Tag: security

EJB3 over SSL in WildFly 10 automation using Apache Maven plugins.

Hi,

In our some of the previous demos we have seen how the WildFly8 onwards we use the “http-remoting” protocol (using default http connector port 8080) in order to invoke the EJBs. That might not be the case when we want to make sire that the EJB client to the EJB server communication happens in a secure fashion. Many times it is desired to invoke the EJBs over SSL. This is because SSL creates an encrypted connection between your EJB application deployed on WildFly and the EJB client allowing the private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.

The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

What this demo is about?

As part of this demo we will learn about the following things:

– 1. How to create client and server keystores using “keytool”.

– 2. How to create a new SSL based security realm on WildFly.

– 3. Setting up the “https” listener for the undertow subsystem using jboss-cli.sh.

– 4. How to configure the “https-remoting-connector” and refer to it from the EJB3 subsystem using jboss-cli.sh.

– 5. Developing and running EJB3 based application with SSL based client using “https-remoting” protocol on 8443 port.

– 6. How to lookup the DataSource from the Nashorn java script and fetch customer table data from database.

– 7. We will also see how to use various maven plugin like “exec-maven-plugin” and WildFly specific “wildfly-maven-plugin”.

– 8. Troubleshooting some common SSL related issues and finding the solution.

Creating Keystores using keytool

Lets create a directory like “EJB_SSL_Wildfly10/keystores” in our filesystem where we are going to keep the generated keystores. Then create a simple shell script which will use the “$JAVA_HOME/bin/keytool” utility to create the server side keystore and the client side truststore. The same shell script will also export the server’s key and it will import that key to the clients truststore.
So lets create the “EJB_SSL_Wildfly10/keystores/createKeyStore.sh” script as following:


########################################
# Creating Server and Client KeyStores.
########################################
# NOTE: "keytool" is a utility that can be found inside the "$JAVA_HOME/bin" so make sire the PATH includes the JDK's bin directory.

WILDFLY_KEYSTORE="middlewaremagic_server.keystore"
CLIENT_TRUSTSTORE="clientTrustStore.keystore"

WILDFLY_STORE_PWD="middleware+magic"
CLIENT_STORE_PWD="middleware+magic+client"

WILDFLY_EXPORTED_CERTIFICATE="middlewaremagic_server.cer"

WILDFLY_STORE_ALIAS="middlewaremagic_server"
CLIENT_STORE_ALIAS="clientalias"

echo ""
echo ""
echo "Creating WildFly Server side Keystore. (${WILDFLY_KEYSTORE})"
echo "----------------------------------------"
keytool -genkey -v -alias ${WILDFLY_STORE_ALIAS} -keyalg RSA -keysize 1024 -keystore ${WILDFLY_KEYSTORE} -validity 3650 -keypass ${WILDFLY_STORE_PWD} -storepass ${WILDFLY_STORE_PWD} -dname "CN=127.0.0.1, OU=MiddlewareMagic, O=Blog, L=Bangalore, S=Karnataka, C=IN"


echo ""
echo ""
echo "Exporting the key (${WILDFLY_EXPORTED_CERTIFICATE}) from the  WildFly ServerSide keystore."
echo "----------------------------------------"
keytool -export -keystore ${WILDFLY_KEYSTORE} -alias ${WILDFLY_STORE_ALIAS} -file ${WILDFLY_EXPORTED_CERTIFICATE} -keypass ${WILDFLY_STORE_PWD} -storepass ${WILDFLY_STORE_PWD}


echo ""
echo ""
echo "Creating Client side Keystore/truststore. (${CLIENT_TRUSTSTORE})"
echo "----------------------------------------"
keytool -genkey -v -alias ${CLIENT_STORE_ALIAS} -keyalg RSA -keysize 1024 -keystore ${CLIENT_TRUSTSTORE} -validity 3650 -keypass ${CLIENT_STORE_PWD} -storepass ${CLIENT_STORE_PWD} -dname "CN=127.0.0.1, OU=MiddlewareMagic, O=Blog, L=Bangalore, S=Karnataka, C=IN"


echo ""
echo ""
echo "Importing the WildFLy Servers key ${WILDFLY_EXPORTED_CERTIFICATE} to the Client's truststore ${CLIENT_TRUSTSTORE}."
echo "----------------------------------------"
keytool -import -v -trustcacerts -alias ${WILDFLY_STORE_ALIAS} -file ${WILDFLY_EXPORTED_CERTIFICATE} -keystore ${CLIENT_TRUSTSTORE} -keypass ${CLIENT_STORE_PWD} -storepass ${CLIENT_STORE_PWD}


echo "Certificates created Successfully !!!"

Configuring WildFly 10 to use SSL

As the Keystores/Truststores are created properly hence lets configure the WildFly to use the SSL configuration. We will follow the below steps to achieve the needed configuration:

Step-1). Copy the keystore file “EJB_SSL_Wildfly10/keystores/middlewaremagic_server.keystore” inside the “wildfly-10.0.0.CR5/standalone/configuration” directory.

Step-2). Create an empty file with name “httpsrealm-users.properties” inside the “wildfly-10.0.0.CR5/standalone/configuration” directory. This file we will use to store the user informations for our custom realm “HttpsRealm” related users. These users will be able to invoke the EJBs deployed on WildFly over SSL.

