Using WildFly 8.1.0.Final I have issues connecting to a https resource (JAX-RS).
I have the following web.xml:
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>someresource</web-resource-name>
<description/>
<url-pattern>/webresources/somepath/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>somerole</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
<!--<realm-name>file</realm-name>-->
</login-config>
<security-role>
<description>somerole</description>
<role-name>somerole</role-name>
</security-role>
</web-app>
This works fine with GlassFish 4.1, though I have a custom glassfish-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<context-root>/some-module-1.0-SNAPSHOT</context-root>
<security-role-mapping>
<role-name>somerole</role-name>
<principal-name>someuser</principal-name>
<group-name>somegroup</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
It also works fine if I omit the user-data-constraint section.
But with this section enabled then in the browser http://localhost:8080 gets redirected to https://localhost:8443 and I'm getting the following error (German):
Fehler: Verbindung fehlgeschlagen
When I try to connect with a Wink Client to the https URL, I'm getting the following error:
Exception in thread "main" org.apache.wink.client.ClientRuntimeException: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:241)
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:189)
at org.apache.wink.client.internal.ResourceImpl.invokeNoException(ResourceImpl.java:181)
at org.apache.wink.client.internal.ResourceImpl.get(ResourceImpl.java:311)
at somepackage.rest.client.wink.SomeWinkClient.getFoo(SomeWinkClient.java:61)
at somepackage.rest.Main.main(Main.java:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
Caused by: java.lang.RuntimeException: java.net.ConnectException: Connection refused: connect
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:57)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.internal.handlers.AcceptHeaderHandler.handle(AcceptHeaderHandler.java:79)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.handlers.BasicAuthSecurityHandler.handle(BasicAuthSecurityHandler.java:71)
at org.apache.wink.client.internal.handlers.HandlerContextImpl.doChain(HandlerContextImpl.java:52)
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:228)
... 10 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.processRequest(HttpURLConnectionHandler.java:97)
at org.apache.wink.client.internal.handlers.HttpURLConnectionHandler.handle(HttpURLConnectionHandler.java:54)
... 16 more
Update
I added the https-listener configuration as suggested by @hwellmann:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="default-ssl" socket-binding="https" security-realm="SSLRealm"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
and
<security-realm name="SSLRealm">
<server-identities>
<ssl>
<keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="somepwd" alias="wildfly-local" key-password="somepwd"/>
</ssl>
</server-identities>
</security-realm>
I've created a keystore at standalone\configuration using:
keytool -genkey -alias wildfly-local -keyalg RSA -keypass somepwd -storepass somepwd -keystore keystore.jks -validity 9999
But I'm still getting the same errors.
Do you have an https-listener in the undertow subsystem of your standalone.xml? This is not configured by default.
What you need is
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<!-- ... -->
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https-ext"/>
<https-listener name="default-ssl" socket-binding="https" security-realm="MySslRealm"/>
</server>
<!-- ... -->
</subsystem>
and you need to configure the security realm with a keystore, see this blog for more details.