[OFBiz] Users - External application: interaction with ofbiz via SOAP
Locked
12
12
[OFBiz] Users - External application: interaction with ofbiz via SOAP
 
|
Re: [OFBiz] Users - External application: interaction with ofbiz via SOAP
|
|
[OFBiz] Users - RMI Problem
|
|
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Brett, Andrew, This is probably the most likely solution to the problem and sometimes comes up on Linux. I guess there is some JVM quirk that gets us there... In general with Entity Sync running over a VPN is fine, though as mentioned the security is redundant, through on the other hand in many companies with more anal IT policies it is the _only_ way to get through. Running remotely, or over wide area networks is actually what the entity sync stuff is intended for as it is mostly used for moving data as part of integrations and as part of distributed systems sharing data like multi-tiered POS terminal/server setups. -David On Nov 14, 2005, at 9:21 AM, Brett Palmer wrote: > Andrew, > > I found this on the ofbiz wiki page. It talks a little about the IP > address problem you are seeing. > > http://ofbizwiki1.go-integral.com/Wiki.jsp?page=UsingRMI > > > Brett > > On 11/14/05, Brett Palmer <[hidden email]> wrote: >> Andrew, >> >> Are you running the RMI stuff on Windows or Linux? We have had >> trouble with the RMI service on Windows but not on Linux. >> >> Brett >> >> On 11/14/05, Andrew Sykes <[hidden email]> wrote: >>> Brett, >>> >>> Thanks for the comments. >>> >>> I know it does seem a little bizarre doing it this way, it's >>> actually >>> just a development convenience, I don't intend to deploy in this >>> way. >>> >>> I have tried this locally now too and I'm getting the same error. >>> >>> I hope someone can help, this is getting more than a little >>> frustrating! >>> >>> Andrew >>> >>> >>> On Mon, 2005-11-14 at 08:24 -0700, Brett Palmer wrote: >>>> Andrew, >>>> >>>> David and Andy would know better, but I don't think running RMI >>>> over a >>>> VPN is a good idea because of the performance issues. The ofbiz >>>> RMI >>>> using SSL, at least from what I can tell, so using a VPN is >>>> somewhat >>>> redundant. >>>> >>>> I would guess the original intent of the entity sync was to >>>> synchronize app servers within the same network. We don't use the >>>> entity sync services but we do use the RMI Service delegator and we >>>> only make calls within the same network. >>>> >>>> Anyone else have experience with this? >>>> >>>> >>>> Brett >>>> >>>> On 11/13/05, Andrew Sykes <[hidden email]> wrote: >>>>> Hi, >>>>> >>>>> Hope someone can help with this >>>>> >>>>> The exact entity sync I'm trying to do is a data push to the >>>>> server >>>>> (10.1.6.3 on a VPN) however, it seems that the server thinks it is >>>>> getting a request from 192.168.0.1 (my local network ip) or >>>>> occasionally >>>>> (127.0.0.1) obviously it can't reply to these addresses, it >>>>> needs to see >>>>> the request as coming from 10.1.6.5 (my vpn ip), however, I >>>>> can't see >>>>> anywhere to set this explicitly nor can I predict which of >>>>> 127.0.0.1/192.168.0.1 the request is going to appear to have >>>>> come from. >>>>> >>>>> I looked at my original enquiry about this and realised I hadn't >>>>> described the scenario very clearly, hence I'm trying again. >>>>> >>>>> I'm sure I can't be the first person to have run an RMI sync >>>>> over a VPN >>>>> - or on a box with more than one ip - anyone out there got any >>>>> suggestions? >>>>> >>>>> Kind Regards >>>>> -- >>>>> Andrew Sykes <[hidden email]> >>>>> Sykes Development Ltd >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> [hidden email] >>>>> http://lists.ofbiz.org/mailman/listinfo/users >>>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [hidden email] >>>> http://lists.ofbiz.org/mailman/listinfo/users >>> -- >>> Andrew Sykes <[hidden email]> >>> Sykes Development Ltd >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [hidden email] >>> http://lists.ofbiz.org/mailman/listinfo/users >>> >> > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
smime.p7s (3K)
Re: [OFBiz] Users - RMI-Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-SSL Entity Sync Problem
|
|
[OFBiz] Users - Separate Framework
|
|
Re: [OFBiz] Users - RMI-SSL Entity Sync Problem
|
|
In reply to this post by Andrew Sykes
Andrew,
