, that does not require > client certificate. > > https://myejbca.server:8442/ejbca/ejbcaws/ejbcaws?wsdl > > Regards, > Tomas > > On 05/26/2011 03:54 PM, Daniel Horn wrote: > > > > > > > > Tomas, > > > > I don't know if this is relevant but if I enter: > > http://myejbca.server:8080/ejbca/ejbcaws/ejbcaws?wsdl > > into my web browser (Firefox 4), it gets redirected to > > https://myejbca.server:8443/ejbca/ejbcaws/ejbcaws?wsdl > > > > Could this be what is causing the authentication problem that I'm > seeing for > > getEjbcaVersion ? > > > > Thanks, > > > > Dan > > > > > > > > -----Original Message----- > > From: ejb...@li... > <mailto:ejb...@li...> > > [mailto:ejb...@li... > <mailto:ejb...@li...>] > > Sent: Thursday, May 26, 2011 6:19 AM > > To: ejb...@li... > <mailto:ejb...@li...> > > Subject: Ejbca-develop Digest, Vol 60, Issue 8 > > > > Send Ejbca-develop mailing list submissions to > > ejb...@li... > <mailto:ejb...@li...> > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > or, via email, send a message with subject or body 'help' to > > ejb...@li... > <mailto:ejb...@li...> > > > > You can reach the person managing the list at > > ejb...@li... > <mailto:ejb...@li...> > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Ejbca-develop digest..." > > > > > > Today's Topics: > > > > 1. Re: WebServerRA for RA adminstrator (Daniel Horn) > > 2. Re: WebServerRA for RA adminstrator (Tomas Gustavsson) > > 3. Re: WebServerRA for RA adminstrator (eilaf mugbil) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Wed, 25 May 2011 14:04:43 -0400 > > From: "Daniel Horn" <da...@si... <mailto:da...@si...>> > > Subject: Re: [Ejbca-develop] WebServerRA for RA adminstrator > > To: <ejb...@li... > <mailto:ejb...@li...>> > > Message-ID: <02fd01cc1b06$3a57fb60$af07f220$@com> > > Content-Type: text/plain; charset="us-ascii" > > > > Eilaf, > > > > I suggest making the change to WebServiceConnection.java that I > described > > earlier. > > It's possible that the change of getEjbcaVersion requiring > authentication > > was made in an earlier version than I thought. > > > > If the problem still occurs, run the java app from a command line. > When you > > press the verification button, you should see some kind of stack trace > > printed in your command/terminal window. Copy and paste that text > into a > > message back to me. > > > > Thanks, > > > > Dan > > > > > > > > -----Original Message----- > > From: ejb...@li... > <mailto:ejb...@li...> > > [mailto:ejb...@li... > <mailto:ejb...@li...>] > > Sent: Wednesday, May 25, 2011 1:21 PM > > To: ejb...@li... > <mailto:ejb...@li...> > > Subject: Ejbca-develop Digest, Vol 60, Issue 7 > > > > Send Ejbca-develop mailing list submissions to > > ejb...@li... > <mailto:ejb...@li...> > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > or, via email, send a message with subject or body 'help' to > > ejb...@li... > <mailto:ejb...@li...> > > > > You can reach the person managing the list at > > ejb...@li... > <mailto:ejb...@li...> > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Ejbca-develop digest..." > > > > > > Today's Topics: > > > > 1. Re: WebServerRA for RA adminstrator (Tham Wickenberg) > > 2. Re: WebServerRA for RA adminstrator (Tham Wickenberg) > > 3. Re: WebServerRA for RA adminstrator (Daniel Horn) > > 4. Re: WebServerRA for RA adminstrator (eilaf mugbil) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Wed, 25 May 2011 13:05:01 +0200 > > From: Tham Wickenberg <ejb...@pr... > <mailto:ejb...@pr...>> > > Subject: Re: [Ejbca-develop] WebServerRA for RA adminstrator > > To: ejb...@li... > <mailto:ejb...@li...> > > Message-ID: <4DD...@pr... > <mailto:4DD...@pr...>> > > Content-Type: text/plain; charset="iso-8859-1" > > > > Hi Eilaf. > > > > This sounds like it is probably a bug (or a configuration problem). If > > you could send me some details on how you have configured it and any > > error messages I can create an issue in Jira for someone to look > into this. > > > > Kind regards, > > Tham Wickenberg > > PrimeKey Solutions AB > > > > On 5/25/11 11:31 AM, eilaf mugbil wrote: > >> Hi, > >> > >> > >> Yes, I mean that. I have no problem accessing the CA server, but the > >> problem in the Verification failure!! > >> How it's fail while I can create entities,... etc. I haven't change > >> the original code. Is it a problem in the sample code? > >> > >> > >> > >> > >> > >> Regards, > >> Eilaf > >> > >> On Wed, May 25, 2011 at 10:55 AM, Tomas Gustavsson > <to...@pr... <mailto:to...@pr...> > >> <mailto:to...@pr... <mailto:to...@pr...