Step-3). Now lets execute the following CLI commands which will configure the “HttpsRealm” and the Https listener along with the required “https-remoting-connector”. So lets start the “$WILDFLY_HOME/bin/jboss-cli.sh” and execute the following commands:


##### 1). Creating SSL based "HttpsRealm"  #####

/core-service=management/security-realm=HttpsRealm/:add
/core-service=management/security-realm=HttpsRealm/server-identity=ssl:add(keystore-path="middlewaremagic_server.keystore", keystore-password="middleware+magic", key-password="middleware+magic", alias="middlewaremagic_server", keystore-relative-to=jboss.server.config.dir)
/core-service=management/security-realm=HttpsRealm/authentication=properties:add(path=httpsrealm-users.properties, relative-to=jboss.server.config.dir, plain-text=false)
:reload

##### 2). Configuring Undertow to add https connector and setting up the "remoting" and "ejb3" subsystems.  #####

/subsystem=undertow/server=default-server/https-listener=default-https/:add(security-realm=HttpsRealm,socket-binding=https,enabled-protocols=TLSv1.2)
/subsystem=remoting/http-connector=https-remoting-connector/:add(connector-ref=default-https,sasl-protocol=remote,security-realm=HttpsRealm)
/subsystem=ejb3/service=remote/:write-attribute(name=connector-ref,value=https-remoting-connector)
:reload

Step-4). Add a user to the “HttpsRealm” using the following command so that the users information will be stored inside the “httpsrealm-users.properties” file.

$ cd /PATH/TO/wildfly-10.0.0.CR5/bin

$ ./add-user.sh --user-properties httpsrealm-users.properties --realm HttpsRealm -u ejbUserOne -p ejbPasswordOne@123

Added user 'ejbUserOne' to file '/PATH/TO//wildfly-10.0.0.CR5/standalone/configuration/httpsrealm-users.properties'
Added user 'ejbUserOne' to file '/PATH/TO//wildfly-10.0.0.CR5/domain/configuration/httpsrealm-users.properties'

Developing EJB3 Application and SSL based Client

Step-5). As we are going to create a Maven based project which will have the “EJB” project and the “EJB client” project modules. Hence lets create the needed directory structure first as following:

$ mkdir -p EJB_SSL_Wildfly10/client/src/main/java/client

$ mkdir -p EJB_SSL_Wildfly10/client/src/main/java/ejb3

$ mkdir -p EJB_SSL_Wildfly10/client/src/main/resources

$ mkdir -p EJB_SSL_Wildfly10/ejb/src/main/java/ejb3

Step-6). Now we will start creating the “MathRemote.java” EJB remote interface inside the “EJB_SSL_Wildfly10/ejb/src/main/java/ejb3” directory as following:

package ejb3;
import javax.ejb.Remote;

@Remote
public interface MathRemote {
	public int add(int x, int y);
	public String sayHello(String name);
}

Step-7). Lets create the Stateless Session Bean the “MathBean.java” inside the “EJB_SSL_Wildfly10/ejb/src/main/java/ejb3” directory as following:

package ejb3;
import javax.ejb.Stateless;
import ejb3.MathRemote;

@Stateless
public class MathBean implements MathRemote {

	public int add(int x, int y){
		int result=x+y;
		System.out.println("[MathBean] add(int x, int y) is called returning : " + result);
		return result;
	}
	
	public String sayHello(String name) {
	    String result = "[MathBean] Hello, " + name;
		System.out.println("[MathBean] sayHello(String "+name+") is called returning : " + result);
		return result;
	}
}

Step-8). As the EJBs are written hence lets write the EJB client code using the WildFly ejb client API based approach. Create a class “StandaloneClient.java” inside the “EJB_SSL_Wildfly10/client/src/main/java/client” as following:

package client;
import ejb3.MathRemote;
import javax.naming.*;
import java.util.*;

public class StandaloneClient {
	public static void main(String args[]) {
          Context context=null;
          String JNDI_NAME="ejb:/EJB_WildFly_Https/MathBean!ejb3.MathRemote"; 
             
          // We are passing the following properties via the maven-exec-plugin
          //System.setProperty("javax.net.ssl.trustStorePassword","middleware+magic+client");
          //System.setProperty("javax.net.ssl.trustStore","/PATH/TO/clientTrustStore.keystore");
          
          try { 
                Properties props = new Properties();
                props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");    
                context = new InitialContext(props);	
                
	            System.out.println("\n\tGot initial Context: "+context);		
           } catch (Exception e) {
                e.printStackTrace();
           }

           try {
		        MathRemote remote=(MathRemote)context.lookup(JNDI_NAME);
	   	        int sum=remote.add(2,10);	
	   	        String result = remote.sayHello("MiddlewareMagic");	
		        System.out.println("\n\t remote.add(2,10) => "+ sum);
		        System.out.println("\n\t remote.sayHello('MiddlewareMagic') => "+ result);		        
    	   } catch(Exception e) {
		       e.printStackTrace();
	       }
	}
}

Step-9). As in the above code we are not using the remote naming based approach to lookup the EJB hence we will need to place a class “jboss-ejb-client.properties” in clients classpath. Hence lets create a file with name “jboss-ejb-client.properties” inside the “EJB_SSL_Wildfly10/client/src/main/resources” directory:

remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port=8443
remote.connection.default.protocol=https-remoting
remote.connection.default.username=ejbUserOne
remote.connection.default.password=ejbPasswordOne@123

remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS=true
remote.connection.default.connect.options.org.xnio.Options.SSL_PROTOCOL=TLSv1.2
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=true

Step-10). We want to package the “MathRemote.java” interface inside the Client jar hence lets place the “MathRemote.java” interface inside the “EJB_SSL_Wildfly10/client/src/main/java/ejb3” directory so that it will be included in the Client JAR.

package ejb3;
import javax.ejb.Remote;

@Remote
public interface MathRemote {
	public int add(int x, int y);
	public String sayHello(String name);
}

Step-11). Lets create the Main “pom.xml” file inside the “EJB_SSL_Wildfly10” directory which will have the “ejb” and “client” modules defined in it as following:

<?xml version="1.0" encoding="UTF-8" ?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