I haven't been following this thread much but I did see this email. Maybe I can offer a little help in getting you past this. First, you need to create a certificate request (CSR), you can find examples of doing this online using the keytool utility. After this CSR is generated it needs to be signed. You can follow instructions on creating a self signed certificate found in various places (check google). Once you have a signed certificate, you then import it into the keystore which was created when you generated the CSR. You are now almost done. Finally, if you are using a self signed certificate or it was signed by an unknown authority (not Thawte, GeoTrust, Verisign, etc) then you need to import the authorities certificate into your truststore (see google). Once this is complete, edit jsse.properties and configure the truststore settings to point to your TRUSTSTORE, and edit the ofbiz.rmi.keyStore settings to point to the new keystore you created which includes this newly signed certificate. Then you should be good to go. Hope this helps! On Nov 15, 2005, at 2:05 PM, Andrew Sykes wrote: > Brett, David, > > I've attached the stack trace for this issue, (I don't know why I've > suddenly developed an aversion to posting stack traces, I seem to keep > forgetting!). > > I can't see any reason why I'd be getting "certificate_unknown" for a > cert that's in the trust store. > > I've tried self signing it, but to no avail. > > > ---- exception report > ---------------------------------------------------------- > Service [remoteStoreEntitySyncDataRmi] threw an unexpected > exception/error > Exception: org.ofbiz.service.GenericServiceException > Message: RMI Invocation Error (error during JRMP connection > establishment; nested exception is: > javax.net.ssl.SSLHandshakeException: Received fatal alert: > certificate_unknown) > ---- stack trace > --------------------------------------------------------------- > org.ofbiz.service.GenericServiceException: RMI Invocation Error (error > during JRMP connection establishment; nested exception is: > javax.net.ssl.SSLHandshakeException: Received fatal alert: > certificate_unknown) > org.ofbiz.service.rmi.RmiServiceEngine.run(RmiServiceEngine.java:94) > org.ofbiz.service.rmi.RmiServiceEngine.runSync > (RmiServiceEngine.java:50) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 333) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java: > 110) > org.ofbiz.entityext.synchronization.EntitySyncContext.runPushSendData > (EntitySyncContext.java:1030) > org.ofbiz.entityext.synchronization.EntitySyncServices.runEntitySync > (EntitySyncServices.java:114) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:39) > sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:25) > java.lang.reflect.Method.invoke(Method.java:324) > org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker > (StandardJavaEngine.java:101) > org.ofbiz.service.engine.StandardJavaEngine.runSync > (StandardJavaEngine.java:63) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 333) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java: > 110) > org.ofbiz.service.job.GenericServiceJob.exec(GenericServiceJob.java: > 80) > org.ofbiz.service.job.JobInvoker.run(JobInvoker.java:226) > java.lang.Thread.run(Thread.java:534) > java.rmi.ConnectIOException: error during JRMP connection > establishment; > nested exception is: > javax.net.ssl.SSLHandshakeException: Received fatal alert: > certificate_unknown > sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274) > sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171) > sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101) > org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown > Source) > org.ofbiz.service.rmi.RmiServiceEngine.run(RmiServiceEngine.java:91) > org.ofbiz.service.rmi.RmiServiceEngine.runSync > (RmiServiceEngine.java:50) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 333) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java: > 110) > org.ofbiz.entityext.synchronization.EntitySyncContext.runPushSendData > (EntitySyncContext.java:1030) > org.ofbiz.entityext.synchronization.EntitySyncServices.runEntitySync > (EntitySyncServices.java:114) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:39) > sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:25) > java.lang.reflect.Method.invoke(Method.java:324) > org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker > (StandardJavaEngine.java:101) > org.ofbiz.service.engine.StandardJavaEngine.runSync > (StandardJavaEngine.java:63) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 333) > org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java: > 213) > org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java: > 110) > org.ofbiz.service.job.GenericServiceJob.exec(GenericServiceJob.java: > 80) > org.ofbiz.service.job.JobInvoker.run(JobInvoker.java:226) > java.lang.Thread.run(Thread.java:534) > Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: > certificate_unknown > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA12275) > com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275) > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) > com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275) > java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66) > java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) > java.io.DataOutputStream.flush(DataOutputStream.java:101) > sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198) > ... 22 more > ---------------------------------------------------------------------- > ---------- > > 123297[ TransactionUtil.java:288:INFO ] > [TransactionUtil.setRollbackOnly] transaction rollback only not set, > status is STATUS_NO_TRANSACTION > > > On Tue, 2005-11-15 at 12:16 +0000, Andrew Sykes wrote: >> Brett, David >> >> Thank you very much for your help, I've no idea how long this >> would have >> taken me to figure out without your input. >> >> Unfortunately, I'm not quite there yet, the certificate I have has >> expired, following the instructions on the wiki for creating a new >> certificate and importing it into ofbiztrust.jks I end up with a >> bad_certificate exception. Is there anything that I have to do >> differently with RMI from the standard HTTPS cert procedure. >> >> I hope you can help with this. >> >> Kind Regards > -- > Andrew Sykes <[hidden email]> > Sykes Development Ltd > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - RMI-SSL Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-SSL Entity Sync Problem
|
|
Yeah, you cannot use a client certificate for an SSL server. This
would be used only for authentication purposes. You need a server certificate for RMI SSL configuration. You could in theory use the same SSL certificate you use for the HTTPS server assuming they are running on the same host. Here is a good link with step by step instructions. Follow the directions for SSL Support with JSSE to create the keystore. Then set this newly created keystore in the jsse.properties. You may need to export the certificate from the [RMI] server and put it in the [RMI] client's truststore if it is self signed. Andy On Nov 16, 2005, at 9:27 AM, Andrew Sykes wrote: > Andy, > > Thanks for this, I certainly have a better understanding of what I'm > supposed to be doing now, however, I'm not quite there yet, I've > listed > the procedures below, perhaps you could suggest what I'm missing... > > I've tried importing my cacerts into both the JRE truststore and the > ofbiztrust.jks but in both cases I get the same error (shown below). > > keytool -delete -alias rmissl -storepass changeit -keystore > ofbizrmi.jks > > keytool -delete -alias rmissl -storepass changeit -keystore > ofbiztrust.jks > > keytool -genkey -alias rmissl -keyalg RSA -keypass changeit -storepass > changeit -keystore ofbizrmi.jks > > keytool -certreq -alias rmissl -keyalg RSA -file newreq.pem -keystore > ofbizrmi.jks > > openssl x509 -req -CA /home/andrew/SSL/demoCA/cacert.pem - > CAkey /home/andrew/SSL/demoCA/private/cakey.pem -extensions v3_ca -in > newreq.pem -inform DER -out client_cert.x509 -CAcreateserial > > keytool -import -alias UAT_SSL - > keystore /usr/java/j2sdk1.4.2_06/jre/lib/security/cacerts - > file /home/andrew/SSL/demoCA/cacert.pem > > keytool -import -alias rmissl -keystore ofbizrmi.jks -trustcacerts - > file > client_cert.x509 > > keytool -export -alias rmissl -storepass changeit -file server.cer - > keystore ofbizrmi.jks > > keytool -import -alias rmissl -keystore ofbiztrust.jks -trustcacerts - > file server.cer > > > Kind Regards > -- > Andrew Sykes <[hidden email]> > Sykes Development Ltd > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - RMI-SSL Entity Sync Problem
|
|
Re: [OFBiz] Users - RMI-SSL Entity Sync Problem
|
|
Cute.. I guess I did here it is...
