It's all about the answers!

Ask a question

Fail to log in to Rational Team Concert using HttpClient.


WenHsin Lee (5184) | asked Dec 09 '09, 9:54 p.m.
Hi,

I'm writing a Java http client connecting to RTC 2.0 which shows the exception below. Does someone know how to resolve this? Thanks a lot.

Here is my codes.

URL url = new URL(_serverURL);
client.getParams().setAuthenticationPreemptive(true);
Credentials defaultcreds = new UsernamePasswordCredentials(user, pwd);
client.getState().setCredentials(new AuthScope(url.getHost(),
url.getPort(), AuthScope.ANY_REALM), defaultcreds);
client.executeMethod(httpget);


Exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at oracle.alm.rtc.changemanagement._test.CMServiceTest.login(CMServiceTest.java:51)
at oracle.alm.rtc.changemanagement._test.CMServiceTest.main(CMServiceTest.java:115)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 24 more

7 answers



permanent link
Stefan Hufnagl (29411920) | answered Dec 10 '09, 5:38 a.m.
Hi,

it seems to me that you have problems with the certitificate. Is it a self-signet
certificate? If yes, this could be the reason (in my case it was it and I had to
modify the trust manager).

Which version of httpClient are you using?

Stef

permanent link
WenHsin Lee (5184) | answered Dec 10 '09, 1:17 p.m.
Hi,

it seems to me that you have problems with the certitificate. Is it a self-signet
certificate? If yes, this could be the reason (in my case it was it and I had to
modify the trust manager).

Which version of httpClient are you using?

Stef


Hi Stef,

Thanks for the reply. I use HttpClient 3.1 API to work with trial version of Jazz Team Server which has Rational Team Concert 2.0 installed.

Would you tell me what you change to trust manager? Thanks a lot.

Winson

permanent link
Stefan Hufnagl (29411920) | answered Dec 11 '09, 4:53 a.m.
Hi,

I can send you my code example, it was my first test steps of using the RTC REST API and OSLC.

A good source about using Self-Signed Certificates is:http://java.sys-con.com/node/216388

BTW, what is your idention with this Java Code?

Stef

P.s. How to exchange my Java code?

permanent link
WenHsin Lee (5184) | answered Dec 11 '09, 6:45 p.m.
Hi Stef,

Thanks for the reply. I have created a self-signed certificate and can pass invalid certificate issue. However, I can't log in to Team Concert using HttpURLConnection and receive error response page, not login page, below. Do you know what I do wrong? You may send me (wenhsinl@comcast.net) the sample codes. Thanks a lot.

HttpURLConnection conn = null;
URL url = new URL(serverUrl);

try
{
conn = (HttpURLConnection)url.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("Accept", "application/x-oslc-cm-change-request+xml");
conn.setRequestProperty("Keep-Alive", "300");
conn.setRequestProperty("Connection", "keep-alive");
conn.setRequestProperty("Referer", "https://localhost:9443/jazz");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write("authenticated/identity?redirectPath=%2Fjazz%2F");
wr.flush();
wr.close();
readFromURL(conn);
conn.disconnect();
}
catch (IOException e)
{
e.printStackTrace();
}

Error Response page Header:

{null=,
X-com-ibm-team-repository-web-auth-msg=,
Date=,
Content-Length=,
Expires=,
Last-Modified=,
Set-Cookie=,
Content-Type=,
Server=,
Cache-Control=}<DOCTYPE>


Error Response pager:
<Licensed>

<html>

<head>
<meta>
<meta>
<title>Loading...</title>

<link>


<link></link>

<style>
#net-jazz-ajax-NoScriptMessage {
width: 100%;
color: #D0D0D0;
font-size: 2em;
text-align: center;
position: absolute;
top: 45%;
z-index: 999;
}
</style>

<if>
<style>
body {
width: expression(documentElement.clientWidth < 860 ? "860px": "" );
}
</style>
<endif>

</head>

<body>
<noscript><div>Javascript is either disabled or not available in your Browser</div></noscript>
<div>Loading...</div>
<div></div>

<script>
djConfig = {isDebug: false, usePlainJson: true, baseUrl: "/jazz/web/dojo/"};
net = {jazz: {ajax: {}}};
net.jazz.ajax._dataServerRoot = null;
net.jazz.ajax._contextRoot = "/jazz";
net.jazz.ajax._webuiPrefix = "/web/";
</script>

<script></script>

<script>
dojo.require("net.jazz.ajax.ui.PlatformUI");
</script>

<script>
/* <CDATA> */
</script>



<script>
/* <CDATA> */
</script>
</body>
</html>

permanent link
Stefan Hufnagl (29411920) | answered Dec 14 '09, 5:55 a.m.
Hi,

source is on the way...the structure is as:
* Open the eclipse project RTCREST02
* Start your Jazz server
* Start the JUnit Test testRTCFacace (change the code line rtcconnect.login("localhost", 9443, "ADMIN","ADMIN"); if necessary)

BTW, what I tried to create was a Facade to get easily information about projects, workitems, queries etc. But there is still place do to some coding (the last 5 %). Maybe we can share work...

cu

Stef

permanent link
WenHsin Lee (5184) | answered Dec 14 '09, 10:32 p.m.
Hi Stef,

Thanks for your help. It works.

Based on this link, https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=86400, looks like the users', shared queries are not currently exposed in the service descriptor.


Winson

permanent link
Krzysztof Ka┼║mierczyk (7.4k35097) | answered Oct 24 '13, 9:02 a.m.
Alternatively you can disable checking SSL certificate:
HttpUtils.setupLazySSLSupport(httpclient);

Your answer


Register or to post your answer.