	<modelVersion>4.0.0</modelVersion>
	<groupId>middleware.magic</groupId>
	<artifactId>EJB_WildFly_Https_Demo</artifactId>
	<packaging>pom</packaging>
	<version>1.0</version>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <version.wildfly.bom>10.0.0.CR2</version.wildfly.bom>
        <version.wildfly-maven-plugin>1.0.2.Final</version.wildfly-maven-plugin>
		<version.jboss.spec.javaee7>1.0.3.Final</version.jboss.spec.javaee7>
        <version.exec.plugin>1.2.1</version.exec.plugin>		
		<maven.compiler.target>1.7</maven.compiler.target>
        <maven.compiler.source>1.7</maven.compiler.source>
	</properties>

    <modules>
        <module>ejb</module>
        <module>client</module>
    </modules>

   <repositories>
        <repository>
            <id>jboss-wildfly-group</id>
            <name>JBoss WildFly Maven Repository Group</name>
            <url>https://repository.jboss.org/nexus/content/groups/public/</url>
            <layout>default</layout>
            <releases>
                <enabled>true</enabled>
                <updatePolicy>never</updatePolicy>
            </releases>
            <snapshots>
                <enabled>true</enabled>
                <updatePolicy>never</updatePolicy>
            </snapshots>
        </repository>
    </repositories>
    
    <pluginRepositories>
        <pluginRepository>
            <id>jboss-wildfly-plugin-group</id>
            <name>JBoss WildFly Maven Plugin Repository Group</name>
            <url>https://repository.jboss.org/nexus/content/groups/public/</url>
            <layout>default</layout>
            <releases>
                <updatePolicy>never</updatePolicy>
            </releases>
            <snapshots>
                <updatePolicy>never</updatePolicy>
            </snapshots>
        </pluginRepository>
    </pluginRepositories>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.jboss.spec</groupId>
                <artifactId>jboss-javaee-7.0</artifactId>
                <version>${version.jboss.spec.javaee7}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.wildfly.bom</groupId>
                <artifactId>jboss-javaee-7.0-wildfly</artifactId>
                <version>${version.wildfly.bom}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>
</project>

Step-12). Now Lets create the “pom.xml” for the “ejb” module. Create a file with name “pom.xml” inside “EJB_SSL_Wildfly10/ejb” as following:

<?xml version="1.0" encoding="UTF-8" ?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

	<modelVersion>4.0.0</modelVersion>
    <parent>
    	<groupId>middleware.magic</groupId>
        <artifactId>EJB_WildFly_Https_Demo</artifactId>
        <version>1.0</version>
    </parent>
	<artifactId>EJB_WildFly_Https</artifactId>
	<packaging>jar</packaging>
	<version>1.0</version>
 
    <dependencies>
        <!-- Import the EJB API , Just if needed -->    
        <dependency>
            <groupId>org.jboss.spec.javax.ejb</groupId>
            <artifactId>jboss-ejb-api_3.2_spec</artifactId>
        </dependency>        
        
        <!-- Import the transaction spec API, Just if needed -->
        <dependency>
            <groupId>org.jboss.spec.javax.transaction</groupId>
            <artifactId>jboss-transaction-api_1.2_spec</artifactId>
        </dependency>
    </dependencies>

	<build>
		<defaultGoal>install</defaultGoal>
		<finalName>${artifactId}</finalName>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>2.5.1</version>
				<configuration>
					<source>${maven.compiler.target}</source>
					<target>${maven.compiler.target}</target>
				</configuration>
			</plugin>
			
            <!-- The WildFly Maven Plugin deploys your war to a local WildFly container -->
            <!-- To use, set the JBOSS_HOME environment variable and run: mvn clean install wildfly:deploy -->
            <plugin>
               <groupId>org.wildfly.plugins</groupId>
               <artifactId>wildfly-maven-plugin</artifactId>
               <version>${version.wildfly-maven-plugin}</version>
            </plugin>
		</plugins>
	</build>

</project>

Step-13). Now we will create the “pom.xml” for the “client” module. So lets create another “pom.xml” file inside the “EJB_SSL_Wildfly10/client” as following:

<?xml version="1.0" encoding="UTF-8" ?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

	<modelVersion>4.0.0</modelVersion>
    <parent>
    	<groupId>middleware.magic</groupId>
        <artifactId>EJB_WildFly_Https_Demo</artifactId>
        <version>1.0</version>
    </parent>
	<artifactId>EJB_WildFly_Https_Client</artifactId>
	<packaging>jar</packaging>
	<version>1.0</version>
 
    <dependencies>
        <!-- Import the EJB API , Just if needed -->    
        <dependency>
            <groupId>org.jboss.spec.javax.ejb</groupId>
            <artifactId>jboss-ejb-api_3.2_spec</artifactId>
        </dependency>        
        
        <!-- Import the transaction spec API, Just if needed -->
        <dependency>
            <groupId>org.jboss.spec.javax.transaction</groupId>
            <artifactId>jboss-transaction-api_1.2_spec</artifactId>
        </dependency>
        
        <!-- Needed by the Wildfly EJB Client -->
        <dependency>
	        <groupId>org.wildfly</groupId>
	        <artifactId>wildfly-ejb-client-bom</artifactId>
	        <version>${version.wildfly.bom}</version>
	        <type>pom</type>
	        <scope>runtime</scope>
        </dependency>
        
        <!-- jboss-logging API -->
        <dependency>
            <groupId>org.jboss.logging</groupId>
            <artifactId>jboss-logging</artifactId>
            <scope>runtime</scope>
        </dependency>

