You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Eoghan Glynn <eo...@gmail.com> on 2009/03/25 12:28:11 UTC
Re: Jow to publish web service using port 443 (SSL) /
java.net.SocketException: Permission denied issue
Are you running on Linux perchance?
AFAIK most *nix variants disallow non-root users from listening on ports
less than 1024.
To avoid running your server with root privileges, you can use xinetd to
re-direct any traffic from the standard SSL port 443 to some other port >
1024.
Cheers,
Eoghan
2009/3/25 XyLus <ma...@gmail.com>
>
> Hello All,
>
> I am working on web service that should support SSL (the requirement is to
> publish webservice using port 443).
>
> I have following server-config.xml
>
>
> <beans xmlns="http://www.springframework.org/schema/beans"...>
>
> <http:conduit
>
> name="{http://vn.my.site.com/uploader}UploadServicePort.http-conduit<http://vn.my.site.com/uploader%7DUploadServicePort.http-conduit>
> ">
>
> <http:client AutoRedirect="true" ConnectionTimeout="10000"
> ReceiveTimeout="10000" AllowChunking="false"
> />
> </http:conduit>
>
>
> <httpj:engine-factory>
> <httpj:engine port="9001">
> <httpj:tlsServerParameters>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS"
> password="password"
>
> resource="server_ssl_keystore.jks" />
> </sec:keyManagers>
>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a
> ciphersuite with
> export-suitable or null
> encryption is used,
> but exclude anonymous
> Diffie-Hellman key change as
> this is vulnerable to
> man-in-the-middle attacks -->
>
> <sec:include>.*_EXPORT_.*</sec:include>
>
> <sec:include>.*_EXPORT1024_.*</sec:include>
>
> <sec:include>.*_WITH_DES_.*</sec:include>
>
> <sec:include>.*_WITH_NULL_.*</sec:include>
>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </httpj:tlsServerParameters>
> </httpj:engine>
> </httpj:engine-factory>
>
>
> In addtion to this configuration I use following address to publish web
> service http://localhost:443/UploadService
>
>
>
> This configuration works fine on my local box but when I start it on server
> box I get exception:
> java.net.SocketException: Permission denied (entire stack trace you can
> find
> at the end of this post)
>
> I have two questions:
> 1. Have I got correct configuration to publish web service on 443 port
> (and
> to use SSL)
> 2. Given that my configuration is correct - what should I change in JVM
> security configuration to solve java.net.SocketException: Permission denied
> error
>
>
> Useful hint would be appreciated.
>
> Regards,
> Maciej
>
>
>
>
>
>
> java.net.SocketException: Permission denied
> at sun.nio.ch.Net.bind(Native Method)
> at
> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
> at
>
> org.mortbay.jetty.nio.SelectChannelConnector.open(SelectChannelConnector.java:205)
> at
>
> org.mortbay.jetty.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:304)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
> at org.mortbay.jetty.Server.doStart(Server.java:233)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
> at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:305)
> at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.activate(JettyHTTPDestination.java:155)
> at
>
> org.apache.cxf.transport.AbstractObservable.setMessageObserver(AbstractObservable.java:48)
> at
>
> org.apache.cxf.binding.AbstractBindingFactory.addListener(AbstractBindingFactory.java:166)
> at
>
> org.apache.cxf.binding.soap.SoapBindingFactory.addListener(SoapBindingFactory.java:734)
> at org.apache.cxf.endpoint.ServerImpl.start(ServerImpl.java:122)
> at
> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:264)
> at org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:202)
> at
>
> org.apache.cxf.jaxws.spi.ProviderImpl.createAndPublishEndpoint(ProviderImpl.java:84)
> at javax.xml.ws.Endpoint.publish(Endpoint.java:156)
> at
>
> com.sabre.ssg.vn.uploader.UploadServiceServer.<init>(UploadServiceServer.java:47)
> at
>
> com.sabre.ssg.vn.uploader.UploadServiceServer.main(UploadServiceServer.java:58)
> Mar 25, 2009 4:36:28 AM sun.reflect.NativeMethodAccessorImpl invoke0
> WARNING: failed Server@26796e1c
> java.net.SocketException: Permission denied
> at sun.nio.ch.Net.bind(Native Method)
