Just noticed that when http-listener-1 is Security [X] Enabled, asadmin deploy fails with an exception in the server log:
Caused by: java.lang.NullPointerException
... 84 more
I can perfectly asadmin deploy when temporarily setting disabling Security [ ] Enabled and enable it afterwards! It is 100% repeatable using Payara Community 5.2021.8. HTTPS works perfectly well then with the deployed application.
Side note, I am using a PKCS #12 certificate file directly as the keystore, and have not imported the own public key in the separate Java keystore.
Is there something I missed? Did I discover a bug?
From what you wrote it looks like when you set http-listener-1 to security enabled, there’s no other http listener with security disabled. And it also seems that your application contains a JAX-WS web service. By looking at the code, I think what happens is that the WebServerInfo structure only sets the secure virtual server (setHttpsVS): https://github.com/payara/Payara/blob/b263fb8b7eab9fee664cd8b0a9457ed3dc96cdd0/appserver/webservices/jsr109-impl/src/main/java/org/glassfish/webservices/WsUtil.java#L1531
Later, when the webservice is deployed, I think that the root URL is computed from the non-secured VS, which is null, because the non-secure VS is not set (setHttpVS is not called in the previous step): https://github.com/payara/Payara/blob/b263fb8b7eab9fee664cd8b0a9457ed3dc96cdd0/appserver/web/web-glue/src/main/java/org/glassfish/web/deployment/util/WebServerInfo.java#L107
This happens when the WS endpoint is identified as insecure, with this method: https://github.com/payara/Payara/blob/master/appserver/deployment/dol/src/main/java/com/sun/enterprise/deployment/WebServiceEndpoint.java#L667
Therefore to fix this, you should set the transport guarantee for the URL of your WS endpoint in web.xml to something other than NONE: web.xml Deployment Descriptor Elements
If this doesn’t help or you think that this shouldn’t be necessary, please raise a bug on github and describe how to reproduce it.
All the best,
Ondro, thank you for chiming in! Yes, indeed I think it is a bug in Payara as in the end, we do not enforce HTTPS in our application, but we support it. Hence, it is definitively correct to have NONE in web.xml. Otherwise it would be impossible to switch between secured and unsecured mode without redeploying, which definitively is not what people expect. In the end, if temporarily disabling security on listener-1 at deployment, the applications works pretty will over HTTPS after switching it on then.
BTW, throwing NullPointerException to indicate that there should be something in web.xml other thank NONE is definitively a bug itself.
I will open a issue on Github.
Side Note: Commenting
// @WebService temporarily resolves this issue, which proofs that Ondro’s guess is correct. While this works for us (we do not need this web service currently), it is still a bug in Payara to behave like this.
I see you’ve raised an issue on github: Bug Report: Asadmin deploy fails if http-listener-1 is Security [X] Enabled · Issue #5602 · payara/Payara · GitHub. Can you provide a simple reproducer there to help us search for a fix? It looks like setting up a reproducer for this is not trivial and we now can’t afford to investigate this issue without a reproducer.
All the best,
please find the reproducer here: payara-bugs/PAYARA-5602 at master · mkarg/payara-bugs · GitHub.
Thanks for looking into this!