    </dependencies>

	<build>
		<defaultGoal>install</defaultGoal>
		<finalName>${project.artifactId}</finalName>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>2.5.1</version>
				<configuration>
					<source>${maven.compiler.target}</source>
					<target>${maven.compiler.target}</target>
				</configuration>
			</plugin>
            <!-- Following plugin will help us in running the Client program mvn exec:exec -->
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>exec-maven-plugin</artifactId>
                <version>${version.exec.plugin}</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>exec</goal>
                        </goals>
                    </execution>
                </executions> 
                <configuration>
                    <executable>java</executable>
                       <arguments>
                           <argument>-Xms512m</argument>
                           <argument>-Xmx512m</argument>
                           <argument>-classpath</argument>
                           <classpath/>   
    <!--CHANGE ME!!! -->   <!--argument>-Djavax.net.debug=all</argument -->       <!-- Use this only for debugging purpose -->                                        
    <!--CHANGE ME!!! -->   <argument>-Djavax.net.ssl.trustStorePassword=middleware+magic+client</argument>
    <!--CHANGE ME!!! -->   <argument>-Djavax.net.ssl.trustStore=/Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/keystores/clientTrustStore.keystore</argument>
                           <argument>client.StandaloneClient</argument>                 
                       </arguments>
                </configuration>                
            </plugin>
		</plugins>
	</build>

</project>

Building and Deploying the application

Step-14). Lets build and deploy this application as following , Start WildFly 10 and open a terminal to run the maven build.

Setting up the environment:
For Unix Based OS

$ export M2_HOME=/PATH/TO/apache_maven_3.2.3
$ export JAVA_HOME=/PATH/TO/jdk1.8.0_60
$ export PATH=$JAVA_HOME/bin:/PATH/TO/apache_maven_3.2.3/bin:$PATH

$ cd EJB_SSL_Wildfly10
$ mvn clean install

For Windows Based OS

$ set M2_HOME=C:\PATH\TO\apache_maven_3.2.3
$ set JAVA_HOME=C:\PATH\TO\jdk1.8.0_60
$ set PATH=%JAVA_HOME%/bin;C:\PATH\TO\apache_maven_3.2.3\bin;%PATH%

$ cd C:\EJB_SSL_Wildfly10
$ mvn clean install 

Now make sure that wildfly is ruinning on localhost:9990 , run the maven build as following [mvn clean install wildfly:deploy] the wildfly:deploy task will find the running wildfly instance and will automatically deploy the WAR.


$ cd  EJB_SSL_Wildfly10

$ mvn clean install

########
OUTOUT
########

$ mvn clean install 
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for middleware.magic:EJB_WildFly_Https:jar:1.0
[WARNING] The expression ${artifactId} is deprecated. Please use ${project.artifactId} instead.
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING] 
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] EJB_WildFly_Https_Demo
[INFO] EJB_WildFly_Https
[INFO] EJB_WildFly_Https_Client
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building EJB_WildFly_Https_Demo 1.0
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ EJB_WildFly_Https_Demo ---
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ EJB_WildFly_Https_Demo ---
[INFO] Installing /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/pom.xml to /Users/jsensharma/.m2/repository/middleware/magic/EJB_WildFly_Https_Demo/1.0/EJB_WildFly_Https_Demo-1.0.pom
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building EJB_WildFly_Https 1.0
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ EJB_WildFly_Https ---
[INFO] Deleting /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ EJB_WildFly_Https ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:compile (default-compile) @ EJB_WildFly_Https ---
[INFO] Compiling 2 source files to /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/target/classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ EJB_WildFly_Https ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:testCompile (default-testCompile) @ EJB_WildFly_Https ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ EJB_WildFly_Https ---
[INFO] No tests to run.
[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ EJB_WildFly_Https ---
[INFO] Building jar: /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/target/EJB_WildFly_Https.jar
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ EJB_WildFly_Https ---
[INFO] Installing /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/target/EJB_WildFly_Https.jar to /Users/jsensharma/.m2/repository/middleware/magic/EJB_WildFly_Https/1.0/EJB_WildFly_Https-1.0.jar
[INFO] Installing /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/pom.xml to /Users/jsensharma/.m2/repository/middleware/magic/EJB_WildFly_Https/1.0/EJB_WildFly_Https-1.0.pom
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building EJB_WildFly_Https_Client 1.0
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ EJB_WildFly_Https_Client ---
[INFO] Deleting /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ EJB_WildFly_Https_Client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:compile (default-compile) @ EJB_WildFly_Https_Client ---
[INFO] Compiling 2 source files to /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/target/classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ EJB_WildFly_Https_Client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:testCompile (default-testCompile) @ EJB_WildFly_Https_Client ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ EJB_WildFly_Https_Client ---
[INFO] No tests to run.
[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ EJB_WildFly_Https_Client ---
[INFO] Building jar: /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/target/EJB_WildFly_Https_Client.jar
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ EJB_WildFly_Https_Client ---
[INFO] Installing /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/target/EJB_WildFly_Https_Client.jar to /Users/jsensharma/.m2/repository/middleware/magic/EJB_WildFly_Https_Client/1.0/EJB_WildFly_Https_Client-1.0.jar
[INFO] Installing /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/pom.xml to /Users/jsensharma/.m2/repository/middleware/magic/EJB_WildFly_Https_Client/1.0/EJB_WildFly_Https_Client-1.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] EJB_WildFly_Https_Demo ............................. SUCCESS [  0.214 s]
[INFO] EJB_WildFly_Https .................................. SUCCESS [  0.848 s]
[INFO] EJB_WildFly_Https_Client ........................... SUCCESS [  0.228 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.557 s
[INFO] Finished at: 2016-01-03T23:53:01+05:30
[INFO] Final Memory: 16M/310M
[INFO] ------------------------------------------------------------------------

Deploying EJB project using wildfly-maven-plugin

Step-15). As the project is build not so lets deploy the EJB project to wildfly as following (First move inside the “EJB_SSL_Wildfly10/ejb” directory) and the run the following command:


