远程SOAP Web服务保持断开连接 [英] Remote SOAP web service keeps breaking connection

问题描述

我正在使用 JBoss SwitchYard 连接到安全的远程SOAP Web服务.发送请求后，由于某种原因；远程Web服务正在停止任何进一步的通信；所以我没有收到回复.

I'm using JBoss SwitchYard to connect to secured remote SOAP web service. For some reason after the request is sent; remote web service is stopping any further communication; so I'm not receiving a response.

我需要一个想法或解决方案，这里可能有问题.

I need an idea or solution what could be a problem here.

由以下原因引起:java.net.SocketException:调用https://**********.asmx的SocketException:服务器中的文件意外结束

Caused by: java.net.SocketException: SocketException invoking https://**********.asmx: Unexpected end of file from server

说明和笔记

• 远程Web服务正在使用自签名证书；我已将服务器证书导入到本地信任库中，另外，我还拥有其他证书(在密钥库中)以向远程服务器标识自己.
• 感谢 -Djavax.net.debug = all SSL调试日志和 Wireshark 日志，我知道客户端和服务器均成功进行了SSL握手，并且客户端已成功发送一个请求.
• 服务器还使用IP过滤来允许直接通信，并且我的IP已列入白名单.
• 如果我尝试通过 SoapUI 发送相同的XML请求，则效果很好，并且收到了响应.您应该考虑到 SoapUI 仅使用密钥库.它设置为始终信任远程服务，因此不需要或不使用信任库.
• 现在来了有趣的部分.如果我使用 Fiddler (免费的Web调试代理)作为我的 JBoss SwitchYard 和远程Web服务之间的中间人"(以查看发生的情况)，突然一切正常.
• 直接连接与使用 Fiddler 作为代理之间的唯一区别在于，在实际连接中使用 Connection = Keep-Alive 标头参数，在Fiddler情况下使用 Proxy-Connection = Keep-Alive 参数.我不知道还有其他重大区别.
• 如果我在 SoapUI 中手动更改这些标头参数，我仍然会收到成功的响应.仅当我缺少 SOAPAction 和 Content-Type 标头参数时，连接才会失败，但是它们在每种情况下都存在(并且相同).
• 当我通过 Wireshark 观察到这种通信时，唯一的区别是远程服务器正在停止进一步的通信(当 JBoss Switchyard 应用程序直接与远程Web服务通信时) .
• 我无权访问远程日志，也无法获取它们.所以我在瞎工作.
• 在每种情况下(无论是否使用Fiddler)，我都使用公司代理访问远程Web服务.该代理不是问题，因为其他SwitchYard应用程序都可以正常工作.

Description and notes

• Remote web service is using self-signed certificate; I have imported server certificate into my local truststore + plus I have my other certificate (in my keystore) to identify myself to the remote server.
• Thanks to -Djavax.net.debug=all SSL debug logs and Wireshark logs I know that both client and server made a successful SSL handshake and client has successfully sent a request.
• The server also uses IP filtering to allow a direct communication and my IP is whitelisted.
• If I try to send the same XML request via SoapUI it works just fine and I receive a response. You should take into account that SoapUI only uses keystore; it is set to always trust remote services so no truststore is needed or used.
• Now comes the funny part. If I use a Fiddler (free web debugging proxy) as a "man in the middle" between my JBoss SwitchYard and remote web service (to see what is happening), suddenly everything works.
• The only difference between direct connection and using Fiddler as a proxy is that in real connection Connection = Keep-Alive header parameter is used and in Fiddler case, Proxy-Connection = Keep-Alive parameter is used. I don't know is there any other significant difference.
• If I manually change these header parameters in SoapUI I still receive a successful response. A connection will fail only if I'm missing SOAPAction and Content-Type header parameters, but they are present in each case (and are the same).
• When I observe this communication via Wireshark only difference I can see is that remote server is stopping further communication (when JBoss Switchyard application is directly communicating with remote web service).
• I don't have an access to remote logs nor I'm allowed to get them. So I'm working blind.
• In each case (With or without Fiddler) I'm using a company Proxy to reach remote web Service. This proxy is not a problem because other SwitchYard applications are working just fine.
• JBoss EAP 6.4
• JBoss SwitchYard 2.0.1.redhat-621159

推荐答案

异常

java.net.SocketException:服务器中的文件意外结束

java.net.SocketException: Unexpected end of file from server

此异常表示服务器已接受您的连接，这意味着SSL握手确实成功.但是服务器在获得响应之前关闭了连接(通过TCP重置或fin).

This exception implies that server already accepted your connection, which means your SSL handshake is indeed succeed. But the server closed the connection (by a TCP reset or fin) before you can get the response.

通常在两种情况下发送重置:

A reset is usually sent in two cases:

• 与配置的持久连接(保持活动连接)超过
• 服务器重新启动丢失了连接

通常，持久连接具有两个配置:

Usually, a persistent connection has two config:

Keep-Alive: timeout=15, max=100

timeout表示时间(以秒为单位)，max表示最大请求数.

timeout means time in seconds, max means max requests.

让我们比较一下您描述的三种不同情况:

Let's compare the three different cases you have described:

• SoapUI:成功； ?
• 直接连接:失败；连接=保持活动状态
• 提琴手:成功；代理连接=保持活动状态

在第三种情况下，如果我理解正确，则您与客户端之间的持久连接以及从代理服务器到服务器的持久连接尚不清楚.

In the third case, if I understand you right, your persistent connection is from client to proxy and from proxy to server is not clear.

 client----->Proxy----->server

建议

• 尝试从响应中获取服务器的持久连接配置(例如此处)，以查看如果直接连接超过了时间或数量限制
• 尝试不使用持久连接:java -Dhttp.keepalive=false

Suggestions

• try to get the server's persistent connection config from response (like here), to see if direct connection exceed the time or numbers of limit
• try to not use persistent connection: java -Dhttp.keepalive=false
• tcp中的fin vs rst
• 保持活动标头
• fin vs rst in tcp
• keep alive header

这篇关于远程SOAP Web服务保持断开连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！