http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ssl-howto.html#s6 On Nov 16, 2005, at 11:58 AM, Andrew Sykes wrote: > Andy. > > Thank you for the prompt reply. > > Unfortunately I think you forgot to actually include the link you were > referring to. > > Thanks > > On Wed, 2005-11-16 at 11:29 -0500, A. Zeneski wrote: >> Yeah, you cannot use a client certificate for an SSL server. This >> would be used only for authentication purposes. You need a server >> certificate for RMI SSL configuration. You could in theory use the >> same SSL certificate you use for the HTTPS server assuming they are >> running on the same host. >> >> Here is a good link with step by step instructions. Follow the >> directions for SSL Support with JSSE to create the keystore. Then set >> this newly created keystore in the jsse.properties. You may need to >> export the certificate from the [RMI] server and put it in the [RMI] >> client's truststore if it is self signed. >> >> Andy >> >> On Nov 16, 2005, at 9:27 AM, Andrew Sykes wrote: >> >>> Andy, >>> >>> Thanks for this, I certainly have a better understanding of what I'm >>> supposed to be doing now, however, I'm not quite there yet, I've >>> listed >>> the procedures below, perhaps you could suggest what I'm missing... >>> >>> I've tried importing my cacerts into both the JRE truststore and the >>> ofbiztrust.jks but in both cases I get the same error (shown below). >>> >>> keytool -delete -alias rmissl -storepass changeit -keystore >>> ofbizrmi.jks >>> >>> keytool -delete -alias rmissl -storepass changeit -keystore >>> ofbiztrust.jks >>> >>> keytool -genkey -alias rmissl -keyalg RSA -keypass changeit - >>> storepass >>> changeit -keystore ofbizrmi.jks >>> >>> keytool -certreq -alias rmissl -keyalg RSA -file newreq.pem - >>> keystore >>> ofbizrmi.jks >>> >>> openssl x509 -req -CA /home/andrew/SSL/demoCA/cacert.pem - >>> CAkey /home/andrew/SSL/demoCA/private/cakey.pem -extensions v3_ca >>> -in >>> newreq.pem -inform DER -out client_cert.x509 -CAcreateserial >>> >>> keytool -import -alias UAT_SSL - >>> keystore /usr/java/j2sdk1.4.2_06/jre/lib/security/cacerts - >>> file /home/andrew/SSL/demoCA/cacert.pem >>> >>> keytool -import -alias rmissl -keystore ofbizrmi.jks -trustcacerts - >>> file >>> client_cert.x509 >>> >>> keytool -export -alias rmissl -storepass changeit -file server.cer - >>> keystore ofbizrmi.jks >>> >>> keytool -import -alias rmissl -keystore ofbiztrust.jks - >>> trustcacerts - >>> file server.cer >>> >>> >>> Kind Regards >>> -- >>> Andrew Sykes <[hidden email]> >>> Sykes Development Ltd >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [hidden email] >>> http://lists.ofbiz.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> [hidden email] >> http://lists.ofbiz.org/mailman/listinfo/users > -- > Andrew Sykes <[hidden email]> > Sykes Development Ltd > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - Separate Framework
|
|
In reply to this post by Andrew Sykes
This is something I'd like to do, or see done, and over the first few months of this year a fair amount of progress was made on this but as thing get more busy it is simply not something I can afford to work on. The things that need to be done (if anyone is interested in helping...) are mostly centered around testing the framework part, which is basically everything in OFBiz exempt the "applications" directory. We have isolated a lot of stuff, but I suspect there is still more. That is mostly it for the technical part, but there is also a lot to do (probably various weeks of work) in putting together marketing materials and training materials and such. We will probably split the ofbiz.org site into 2 sections with one focused on the framework and another focused on the applications (or the business level/side more generally). For training materials and documentation there is also quite a bit of work to do that I think _must_ be done or the marketing effort will be a waste and we will alienate more potential users than attract. The highest priority here is some sort of a "technical tour" that goes over the architecture and tools in the framework and shows how they all fit together. This would be based on the "example" component and the artifact reference diagram in the quick reference book. There is a link to an image of this diagram on the Undersun Store page for the quick reference book at: http://www.undersunconsulting.com/ecommerce/control/product/ ~category_id=USC_PROMO/~product_id=RBPLATFORM I'd also like to see other documentation written to cover things like containers, components, and the various widgets all in the same style as the current Entity Engine Guide, Service Engine Guide, and various others on the current Docs & Books page. -David On Nov 15, 2005, at 12:07 PM, Andrew Sykes wrote: > David, > > Just a quick enquiry about the idea of separating the framework/ > webtools > and distributing as a separate release, I've been asked whether > this is > still on the agenda and as I don't know I thought you could perhaps > give > a quick update. > > Thanks for your time. > -- > Andrew Sykes <[hidden email]> > Sykes Development Ltd > > > _______________________________________________ > Users mailing list > [hidden email] > http://lists.ofbiz.org/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.ofbiz.org/mailman/listinfo/users |
Re: [OFBiz] Users - Separate Framework
|
|
| Free forum by Nabble | Edit this page |