$ cd  EJB_SSL_Wildfly10/ejb

$ mvn wildfly:deploy

######
OUTPUT
######
$ mvn wildfly:deploy
[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for middleware.magic:EJB_WildFly_Https:jar:1.0
[WARNING] The expression ${artifactId} is deprecated. Please use ${project.artifactId} instead.
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING] 
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building EJB_WildFly_Https 1.0
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] >>> wildfly-maven-plugin:1.0.2.Final:deploy (default-cli) > package @ EJB_WildFly_Https >>>
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ EJB_WildFly_Https ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:compile (default-compile) @ EJB_WildFly_Https ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ EJB_WildFly_Https ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/ejb/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:testCompile (default-testCompile) @ EJB_WildFly_Https ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ EJB_WildFly_Https ---
[INFO] No tests to run.
[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ EJB_WildFly_Https ---
[INFO] 
[INFO] <<< wildfly-maven-plugin:1.0.2.Final:deploy (default-cli) < package @ EJB_WildFly_Https <<<
[INFO] 
[INFO] --- wildfly-maven-plugin:1.0.2.Final:deploy (default-cli) @ EJB_WildFly_Https ---
Jan 03, 2016 11:55:29 PM org.xnio.Xnio <clinit>
INFO: XNIO version 3.2.2.Final
Jan 03, 2016 11:55:29 PM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.2.2.Final
Jan 03, 2016 11:55:29 PM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 4.0.3.Final
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.587 s
[INFO] Finished at: 2016-01-03T23:55:29+05:30
[INFO] Final Memory: 17M/310M
[INFO] ------------------------------------------------------------------------

Once the application is deployed on WildFLy we should be able to see the following output on the WildFly logs/console:

23:55:29,283 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-8) WFLYSRV0027: Starting deployment of "EJB_WildFly_Https.jar" (runtime-name: "EJB_WildFly_Https.jar")
23:55:29,291 INFO  [org.jboss.weld.deployer] (MSC service thread 1-4) WFLYWELD0003: Processing weld deployment EJB_WildFly_Https.jar
23:55:29,301 INFO  [org.jboss.as.ejb3.deployment] (MSC service thread 1-4) WFLYEJB0473: JNDI bindings for session bean named 'MathBean' in deployment unit 'deployment "EJB_WildFly_Https.jar"' are as follows:

	java:global/EJB_WildFly_Https/MathBean!ejb3.MathRemote
	java:app/EJB_WildFly_Https/MathBean!ejb3.MathRemote
	java:module/MathBean!ejb3.MathRemote
	java:jboss/exported/EJB_WildFly_Https/MathBean!ejb3.MathRemote
	java:global/EJB_WildFly_Https/MathBean
	java:app/EJB_WildFly_Https/MathBean
	java:module/MathBean

23:55:29,306 INFO  [org.jboss.weld.deployer] (MSC service thread 1-6) WFLYWELD0006: Starting Services for CDI deployment: EJB_WildFly_Https.jar
23:55:29,306 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuilder] (ServerService Thread Pool -- 64) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
23:55:29,307 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuilder] (ServerService Thread Pool -- 64) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
23:55:29,307 INFO  [org.jboss.weld.deployer] (MSC service thread 1-7) WFLYWELD0009: Starting weld service for deployment EJB_WildFly_Https.jar
23:55:29,308 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuilder] (ServerService Thread Pool -- 64) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
23:55:29,309 INFO  [org.infinispan.configuration.cache.EvictionConfigurationBuilder] (ServerService Thread Pool -- 64) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
23:55:29,317 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started client-mappings cache from ejb container
23:55:29,390 INFO  [org.jboss.as.server] (management-handler-thread - 6) WFLYSRV0013: Redeployed "EJB_WildFly_Https.jar"
23:55:29,390 INFO  [org.jboss.as.server] (management-handler-thread - 6) WFLYSRV0016: Replaced deployment "EJB_WildFly_Https.jar" with deployment "EJB_WildFly_Https.jar"

Running the SSL based EJB Client project

Step-16). Lets Run the client project in which we are using the WildFly EJB client API based approach to invoke the EJBs deployed on WildFly 10 over SSL. As we have already configured the “maven-exec-plugin” in the client’s pom.xml hence we can run it simply as following: “mvn clean install exec:exec”

$ cd EJB_SSL_Wildfly10/client

$ mvn clean install exec:exec


#######
OUTPUT
#######

[INFO] Scanning for projects...
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building EJB_WildFly_Https_Client 1.0
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ EJB_WildFly_Https_Client ---
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ EJB_WildFly_Https_Client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:compile (default-compile) @ EJB_WildFly_Https_Client ---
[INFO] Compiling 2 source files to /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/target/classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ EJB_WildFly_Https_Client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5.1:testCompile (default-testCompile) @ EJB_WildFly_Https_Client ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ EJB_WildFly_Https_Client ---
[INFO] No tests to run.
[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ EJB_WildFly_Https_Client ---
[INFO] Building jar: /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/target/EJB_WildFly_Https_Client.jar
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ EJB_WildFly_Https_Client ---
[INFO] Installing /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/target/EJB_WildFly_Https_Client.jar to /Users/jsensharma/.m2/repository/middleware/magic/EJB_WildFly_Https_Client/1.0/EJB_WildFly_Https_Client-1.0.jar
[INFO] Installing /Users/jsensharma/NotBackedUp/MM_Tests/WildFly/EJB_SSL_Wildfly10/client/pom.xml to /Users/jsensharma/.m2/repository/middleware/magic/EJB_WildFly_Https_Client/1.0/EJB_WildFly_Https_Client-1.0.pom
[INFO] 
[INFO] --- exec-maven-plugin:1.2.1:exec (default-cli) @ EJB_WildFly_Https_Client ---