> at
> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
> at
>
> org.mortbay.jetty.nio.SelectChannelConnector.open(SelectChannelConnector.java:205)
> at
>
> org.mortbay.jetty.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:304)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
> at org.mortbay.jetty.Server.doStart(Server.java:233)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
> at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:305)
> at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.activate(JettyHTTPDestination.java:155)
> at
>
> org.apache.cxf.transport.AbstractObservable.setMessageObserver(AbstractObservable.java:48)
> at
>
> org.apache.cxf.binding.AbstractBindingFactory.addListener(AbstractBindingFactory.java:166)
> at
>
> org.apache.cxf.binding.soap.SoapBindingFactory.addListener(SoapBindingFactory.java:734)
> at org.apache.cxf.endpoint.ServerImpl.start(ServerImpl.java:122)
> at
> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:264)
> at org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:202)
> at
>
> org.apache.cxf.jaxws.spi.ProviderImpl.createAndPublishEndpoint(ProviderImpl.java:84)
> at javax.xml.ws.Endpoint.publish(Endpoint.java:156)
> at
>
> com.sabre.ssg.vn.uploader.UploadServiceServer.<init>(UploadServiceServer.java:47)
> at
>
> com.sabre.ssg.vn.uploader.UploadServiceServer.main(UploadServiceServer.java:58)
> javax.xml.ws.WebServiceException: org.apache.cxf.interceptor.Fault: Could
> not start Jetty server: Permission denied
> at
> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:268)
> at org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:202)
> at
>
> org.apache.cxf.jaxws.spi.ProviderImpl.createAndPublishEndpoint(ProviderImpl.java:84)
> at javax.xml.ws.Endpoint.publish(Endpoint.java:156)
> at
>
> com.sabre.ssg.vn.uploader.UploadServiceServer.<init>(UploadServiceServer.java:47)
> at
>
> com.sabre.ssg.vn.uploader.UploadServiceServer.main(UploadServiceServer.java:58)
> Caused by: org.apache.cxf.interceptor.Fault: Could not start Jetty server:
> Permission denied
> at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:328)
> at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.activate(JettyHTTPDestination.java:155)
> at
>
> org.apache.cxf.transport.AbstractObservable.setMessageObserver(AbstractObservable.java:48)
> at
>
> org.apache.cxf.binding.AbstractBindingFactory.addListener(AbstractBindingFactory.java:166)
> at
>
> org.apache.cxf.binding.soap.SoapBindingFactory.addListener(SoapBindingFactory.java:734)
> at org.apache.cxf.endpoint.ServerImpl.start(ServerImpl.java:122)
> at
> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:264)
> ... 5 more
> Caused by: java.net.SocketException: Permission denied
> at sun.nio.ch.Net.bind(Native Method)
> at
> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
> at
>
> org.mortbay.jetty.nio.SelectChannelConnector.open(SelectChannelConnector.java:205)
> at
>
> org.mortbay.jetty.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:304)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
> at org.mortbay.jetty.Server.doStart(Server.java:233)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
> at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:305)
> ... 11 more
>
>
>
>
>
> --
> View this message in context:
> http://www.nabble.com/Jow-to-publish-web-service-using-port-443-%28SSL%29----java.net.SocketException%3A-Permission-denied-issue-tp22698473p22698473.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
Re: Jow to publish web service using port 443 (SSL) /
java.net.SocketException: Permission denied issue
Posted by XyLus <ma...@gmail.com>.
Thanks for a hint
Regards,
Maciej
Eoghan Glynn-4 wrote:
>
> Are you running on Linux perchance?
>
> AFAIK most *nix variants disallow non-root users from listening on ports
> less than 1024.
>
> To avoid running your server with root privileges, you can use xinetd to
> re-direct any traffic from the standard SSL port 443 to some other port >
> 1024.
>
> Cheers,
> Eoghan
>
>
> 2009/3/25 XyLus <ma...@gmail.com>
>
>>
>> Hello All,
>>
>> I am working on web service that should support SSL (the requirement is
>> to
>> publish webservice using port 443).
