Skip to main content

GF 3.1.1 -- ssl for console only No 'secure-admin'

No replies
Bernhard Thalma...
Offline
Joined: 2011-10-10
Points: 0

Hi experts,
do i really have to enable 'secure-admin' (also I don't need the SSL mutual
auth stuff within the domain) to get ssl-enabled 'admin console'?

If I only enable security on the admin-listener 'asadmin' (using
--secure=true) works fine but accessing the console creates the following
exception in server.log...

[#|2011-10-11T10:12:50.203+0200|SEVERE|glassfish3.1.1|org.apache.catalina.connector.CoyoteAdapter|_ThreadID=105;_ThreadName=Thread-2;|PWC3989:
An exception or error occurred in the container during the request
processing
com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException:
Unexpected end of file from server
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
at com.sun.jersey.api.client.Client.handle(Client.java:648)
at
com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81)
at
com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
at
com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at
com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:553)
at
org.glassfish.admingui.common.security.AdminConsoleAuthModule.validateRequest(AdminConsoleAuthModule.java:252)
at
com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthContext.validateRequest(GFServerConfigProvider.java:1171)
at
com.sun.web.security.RealmAdapter.validate(RealmAdapter.java:1445)
at
com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1323)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:623)
at
org.apache.catalina.core.StandardPipeline.doChainInvoke(StandardPipeline.java:600)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:96)
at
com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:232)
at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.net.SocketException: Unexpected end of file from server
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:723)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:589)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:720)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:589)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1319)
at
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:240)
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:147)
... 32 more
|#]

TIA,
Bernhard