	Got initial Context: javax.naming.InitialContext@2eb481ba
Jan 04, 2016 8:55:34 AM org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 2.1.2.Final
Jan 04, 2016 8:55:34 AM org.xnio.Xnio <clinit>
INFO: XNIO version 3.3.2.Final
Jan 04, 2016 8:55:34 AM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.3.2.Final
Jan 04, 2016 8:55:34 AM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 4.0.14.Final
Jan 04, 2016 8:55:35 AM org.jboss.ejb.client.remoting.VersionReceiver handleMessage
INFO: EJBCLIENT000017: Received server version 2 and marshalling strategies [river]
Jan 04, 2016 8:55:35 AM org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate
INFO: EJBCLIENT000013: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@3da9b5c7, receiver=Remoting connection EJB receiver [connection=org.jboss.ejb.client.remoting.ConnectionPool$PooledConnection@50dd3b71,channel=jboss.ejb,nodename=banl13bca644a-6]} on channel Channel ID bdd0d839 (outbound) of Remoting connection 1cf9bb77 to localhost/127.0.0.1:8443

	 remote.add(2,10) => 12

	 remote.sayHello('MiddlewareMagic') => [MathBean] Hello, MiddlewareMagic
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.983 s
[INFO] Finished at: 2016-01-04T08:55:35+05:30
[INFO] Final Memory: 14M/245M
[INFO] ------------------------------------------------------------------------

Some Common Issues

Now we can see that in the above example we are able to invoke the EJB deployed on WildFly using the “https-remoting” protocol over SSL on port 8443. However due to some misconfiguration or incorrect approach we might encounter some issues while running the above sample. Here we are going to discuss about those very common issues which you might encounter while invoking EJB3 over SSL on WildFly. So check the “createKeyStore.sh” script commands got executed properly or not. Specially the “keytool -import -v -trustcacerts” command.

Usually to troubleshoot the SSL related issues it is best to run your code is SSL debug mode which can be done simply by adding the following system property to the JVM start options: “-Djavax.net.debug=all”

Issue-1) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
If you encounter the following error then one of the reason might be that you have not included the Server’s key/certificate in the Client’s truststore.

Jan 03, 2016 6:27:09 PM org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 2.1.2.Final
Jan 03, 2016 6:27:09 PM org.xnio.Xnio <clinit>
INFO: XNIO version 3.3.2.Final
Jan 03, 2016 6:27:09 PM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.3.2.Final
Jan 03, 2016 6:27:09 PM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 4.0.14.Final
Jan 03, 2016 6:27:09 PM org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers
WARN: Could not register a EJB receiver for connection to localhost:8443
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:80)
	at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:158)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)
	at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:281)
	at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:291)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:178)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy19.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:40)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1336)
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
	at org.xnio.ssl.JsseSslConduitEngine.engineWrap(JsseSslConduitEngine.java:353)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:310)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:288)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:404)
	at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:192)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:153)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:78)
	... 16 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1703)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:841)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:839)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273)
	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433)
	... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
	... 24 more

java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:, moduleName:EJB_WildFly_Https, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@41016a75
	at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:798)
	at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
	at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
	at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:255)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:200)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:183)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy19.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:40)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)

Issue-2) InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
If you encounter the following error then one of the reason might be that you have not entered correct path for the Client trustStore in the “-Djavax.net.ssl.trustStore”. So check the path of your truststore is correct or not and if it has the read permission or not.

Jan 04, 2016 9:04:15 AM org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 2.1.2.Final
Jan 04, 2016 9:04:15 AM org.xnio.Xnio <clinit>
INFO: XNIO version 3.3.2.Final
Jan 04, 2016 9:04:15 AM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.3.2.Final
Jan 04, 2016 9:04:15 AM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 4.0.14.Final
Jan 04, 2016 9:04:16 AM org.xnio.ChannelListeners invokeChannelListener
ERROR: XNIO001007: A channel event listener threw an exception
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1333)
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
	at org.xnio.ssl.JsseSslConduitEngine.engineWrap(JsseSslConduitEngine.java:353)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:310)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
	at sun.security.validator.Validator.getInstance(Validator.java:179)
	at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:314)
	at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:173)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:241)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:841)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:839)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273)
	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
	... 10 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
	at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
	at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
	... 24 more

Jan 04, 2016 9:04:16 AM org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers
WARN: Could not register a EJB receiver for connection to localhost:8443
java.lang.RuntimeException: java.nio.channels.ClosedChannelException
	at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:80)
	at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:158)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)
	at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:281)
	at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:291)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:178)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy0.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:27)
Caused by: java.nio.channels.ClosedChannelException
	at org.xnio.ssl.JsseSslConduitEngine.handleWrapResult(JsseSslConduitEngine.java:401)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:310)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:288)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:404)
	at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:192)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:153)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:78)
	... 10 more

Jan 04, 2016 9:04:16 AM org.xnio.ChannelListeners invokeChannelListener
ERROR: XNIO001007: A channel event listener threw an exception
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1333)
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
	at org.xnio.ssl.JsseSslConduitEngine.engineWrap(JsseSslConduitEngine.java:353)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:310)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
	at sun.security.validator.Validator.getInstance(Validator.java:179)
	at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:314)
	at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:173)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:241)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:841)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:839)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273)
	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
	... 10 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
	at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
	at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
	... 24 more

java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:, moduleName:EJB_WildFly_Https, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@dc8a29
	at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:798)
	at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
	at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
	at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:255)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:200)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:183)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy0.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:27)

Issue-3) DIGEST-MD5: Server rejected authentication
If you encounter the following error then double check if you have created correct user in the correct security-realm using the add-user.sh script or not? Make sure that the user is created properly in the Security Realm which you are using. Foe example in this case check the “wildfly-10.0.0.CR5/standalone/configuration/httpsrealm-users.properties” and validate if the user is created properly in that file or not. If not then create a user using add-user.sh script as following:

$ ./add-user.sh –user-properties httpsrealm-users.properties –realm HttpsRealm -u ejbUserOne -p ejbPasswordOne@123