>>> wrote: > >> > >> > >> Hi, > >> > >> What is WebServerRA? Do you mean the WebServiceRA sample code, > >> http://blog.ejbca.org/2011/02/new-webservicera-application.html? > >> > >> If you can do everything you want, I guess you don't have any > >> problems? > >> > >> Cheers, > >> Tomas > >> > >> > >> On 05/24/2011 06:16 PM, eilaf mugbil wrote: > >> > Hi all, > >> > > >> > > >> > I have a proplem with the WebServerRA that used for > RA-admintrator, > >> > after I set all settings and press verify to verify > settings provide > >> > access to web server, a verification is failure with message > >> "The web > >> > server URL is incorrect or it's server can't be accessed " > , BUT > >> I CAN > >> > CREATE ENTITIES AND VIEW THEM!!! > >> > I CAN DO ALL THE FUNCTIONALITIES I WANT! > >> > Is this a bug?? how can I fix this? > >> > > >> > > >> > > >> > > >> > Regards, > >> > > >> > -- > >> > Eilaf Hamad Elnil Mugbil > >> > University Of Khartoum > >> > School Of Mathematical science > >> > > >> > > >> > > >> > > >> > > > ---------------------------------------------------------------------------- > > -- > >> > vRanger cuts backup time in half-while increasing security. > >> > With the market-leading solution for virtual backup and > recovery, > >> > you get blazing-fast, flexible, and affordable data protection. > >> > Download your free trial now. > >> > http://p.sf.net/sfu/quest-d2dcopy1 > >> > > >> > > >> > > >> > _______________________________________________ > >> > Ejbca-develop mailing list > >> > Ejb...@li... > <mailto:Ejb...@li...> > >> <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > >> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > >> > >> > > > ---------------------------------------------------------------------------- > > -- > >> vRanger cuts backup time in half-while increasing security. > >> With the market-leading solution for virtual backup and recovery, > >> you get blazing-fast, flexible, and affordable data protection. > >> Download your free trial now. > >> http://p.sf.net/sfu/quest-d2dcopy1 > >> _______________________________________________ > >> Ejbca-develop mailing list > >> Ejb...@li... > <mailto:Ejb...@li...> > >> <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > >> > >> > >> > >> > >> -- > >> Eilaf Hamad Elnil Mugbil > >> University Of Khartoum > >> School Of Mathematical science > >> > >> > >> > > > ---------------------------------------------------------------------------- > > -- > >> vRanger cuts backup time in half-while increasing security. > >> With the market-leading solution for virtual backup and recovery, > >> you get blazing-fast, flexible, and affordable data protection. > >> Download your free trial now. > >> http://p.sf.net/sfu/quest-d2dcopy1 > >> > >> > >> _______________________________________________ > >> Ejbca-develop mailing list > >> Ejb...@li... > <mailto:Ejb...@li...> > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > > > ------------------------------ > > > > Message: 2 > > Date: Wed, 25 May 2011 13:14:52 +0200 > > From: Tham Wickenberg <ejb...@pr... > <mailto:ejb...@pr...>> > > Subject: Re: [Ejbca-develop] WebServerRA for RA adminstrator > > To: ejb...@li... > <mailto:ejb...@li...> > > Message-ID: <4DD...@pr... > <mailto:4DD...@pr...>> > > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Actually since the WebBased RA is not a part of EJBCA I can not create > > an issue for this in the EJBCA issue tracker. You could contact Daniel > > Horn to notify him about this! > > > > Regards, > > Tham > > > > > > On 5/25/11 1:05 PM, Tham Wickenberg wrote: > >> Hi Eilaf. > >> > >> This sounds like it is probably a bug (or a configuration > problem). If > >> you could send me some details on how you have configured it and any > >> error messages I can create an issue in Jira for someone to look into > >> this. > >> > >> Kind regards, > >> Tham Wickenberg > >> PrimeKey Solutions AB > >> > >> On 5/25/11 11:31 AM, eilaf mugbil wrote: > > > > > > > > > > ------------------------------ > > > > Message: 3 > > Date: Wed, 25 May 2011 10:18:10 -0400 > > From: "Daniel Horn" <da...@si... <mailto:da...@si...>> > > Subject: Re: [Ejbca-develop] WebServerRA for RA adminstrator > > To: <ejb...@li... > <mailto:ejb...@li...