Java 带有轴 2 的双向 ssl 导致读取超时
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23828703/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
two way ssl with axis2 results in read timed out
提问by bartuosz
I am trying to consume a web service which requires two way ssl authentication, and belongs to a company X. I have created a client in axis2 and configured it to support https (imported server cert into truststore, set keystore path .. etc.). I keept getting read timed out exception when I invoked it. I should mention that the handshake passes and there are no exceptions concerning certificates (I have dealt with them).
我正在尝试使用需要两种方式的 ssl 身份验证的 Web 服务,并且属于 X 公司。我在轴 2 中创建了一个客户端并将其配置为支持 https(将服务器证书导入信任库,设置密钥库路径等) . 当我调用它时,我一直在读取超时异常。我应该提到握手通过并且没有关于证书的例外(我已经处理过它们)。
I did the following (separate and in combination):
- used rampart with axis2,
- tuned down the firewall on my computer,
- bypassed my company's firewall (got a separate adsl line from isp),
- logged a ticket at the company's X helpdesk for help but they said it was ok on their end.
我执行了以下操作(单独和组合):
- 使用带有axis2 的壁垒,
- 调低了我计算机上的防火墙,
- 绕过了我公司的防火墙(从isp 获得了单独的adsl 线路),
- 在公司的X 服务台记录了一张票寻求帮助,但他们说这对他们来说没问题。
All the above did not help, so I used Fiddler to monitor the network traffic and it turned out that it worked with specific configuration:
- rampart turned off,
- behind my computer's and company's firewalls,
- fiddler capture turned on (https traffic by fiddler's proxy).
以上所有都没有帮助,所以我使用 Fiddler 来监控网络流量,结果证明它在特定配置下工作:
- 城墙关闭,
- 在我的计算机和公司的防火墙后面,
- 提琴手捕获打开(提琴手的 https 流量代理)。
When I turn the fiddler off and remove the proxy I still get the read timed out exception.
当我关闭提琴手并删除代理时,我仍然收到读取超时异常。
org.apache.axis2.AxisFault: Read timed out
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
...
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.el.parser.AstValue.invoke(AstValue.java:278)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:274)
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at javax.faces.event.MethodExpressionActionListener.processAction(MethodExpressionActionListener.java:148)
at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
at javax.faces.component.UIComponentBase.broadcast(UIComponentBase.java:775)
at javax.faces.component.UICommand.broadcast(UICommand.java:300)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:786)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1251)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)
at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
... 76 more
What could be the cause of it? Please help me solve this problem. Thank you.
可能是什么原因造成的?请帮我解决这个问题。谢谢你。
[edit]
[编辑]
I forgot to mention that I have tried to set different timeout values and it did not help. value above 4 minutes results in
我忘了提及我曾尝试设置不同的超时值,但没有帮助。超过 4 分钟的值导致
'java.net.SocketException: Connection reset'
Approach with Fiddler works even with the default timeout. I get the response immediately.
即使使用默认超时,使用 Fiddler 的方法也能工作。我立即得到回应。
I have debugged the SSL connection and compared it against this example: Debugging SSL/TLS Connectionsand it seems that the initial handshake is ok and all certificates/keys are exchanged properly between the server and client. That's both with and without Fiddler so I do not know why I keep getting read timed out without Fiddler running.
我已经调试了 SSL 连接并将其与此示例进行了比较:调试 SSL/TLS 连接,似乎初始握手没问题,并且所有证书/密钥都在服务器和客户端之间正确交换。有和没有 Fiddler 都是如此,所以我不知道为什么我在没有 Fiddler 运行的情况下一直读取超时。
采纳答案by Mayur
We faced similar issue and we were getting Read Time Out while trying to invoke a secured webservice, after a long analysis we found out that there was a mismatch in the transport protocol version. Web-service was servicing on http1.0 and we were invoking it using http1.1. We modified the protocol version in our client code which resolves this issue:
我们遇到了类似的问题,并且在尝试调用安全的 Web 服务时出现读取超时,经过长时间的分析,我们发现传输协议版本不匹配。Web 服务在 http1.0 上提供服务,我们使用 http1.1 调用它。我们在解决此问题的客户端代码中修改了协议版本:
Below is the code to specify http version-1.0
下面是指定http version-1.0的代码
options.setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_PROTOCOL_VERSION,
org.apache.axis2.transport.http.HTTPConstants.HEADER_PROTOCOL_10);
回答by Kenster
"Read timed out" means that the server took too long to respond to the client's request, and the client gave up waiting. If the service operator thinks their service is operating properly, you may need to adjust your client so that it waits longer for the service response.
“读取超时”是指服务器响应客户端请求的时间过长,客户端放弃等待。如果服务运营商认为他们的服务运行正常,您可能需要调整您的客户端,使其等待服务响应的时间更长。
Unfortunately, there are three different ways to set timeouts for the client, and it's not really clear from the information on the Internet what exactly is controlled by each timeout. Look at these two pages:
不幸的是,有三种不同的方法可以为客户端设置超时,并且从互联网上的信息中并没有真正清楚每个超时究竟控制什么。看看这两页:
The first page illustrates how to get the ServiceClientand its Options, and how to call Options.setTimeOutInMilliSeconds()to set a timeout. The Axis2 docsdescribe that as "the wait time after which a client times out in a blocking scenario", and I thinkthat's the timeout that you want.
第一页说明了如何获取ServiceClient及其Options,以及如何调用Options.setTimeOutInMilliSeconds()以设置超时。该Axis2的文档描述为“等待时间在这之后,客户端超时的阻塞情形”,我觉得这就是你想要的超时。
The second page illustrates how to set the SO_TIMEOUTand CONNECTION_TIMEOUTfrom Options. It's possiblethat SO_TIMEOUTis relevant here.
第二页说明了如何设置SO_TIMEOUT和CONNECTION_TIMEOUTfrom Options。这可能是SO_TIMEOUT与此有关。
回答by Sam
From the error below,
从下面的错误,
Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
...
Another possible solution is, importing the server certification to your trusted keystore.
另一种可能的解决方案是将服务器证书导入您的受信任密钥库。