>>
>> I have following server-config.xml
>>
>>
>> <beans xmlns="http://www.springframework.org/schema/beans"...>
>>
>> <http:conduit
>>
>> name="{http://vn.my.site.com/uploader}UploadServicePort.http-conduit<http://vn.my.site.com/uploader%7DUploadServicePort.http-conduit>
>> ">
>>
>> <http:client AutoRedirect="true" ConnectionTimeout="10000"
>> ReceiveTimeout="10000" AllowChunking="false"
>> />
>> </http:conduit>
>>
>>
>> <httpj:engine-factory>
>> <httpj:engine port="9001">
>> <httpj:tlsServerParameters>
>> <sec:keyManagers keyPassword="password">
>> <sec:keyStore type="JKS"
>> password="password"
>>
>> resource="server_ssl_keystore.jks" />
>> </sec:keyManagers>
>>
>> <sec:cipherSuitesFilter>
>> <!-- these filters ensure that a
>> ciphersuite with
>> export-suitable or null
>> encryption is used,
>> but exclude anonymous
>> Diffie-Hellman key change as
>> this is vulnerable to
>> man-in-the-middle attacks -->
>>
>> <sec:include>.*_EXPORT_.*</sec:include>
>>
>> <sec:include>.*_EXPORT1024_.*</sec:include>
>>
>> <sec:include>.*_WITH_DES_.*</sec:include>
>>
>> <sec:include>.*_WITH_NULL_.*</sec:include>
>>
>> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>> </sec:cipherSuitesFilter>
>> </httpj:tlsServerParameters>
>> </httpj:engine>
>> </httpj:engine-factory>
>>
>>
>> In addtion to this configuration I use following address to publish web
>> service http://localhost:443/UploadService
>>
>>
>>
>> This configuration works fine on my local box but when I start it on
>> server
>> box I get exception:
>> java.net.SocketException: Permission denied (entire stack trace you can
>> find
>> at the end of this post)
>>
>> I have two questions:
>> 1. Have I got correct configuration to publish web service on 443 port
>> (and
>> to use SSL)
>> 2. Given that my configuration is correct - what should I change in JVM
>> security configuration to solve java.net.SocketException: Permission
>> denied
>> error
>>
>>
>> Useful hint would be appreciated.
>>
>> Regards,
>> Maciej
>>
>>
>>
>>
>>
>>
>> java.net.SocketException: Permission denied
>> at sun.nio.ch.Net.bind(Native Method)
>> at
>> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
>> at
>> sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
>> at
>>
>> org.mortbay.jetty.nio.SelectChannelConnector.open(SelectChannelConnector.java:205)
>> at
>>
>> org.mortbay.jetty.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:304)
>> at
>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
>> at org.mortbay.jetty.Server.doStart(Server.java:233)
>> at
>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
>> at
>>
>> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:305)
>> at
>>
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.activate(JettyHTTPDestination.java:155)
>> at
>>
>> org.apache.cxf.transport.AbstractObservable.setMessageObserver(AbstractObservable.java:48)
>> at
>>
>> org.apache.cxf.binding.AbstractBindingFactory.addListener(AbstractBindingFactory.java:166)
>> at
>>
>> org.apache.cxf.binding.soap.SoapBindingFactory.addListener(SoapBindingFactory.java:734)
>> at org.apache.cxf.endpoint.ServerImpl.start(ServerImpl.java:122)
>> at
>> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:264)
>> at
>> org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:202)
>> at
>>
>> org.apache.cxf.jaxws.spi.ProviderImpl.createAndPublishEndpoint(ProviderImpl.java:84)
>> at javax.xml.ws.Endpoint.publish(Endpoint.java:156)
>> at
>>
>> com.sabre.ssg.vn.uploader.UploadServiceServer.<init>(UploadServiceServer.java:47)
>> at
>>
>> com.sabre.ssg.vn.uploader.UploadServiceServer.main(UploadServiceServer.java:58)
>> Mar 25, 2009 4:36:28 AM sun.reflect.NativeMethodAccessorImpl invoke0
>> WARNING: failed Server@26796e1c
>> java.net.SocketException: Permission denied
>> at sun.nio.ch.Net.bind(Native Method)
>> at
>> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
>> at
>> sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
>> at
>>
>> org.mortbay.jetty.nio.SelectChannelConnector.open(SelectChannelConnector.java:205)
>> at
>>
>> org.mortbay.jetty.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:304)
>> at
>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
>> at org.mortbay.jetty.Server.doStart(Server.java:233)
>> at
>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
>> at
>>
>> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:305)
>> at
>>
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.activate(JettyHTTPDestination.java:155)
>> at
>>
>> org.apache.cxf.transport.AbstractObservable.setMessageObserver(AbstractObservable.java:48)
>> at
>>
>> org.apache.cxf.binding.AbstractBindingFactory.addListener(AbstractBindingFactory.java:166)
>> at
>>
>> org.apache.cxf.binding.soap.SoapBindingFactory.addListener(SoapBindingFactory.java:734)
>> at org.apache.cxf.endpoint.ServerImpl.start(ServerImpl.java:122)
>> at
>> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:264)
>> at
>> org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:202)
>> at
>>
>> org.apache.cxf.jaxws.spi.ProviderImpl.createAndPublishEndpoint(ProviderImpl.java:84)
>> at javax.xml.ws.Endpoint.publish(Endpoint.java:156)
>> at
>>
>> com.sabre.ssg.vn.uploader.UploadServiceServer.<init>(UploadServiceServer.java:47)
>> at
>>
>> com.sabre.ssg.vn.uploader.UploadServiceServer.main(UploadServiceServer.java:58)
>> javax.xml.ws.WebServiceException: org.apache.cxf.interceptor.Fault: Could
>> not start Jetty server: Permission denied
>> at
>> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:268)
>> at
>> org.apache.cxf.jaxws.EndpointImpl.publish(EndpointImpl.java:202)
>> at
>>
>> org.apache.cxf.jaxws.spi.ProviderImpl.createAndPublishEndpoint(ProviderImpl.java:84)
>> at javax.xml.ws.Endpoint.publish(Endpoint.java:156)
>> at
>>
>> com.sabre.ssg.vn.uploader.UploadServiceServer.<init>(UploadServiceServer.java:47)
>> at
>>
>> com.sabre.ssg.vn.uploader.UploadServiceServer.main(UploadServiceServer.java:58)
>> Caused by: org.apache.cxf.interceptor.Fault: Could not start Jetty
>> server:
>> Permission denied
>> at
>>
>> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:328)
>> at
>>
>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.activate(JettyHTTPDestination.java:155)
>> at
>>
>> org.apache.cxf.transport.AbstractObservable.setMessageObserver(AbstractObservable.java:48)
>> at
>>
>> org.apache.cxf.binding.AbstractBindingFactory.addListener(AbstractBindingFactory.java:166)
>> at
>>
>> org.apache.cxf.binding.soap.SoapBindingFactory.addListener(SoapBindingFactory.java:734)
>> at org.apache.cxf.endpoint.ServerImpl.start(ServerImpl.java:122)
>> at
>> org.apache.cxf.jaxws.EndpointImpl.doPublish(EndpointImpl.java:264)
>> ... 5 more
>> Caused by: java.net.SocketException: Permission denied
>> at sun.nio.ch.Net.bind(Native Method)
>> at
>> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
>> at
>> sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
>> at
>>
>> org.mortbay.jetty.nio.SelectChannelConnector.open(SelectChannelConnector.java:205)
>> at
>>
>> org.mortbay.jetty.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:304)
>> at
>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
>> at org.mortbay.jetty.Server.doStart(Server.java:233)
>> at
>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)
>> at
>>
>> org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine.addServant(JettyHTTPServerEngine.java:305)
>> ... 11 more
>>
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Jow-to-publish-web-service-using-port-443-%28SSL%29----java.net.SocketException%3A-Permission-denied-issue-tp22698473p22698473.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Jow-to-publish-web-service-using-port-443-%28SSL%29----java.net.SocketException%3A-Permission-denied-issue-tp22698473p22751192.html
Sent from the cxf-user mailing list archive at Nabble.com.