Login/Register
WSO2 ESB Axis2 Service throwing Host name verification failed for host
Asked Answered
Solved sslwso2apache-axiswso2-esb
H

2

8

I have created an AXIS service which connects to WSO2 Identity Server and validates a token. When I deploy this axis service on WSO2 App Server, I get the correct response. Where as when I deploy it on WSO2 ESB, I get the following error

org.apache.axis2.AxisFault: The input stream for an incoming message is null.
at org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:93)
at org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:68)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:346)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:413)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub.validate(OAuth2TokenValidationServiceStub.java:184)
at com.xxx4.yyy.security.token.service.TokenValidationService.validateToken(TokenValidationService.java:67)
at com.xxx4.yyy.security.token.facade.TokenValidationFacade.validateToken(TokenValidationFacade.java:16)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:404)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:184)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)

[2013-10-03 14:42:56,160] ERROR - TargetHandler I/O error: Host name verification failed for host : 172.20.5.110 javax.net.ssl.SSLException: Host name verification failed for host : 172.20.5.110 at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:152) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:285) at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:372) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118) at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:160) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:342) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604) at java.lang.Thread.run(Thread.java:724)

Haas answered 3/10, 2013 at 9:27 Comment(0)
P
20

Set the parameter HostnameVerifier to AllowAll for transportSender in the Axis2 configuration (axis2.xml).

<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
   <!--...-->
   <!--supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
   <parameter name="HostnameVerifier">AllowAll</parameter>
   <!--supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
</transportSender>
Phoenician answered 3/10, 2013 at 9:54 Comment(5)
Thank you, it resolved that issue. However, I am getting a different error now - ERROR - AxisEngine Message Receiver not found for AxisOperation. However it is working 100% fine on AS - Any thoughts in this regard, please!Haas
The following is the error I am gettingERROR - AxisEngine Message Receiver not found for AxisOperation: {oauth2.identity.carbon.wso2.org}validate org.apache.axis2.AxisFault: Message Receiver not found for AxisOperation: {oauth2.identity.carbon.wso2.org}validateHaas
When I change the transportSender from ESB default one to AS default for https - It is working as expected. I am not sure if that is correct approach or not, please suggest!Haas
Found the solution for the above problem, when we try add Axis2 service using WSO2 Dev Stud, it adds messageReceivers and add receivers for In and InOut operations. When I remove these message receivers from the service definition, I do not see the errors as reported.Haas
This to me is not a viable solution,in a production environment, as it creates a security flaw/ hole.Local
P
2

Adding to Ratha's answer, the following official documentation provides a detailed explanation about hostname verification in WSO2 products.

Enabling HostName Verification

Polygyny answered 20/11, 2017 at 5:32 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.