Jan 03, 2016 7:28:21 PM org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 2.1.2.Final
Jan 03, 2016 7:28:21 PM org.xnio.Xnio <clinit>
INFO: XNIO version 3.3.2.Final
Jan 03, 2016 7:28:21 PM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.3.2.Final
Jan 03, 2016 7:28:21 PM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 4.0.14.Final
Jan 03, 2016 7:28:22 PM org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers
WARN: Could not register a EJB receiver for connection to localhost:8443
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   DIGEST-MD5: Server rejected authentication
	at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:80)
	at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:158)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)
	at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:281)
	at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:291)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:178)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy19.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:35)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   DIGEST-MD5: Server rejected authentication
	at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:114)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:393)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:243)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:199)
	at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:113)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:288)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:404)
	at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:192)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:153)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:78)
	... 16 more

java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:, moduleName:EJB_WildFly_Https, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@58675bc2
	at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:798)
	at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
	at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
	at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:255)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:200)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:183)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy19.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:35)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)

Issue-4) CertificateException: No X509TrustManager implementation available
If you encounter the following error then one of the reason might be that you have not entered a correct “trustStorePassword”. Make sure that the truststore password is “-Djavax.net.ssl.trustStorePassword” correct. Again check the “createKeyStore.sh” script to find the correct passwords. Or check if you have your own custom trustStore implementation class defined.

Jan 04, 2016 9:02:05 AM org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 2.1.2.Final
Jan 04, 2016 9:02:05 AM org.xnio.Xnio <clinit>
INFO: XNIO version 3.3.2.Final
Jan 04, 2016 9:02:05 AM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.3.2.Final
Jan 04, 2016 9:02:05 AM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 4.0.14.Final
Jan 04, 2016 9:02:05 AM org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers
WARN: Could not register a EJB receiver for connection to localhost:8443
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:80)
	at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:158)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)
	at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:47)
	at org.jboss.ejb.client.EJBClientContext.getCurrent(EJBClientContext.java:281)
	at org.jboss.ejb.client.EJBClientContext.requireCurrent(EJBClientContext.java:291)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:178)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy0.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:27)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1336)
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
	at org.xnio.ssl.JsseSslConduitEngine.engineWrap(JsseSslConduitEngine.java:353)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:310)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:288)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:404)
	at org.jboss.ejb.client.remoting.EndpointPool$PooledEndpoint.connect(EndpointPool.java:192)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:153)
	at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:133)
	at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:78)
	... 10 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1703)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:841)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:839)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273)
	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
Caused by: java.security.cert.CertificateException: No X509TrustManager implementation available
	at sun.security.ssl.DummyX509TrustManager.checkServerTrusted(SSLContextImpl.java:1096)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433)
	... 18 more

java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:, moduleName:EJB_WildFly_Https, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@2da8bc4f
	at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:798)
	at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)
	at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:186)
	at org.jboss.ejb.client.EJBInvocationHandler.sendRequestWithPossibleRetries(EJBInvocationHandler.java:255)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:200)
	at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:183)
	at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:146)
	at com.sun.proxy.$Proxy0.add(Unknown Source)
	at client.StandaloneClient.main(StandaloneClient.java:27)

.

Source code for this demo is present in :
https://github.com/jaysensharma/MiddlewareMagicDemos/tree/master/WildFly/EJB/EJB_SSL_Wildfly10
.
.
Regards
Jay SenSharma


Accessing JBoss Management Console over Https in JBossAS7.1.2

Hi,

In this demonstration we will see how to access the JBoss Management Console over HTTPS in a secured manner, As it is desired in many production/secure environment to access the JBoss Management Console over https sothat the communication will be in SSL encrypted format. So in this example we will see how to configure the JBoss AS7.1.2 sothat we can connect to JBoss Management Console via SSL port 9991 (management-console-https socket binding).

Step1). First if all we will create Security certificates with the help of JDK provided utility “keytool”, So make sure that the JDK’s bin directory is added in your shell/command prompts PATH variable like following (We are creating the “chap8.keystore” inside “$JBOSS_HOME/standalone/configuration” directory):

.
[userone@localhost ~]$ cd /home/userone/jboss-as-7.1.2.Final/standalone/configuration/

[userone@localhost configuration]$ export PATH=/home/userone/MyJdks/jdk1.6.0_21/bin:$PATH

[userone@localhost configuration] keytool -genkey -keystore chap8.keystore -storepass rmi+ssl -keypass rmi+ssl -keyalg RSA -alias chapter8 -validity 3650 -dname "cn=chapter8 example,ou=admin book,dc=jboss,dc=org"
.

Step2). Make sure that the JBoss AS7.1.2 is running, In our case we started JBossAS7.1.2 “standalone-full.xml” profile.

.
[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml
.

Step3). Now We will configure the <server-identities> for ManagementRealm By specifying the SSL informations. We will use the following CLI Commands in order to achieve the goal

[userone@localhost bin]$ cd /home/userone/jboss-as-7.1.2.Final/bin

[userone@localhost bin]$ ./jboss-cli.sh -c --controller=localhost:9999
.
[standalone@localhost:9999 /] /core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-password="rmi+ssl", keystore-path="chap8.keystore", keystore-relative-to="jboss.server.config.dir", alias="chapter8",protocol="TLSv1")
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}


[standalone@localhost:9999 /] /socket-binding-group=standard-sockets/socket-binding=management-console-https/:add(port=9991,interface=management,fixed-port=false)
{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}


[standalone@localhost:9999 /] /core-service=management/management-interface=http-interface/:write-attribute(name=secure-socket-binding,value=management-console-https)
{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}


[standalone@localhost:9999 /] /core-service=management/management-interface=http-interface/:undefine-attribute(name=socket-binding)
{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}
.