>> > > Message-ID: <02e801cc1ae6$9423b4b0$bc6b1e10$@com> > > Content-Type: text/plain; charset="us-ascii" > > > > Eilaf, > > > > > > > > It's definitely a bug. I have seen the same problem after > updating to EJBCA > > 4.0.1. > > > > Am I correct in thinking you are using version 4.x? > > > > > > > > The purpose of the "verification" button was to check that the URL > for the > > server was correct. > > > > > > > > Basically, what it does is to make a web service call to the > single method > > that does not require authentication, getEjbcaVersion. > > > > If successful, then a success message appears and the version > string is > > displayed on the settings dialog. > > > > > > > > What is happening is that this call now (with version 4.0.1, at least) > > requires authentication. > > > > According to the web service interface reference, > > http://ejbca.org/ws/index.html : > > > > All methods have to be called using client authenticated https > otherwise an > > AuthorizationDenied exception will be thrown. > > > > > > > > To avoid getting the error message, you should go into > > WebServiceConnection.java, and change the test() method, > > > > so that urlstr just uses the value of urlstr0 instead of the non-https > > version of the same url. > > > > > > > > Question to the EJBCA developers: > > > > Is there a reason why getEjbcaVersion cannot remain an > unauthenticated call? > > > > As mentioned above, I have always used it as a simple test to make > sure that > > everything else is working correctly before looking into > authentication > > problems. > > > > > > > > Dan > > > > > > > > > > > > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > > > ------------------------------ > > > > Message: 4 > > Date: Wed, 25 May 2011 20:20:56 +0300 > > From: eilaf mugbil <eil...@gm... > <mailto:eil...@gm...>> > > Subject: Re: [Ejbca-develop] WebServerRA for RA adminstrator > > To: ejb...@li... > <mailto:ejb...@li...> > > Message-ID: <BANLkTim7h=RQt...@ma... > <mailto:RQt...@ma...>> > > Content-Type: text/plain; charset="windows-1252" > > > > Hi Dan, > > > > > > No, I'm using EJBCA version 3_11_0. I used the WebServiceRA before > and every > > thing is OK, even the verification. But now I'm using it with > another server > > in a clustered environment, I'm using it with a server that works as a > > master server,I used a virtual IP to represents both (the master > and the > > slave), I accessed the server through the WebServiceRA using the > virtual IP, > > Is this makes the problem? > > I haven't notice any other difference between both servers > > > > > > Regards, > > Eilaf > > > > > > > > On Wed, May 25, 2011 at 5:18 PM, Daniel Horn <da...@si... > <mailto:da...@si...>> wrote: > > > >> Eilaf, > >> > >> > >> > >> It?s definitely a bug. I have seen the same problem after > updating to > >> EJBCA 4.0.1. > >> > >> Am I correct in thinking you are using version 4.x? > >> > >> > >> > >> The purpose of the ?verification? button was to check that the > URL for the > >> server was correct. > >> > >> > >> > >> Basically, what it does is to make a web service call to the single > > method > >> that does not require authentication, getEjbcaVersion. > >> > >> If successful, then a success message appears and the version > string is > >> displayed on the settings dialog. > >> > >> > >> > >> What is happening is that this call now (with version 4.0.1, at > least) > >> requires authentication. > >> > >> According to the web service interface reference, > >> http://ejbca.org/ws/index.html : > >> > >> All methods have to be called using client authenticated https > otherwise > > an > >> AuthorizationDenied exception will be thrown. > >> > >> > >> > >> To avoid getting the error message, you should go into > >> WebServiceConnection.java, and change the test() method, > >> > >> so that urlstr just uses the value of urlstr0 instead of the > non-https > >> version of the same url. > >> > >> > >> > >> Question to the EJBCA developers: > >> > >> Is there a reason why getEjbcaVersion cannot remain an > unauthenticated > >> call? > >> > >> As mentioned above, I have always used it as a simple test to > make sure > >> that everything else is working correctly before looking into > > authentication > >> problems. > >> > >> > >> > >> Dan > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > ---------------------------------------------------------------------------- > > -- > >> vRanger cuts backup time in half-while increasing security. > >> With the market-leading solution for virtual backup and recovery, > >> you get blazing-fast, flexible, and affordable data protection. > >> Download your free trial now. > >> http://p.sf.net/sfu/quest-d2dcopy1 > >> _______________________________________________ > >> Ejbca-develop mailing list > >> Ejb...@li... > <mailto:Ejb...@li...> > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > >> > >> > > > > > > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > -- > Eilaf Hamad Elnil Mugbil > University Of Khartoum > School Of Mathematical science > > > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |