Problem in retrieve WDSL

[Stefano Farella]

Hi to all!

I’m developing a MIDP application (with Netbeans 6.5) that should be use https web services (I’m using Tomcat 6). The MIDP application and the web server are in two different computers. The MIDP application works well if I use the http connection (I can retrieve the wsdl and generate stubs automatically from the “Java ME Web Service Client Information” form). To automatically retrieve the wsdl configuration I use the following address http://10.72.167.22:8080/easyMobileWSApplication/easyMobileWS?wsdl and all works well.
When I try to retrieve wsdl from https I use https://10.72.167.22/easyMobileWSApplication/easyMobileWS?wsdl but the Netbeans utility shows me the following error: “Download file, I/O exception: HTTPS hostname wrong: should be <10.72.167.22> (Check the proxy settings)."

I try to use both 8443 and 443 port in the server.xml tomcat file in order to configure tomcat to use correctly the https connections.
In Explorer everything works well: I can see the services list both in http and https. With the https connection I must confirm the certificate exception.
For the server I do not use a proxy.

Any suggestion will be appreciate.

Thanks in advance.

Stefano

P.S.: this is my actual Tomcat server.xml file:

<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">

<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">

<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->


<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
Stefano - ORIGINALE INIZIO - Stefano
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Stefano - ORIGINALE FINE - Stefano
-->
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\.keystore" keystorePass="mypassword"
clientAuth="false" sslProtocol="TLS"/>



<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />


<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->

<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">

<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->

<!-- The request dumper valve dumps useful debugging information about
the request and response data received and sent by Tomcat.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->

<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>

<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false"

<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
-->

</Host>
</Engine>
</Service>
</Server>

[Karol Harezlak]

Since it could be problem in Tomcat settings maybe you should try to ask
this question on netbeans Java EE list.

K.

Stefano Farella wrote:

[footix]

Hi,

I have the same problem with NetBeans 6.5, Glassfish V2U1, Java 6 U11. The MIDP application works well with http connection.

The problem comes up when netbeans retrieve the wsdl of the HTTPS-Web Service and starts to generate stubs automatically from the “Java ME Web Service Client Client Information” form.

"The validating..." process is started, but it will never terminated, it hangs up.

What is the alternative Solution to create a mobile HTTPS-Web Service-Client with NetBeans?

Regards,
Thorsten

[Stefano Farella]

I solve the problem by copying the wsdl and xsd files (simply cut and paste from your browser) to my local machine then point to that file while. Make sure to write the correct path in the wsdl file on schemaLocation (like this: schemaLocation="file:///C:/wsdl_files/myxsd.xsd"). After this you can generate stubs using the widget.

Hope this will help you.

Stefano

[footix]

Hi Stefano,

thanks, that helps, now I have generated the stubs and develop a MIDlet.

The problem is, that the MIDLet (JSR-712 Web Services Client) do not send a security header, so the response from the glassfish-server failed.

The Web Services (SSL-Security) is managed by a glassfish-Server V2U1.
Perhaps, the problem are the special WS-Metro-Libs for the clients.

Is it generally possible to realize a SSL-security Web Service Communication between a mobile Client (JSR-172) and a Server?

Did you have success with mobile Client and Tomcat 6 ?

Which additional libs are needed?


Regards,
Thorsten

[Stefano Farella]

Hi Thorsten,

I was able to run a MIDlet under SSL using Tomcat 6; if you would, I can
send you the instruction in order to do this. I've no experience with
Glassfish, sorry.

Regards,

Stefano

[footix]

Hello Stefano,

great,
please send me your tomcat-instruction order,
thanks a lot,

Regards,
Thorsten

[Stefano Farella]

Hi Thorsten,

here you are the step I follow in order to connect my MIDlet to a https Tomcat server.

1. Create your own keystore. As example I use the following command (where YOUR_IP_ADDRESS is the IP address of your web server)
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore YOUR_IP_ADDRESS.jks -dname "CN= YOUR_IP_ADDRESS,OU=XX, O=XX, L=XX, ST=XX, C=XX" && keytool -certreq -alias server -file YOUR_IP_ADDRESS.csr -keystore YOUR_IP_ADDRESS.jks && echo Your certificate signing request is in YOUR_IP_ADDRESS.csr. Your keystore file is YOUR_IP_ADDRESS.jks.

Enter your own password when requested.

Or, simply, use the widget given by DigiCert (https://www.digicert.com/easy-csr/keytool.htm), as an example...

The keytool exe file is located in the \Java\jdk1.6.0_11\bin directory

2. Modify your server.xml Tomcat file (the file is in Apache Software Foundation\Tomcat 6.0\conf directory) as follows:
Locate the Connector tag for HTTP and replace it with:

<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
You can use your own redirect port. On Tomcat you can find 8443. I use the default https 443 port...

Locate the Connector tag for HTTPS and replace it with:

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
clientAuth="false"
scheme="https" secure="true" SSLEnabled="true"
keyAlias="YOUR_KEY_ALIAS"
keystoreFile="JKS_PATH\YOUR_IP_ADDRESS.jks" keystorePass="YOUR_PASSWORD"
sslProtocol="TLS"/>

If you change the https port, make sure to modify the value in all the entries (for example change all 8443 with 443).

Replace YOUR_KEY_ALIAS with your server alias, JKS_PATH with the path in which you have store the jks file, and YOUR_PASSWORD with the password you use when was created the JKS file with keytool.

Stop and start Tomcat. Now you are able to connect to the TomcatMonitor via https (https://localhost:443, for example).

Now you must configure the client (MIDlet)
1. Export (by copying from the browser) the xsd and wsdl file in your local machine. Make sure to write the correct path in the wsdl file on schemaLocation (like this: schemaLocation="file:///C:/wsdl_files/myxsd.xsd"). After this you can generate stubs by using the widget.
2. Sign the Application with your Keystore and your password (if the server and client are in different computers, get a copy of your jks file and store it in your local machine). Right click on your MIDlet project/properties/Build/Signing.
a) Press "Open KeyStore Manager". "Add keyStore" -> Add Existing keyStore.
b) Browse the file -> select it and Press OK. You will be able to see the keystore you just added in the KeyStore list. Select it.
c) Press "Unlock Keystore", it prompt for password, provide the password.
d) Select the only key YOUR_KEY_ALIAS (the same you wrote in the server.xml Tomcat file) -> press "Unlock" -> press close.
e) Now press "Export Key into Java ME SDK/Platform/..."
f) You will get another dialog press "Export".

That’s all!

Run your MIDlet application...

Note: if you using a public address and a local address for the same WebServer application you must create, and manage, two different keystore: one for each IP address. For example I use a IP public address, and a local address to test and develop my application; from my PC I can reach the web server only by using the local address, so I must modify the server.xml Tomcat file, change the keyStore file, stop and start Tomcat, ...). If you find a different way to do this, please let me know how.

Hope this will help you.

Regards,

Stefano