Nuxeo Live Edit throws a Java NPE
Hi,
I'm using Nuxeo DM 5.5, LibreOffice 3.5.4.2 with the LibreOffice libreoffice-java-common packages installed, and Firefox 17.0 on Ubuntu 12.04 with OpenJDK 6 update 24.
I've configured an HTTPS reverse proxy in line with the official Nuxeo documentation. I'm using a self-signed certificate. The Nuxeo server is one of the pre-packaged VMs provided by Nuxeo which is running in VirtualBox.
Nuxeo LiveEdit Protocol Handler 0.5.2 is installed in Firefox, and LiveEdit for openoffice Version 2.4.0 has been installed in LibreOffice.
When Live Edit is launched in Nuxeo DM, I receive the following error:
An exception occurred
Type: com.sun.star.uno.RuntimeException
Message: [jni_uno bridge error] UNO calling Java method
execute: non-UNO exception occurred:
java.lang.NullPointerException
java stack trace:
java.lang.NullPointerException
at
org.nuxeo.liveedit.restclient.LiveEditClientRestletImpl.getParsedDocument(LiveEditClientRestletImpl.java:570)
at
org.nuxeo.liveedit.restclient.LiveEditClientRestletImpl.lockDocument(LiveEditClientRestletImpl.java:519)
at
org.nuxeo.liveedit.extension.ooo.LiveEditConnector.actionLoad(LiveEditConnector.java:294)
at
org.nuxeo.liveedit.extension.ooo.LiveEditConnector.execute(LiveEditConnector.java:191)
.(line81)
I've seen a few posts here and there referring to similar errors, possibly related to HTTPS being configured, but nothing in the way of resolutions.
Has anyone actually managed to configure HTTPS with Live Edit, and if so can they assist at all with what is going on here? Any leads most appreciated.
Cheers, Dave
Hi,
I got the same problem and found this page. Now I solved the problem and below is how I solved it.
(1) find where is the working dir for your plugin.
Look at “tools -> Add-ons -> Nuxeo LiveEdit Protocol Handler -> Preferences
(2) Find the log
AFTER producing the error, you should be able to find a log file in the working dir named nuxeo-liveedit-openoffice-extension.log. Open that log and find the cause of the problem. To me, it was
2013-04-24 11:12:34,254 DEBUG (HttpMethodDirector.java:443) - handshake alert: unrecognized_name javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1289)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1970)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1093)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream
(MultiThreadedHttpConnectionManager.java:1565)
(3) Solution
Here “javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name” is the key. By googling it I was pointed to this post:
Basically the solution is to set ServerName and ServerAlias on your Apache server.
(4) Add the CA certificate into client-side Java environment
I used a self-signed certificate. Before found the above solution, I also added the certificate for the CA (self-signed) to the keyring of the client-side Java environment in which the LiveEdit plug-in runs. To do this, use “keytool” and google to find how to add a trusted key into the cacerts.
Also note you might have more than one Java environment of different version and / or provider. Choose the right one or add the key to all.
If the issuer of the certificate is not trusted in client-side Java environment, this step is a must.
Hope this helps.
Bing
To summarise:
- there is a badly-configured server SSL certificate not corresponding to the server name returned, and that should be fixed at the server side,
- the crash client-side seems to be a real bug in Java 7 but Oracle doesn't seem willing to recognized it
- you can work around the problem on the client side by setting
-Djsse.enableSNIExtension=false
I have generated and installed a Class 1 SSL certificate from StartSSL (i.e. not self signed). HTTPS connectivity to the Nuxeo server (using the Apache 2.x reverse proxy configuration documented at http://doc.nuxeo.com/display/ADMINDOC56/HTTP+and+HTTPS+reverse-proxy+configuration) is fine at all stages of user authentication and login session.
The LiveEdit behaviour I've described in my original post however hasn't changed at all.
I have verified there is a ServerName directive in my Apache virtual host file. I have also imported my StartSSL public certificate into the Nuxeo VM's system Java keystore - still no change in behaviour.
The debug output from the Firefox Nuxeo LiveEdit extension is at the following link: I've simply clicked on a document in Nuxeo DM, clicked on "Edit Online", observed the error message originally described, and collected the log output:
http://ubuntuone.com/6YtH4PNKybKpFKKsb8VIGG
There is no reference to the error resolved in Bing Ren's post, and darned if I can find anything pointing explicitly another potential cause.
I simply cannot think of anything even remotely esoteric I am doing. I'm using a prepackaged Nuxeo VM, following all the official configuration documentation, and using a known CA's certificate.
(Florent, by the way you mentioned above that the client side crash is a bug in Java 7, but I originally observed this behaviour using OpenJDK 6 as in my original post.)
Cheers, Dave
First, the StartSSL public certificate is to be imported into the Java environment of client machine, not server. The idea is, the LiveEdit plug-in runs in a Java environment (so you see the Java error messages). The plug-in connects to the server, gets the certificate from server, and decides whether or not to accept the certificate. If the client Java environment doesn't know the certificate issuer, it might reject the certificate and drop the connection. So, if the StartSSL public certificate is not trusted in the client environment, import it into the client environment, into cacerts.
Then, I saw your log and it's quite similar to a situation I encountered. You should examine the Apache log files on server. In my case, I found this line in /var/log/apache2/ssl_access.log:
192.168.20.1 - - [03/May/2013:16:04:06 +0800] "GET /nuxeo/restAPI/ HTTP/1.1" 403 475 "-" "Noelios-Restlet-Engine/1.0.6"
This is the line logging access to the server by the plugin. Return code 403 indicates "access forbidden". The reason is that I also used Apache to do server-side authentication based on client certificate, and such certificate is only loaded to Firefox, not the client Java environment on which the plugin runs. Your case might be different but it's a good start to look for "GET /nuxeo/restAPI/" line in server logs.
Hope this helps.
Bing
Brilliant, thanks - I imported the certificate manually into the client's Java keystore as per your advice and it works :)
Thanks again for your help!
Cheers, Dave