When you are working with Glassfish (like I am doing now), you might need to capture your HTTPS traffic. In an earlier post, I explained how to capture and decrypt any SSL/TLS traffic, as long as you have the server private key.
While this method is quite effective and universal, it is still a little cumbersome, especially since the actual SSL decoder in Wireshark is not yet fully integrated into the analyzer itself.
For Sun's Glassfish application server, there is a fairly simple way to monitor any web services HTTPS traffic:
simply go into the domain.xml file of your domain and add the following <jvm-options>:
<jvm-options>-DWSIT_HOME=${com.sun.aas.installRoot}</jvm-options> <jvm-options>-Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true</jvm-options> <jvm-options>-Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true</jvm-options>
The server.log (in <installRoot>/domains/domain1/logs) will then contain the fully assembled web services exchanges.
tag: glassfish, java, wsit, SSL, HTTPS
Copyright by Gerald Beuchelt.
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.
In addition, my opinions can change. This weblog provides a momentary snapshot of such opinions. Existing posts that were written in the past do not necessarily reflect my current thoughts and opinions.
For the purposes of attribution, the author is "Gerald Beuchelt" and attribution shall provide a (clickable, where possible) URL to this site.
© 2008, Gerald Beuchelt
E-mail