Once your above CLI command is executed successfully you will notice the following in your JBossAS 7.1.2 configuration file “standalone-full.xml”:


    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <server-identities>
                    <ssl protocol="TLSv1">
                        <keystore path="chap8.keystore" relative-to="jboss.server.config.dir" keystore-password="rmi+ssl" alias="chapter8"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <local default-user="$local"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local" allowed-users="*"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
        </security-realms>
        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket-binding native="management-native"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket-binding https="management-console-https"/>
            </http-interface>
        </management-interfaces>
    </management>
    .
    .
    .
    .
    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
         .
         .
        <socket-binding name="management-console-https" interface="management" port="9991" fixed-port="false"/>
         .
         .
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="localhost" port="25"/>
        </outbound-socket-binding>
    </socket-binding-group>

Step4). Now restart your JBoss AS 7.1.2 again as following:

.
[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml 
.

Step5). Now Try to access the JBoss Management Console with the following URL:

https://localhost:9991/console

Achieving same in Domain Mode

In your “master” Host “$JBOSS_HOME/domain/configuration/host.xml” you will need to define the tag as following:

            <security-realm name="ManagementRealm">
                <server-identities>
                    <ssl protocol="TLSv1">
                        <keystore path="chap8.keystore" relative-to="jboss.domain.config.dir" keystore-password="rmi+ssl" alias="chapter8"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <local default-user="$local"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
            </security-realm>

Alter the “http-interface” as following in the same “master” host.xml file.

        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket interface="management" port="${jboss.management.native.port:9999}"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket interface="management" secure-port="9991"/>
            </http-interface>
        </management-interfaces>

Or you can use the following command to achieve the same:

/host=master/core-service=management/management-interface=http-interface/:write-attribute(name=secure-port,value=9991)
/host=master/core-service=management/management-interface=http-interface/:undefine-attribute(name=port)

Restart JBoss EAP6 and then check the CONSOLE output to see if you find the following:

[Host Controller] 10:00:04,445 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015952: Admin console listening on https://127.0.0.1:9991

.
.
Thanks 🙂
MiddlewareMagic Team


Enabling SSL Communication for the Native Management Interface using CLI

Hi,

In this demonstration we will see how to configure Native Management Interface to use the SSL, As it is desired in many production/secure environment to access the JBoss via CLI utility over SSL sothat the communication will be in SSL encrypted format. So in this example we will see how to configure the JBoss AS7.1.2 sothat we can connect to it via SSL port 9443 (management-https socket binding).

Step1). First if all we will create Security certificates with the help of JDK provided utility “keytool”, So make sure that the JDK’s bin directory is added in your shell/command prompts PATH variable like following (We are creating the “chap8.keystore” inside “$JBOSS_HOME/standalone/configuration” directory):

.
[userone@localhost ~]$ cd /home/userone/jboss-as-7.1.2.Final/standalone/configuration/

[userone@localhost configuration]$ export PATH=/home/userone/MyJdks/jdk1.6.0_21/bin:$PATH

[userone@localhost configuration] keytool -genkey -keystore chap8.keystore -storepass rmi+ssl -keypass rmi+ssl -keyalg RSA -alias chapter8 -validity 3650 -dname "cn=chapter8 example,ou=admin book,dc=jboss,dc=org"
.

Step2). Make sure that the JBoss AS7.1.2 is running, In our case we started JBossAS7.1.2 “standalone-full.xml” profile.

.
[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml
.

Step3). Now We will configure the <server-identities> for ManagementRealm By specifying the SSL informations. We will use the following CLI Commands in order to achieve the goal

[userone@localhost bin]$ cd /home/userone/jboss-as-7.1.2.Final/bin

[userone@localhost bin]$ ./jboss-cli.sh -c --controller=localhost:9999

[standalone@localhost:9999 /] /core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-password="rmi+ssl", keystore-path="chap8.keystore", keystore-relative-to="jboss.server.config.dir", alias="chapter8",protocol="TLSv1")


{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}


[standalone@localhost:9999 /] /core-service=management/management-interface=native-interface/:write-attribute(name=socket-binding,value=management-https)


{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

Once your above CLI command is executed successfully you will notice the following in your JBossAS 7.1.2 configuration file “standalone-full.xml”:


    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <server-identities>
                    <ssl protocol="TLSv1">
                        <keystore path="chap8.keystore" relative-to="jboss.server.config.dir" keystore-password="rmi+ssl" alias="chapter8"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <local default-user="$local"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local" allowed-users="*"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
        </security-realms>
        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket-binding native="management-https"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket-binding http="management-http"/>
            </http-interface>
        </management-interfaces>
    </management>

Step4). Now restart your JBoss AS 7.1.2 again as following:
-Djavax.net.debug=all This System property will give us more details about the SSL Communication so we enabled it just to varify if the SSL configuration is working properly or not.

.
[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml  -Djavax.net.debug=all
.

Step5). Now there will be a slignt change in the way we used to connect to the JBoss Via CLI command, It will be happening via “management-https” (9443) now as following:

.
[userone@localhost bin]$ ./jboss-cli.sh -c --controller=localhost:9443
Unable to connect due to unrecognised server certificate
Subject    - CN=chapter8 example,OU=admin book,DC=jboss,DC=org
Issuer     - CN=chapter8 example, OU=admin book, DC=jboss, DC=org
Valid From - Sat Sep 15 20:13:01 IST 2012
Valid To   - Tue Sep 13 20:13:01 IST 2022
MD5 : 20:c7:41:56:34:c2:15:49:e3:95:84:ab:19:fc:1f:ca
SHA1 : c9:c0:b4:8b:82:18:6b:3d:35:c3:1e:26:7f:52:e5:8c:ab:93:35:78

Accept certificate? [N]o, [T]emporarily, [P]ermenantly : T
[standalone@localhost:9443 /] 

.

.
.
Thanks 🙂
MiddlewareMagic Team


Copyright © 2010-2012 Middleware Magic. All rights reserved. |