Tuesday, July 3, 2012

Surefire/Failsafe maven plugin and SSL

I was puzzled today by an interesting feature introduced by the "surefire" and "failsafe" maven plugins (used for unit/integration test my components). These were introduced with their 2.1 release.  As I had components calling web services using 2-way SSL for authentication, I noticed that my test cases where failing when using maven via command line (mvn clean install). They worked on the IDE (Eclipse/STS) fine, but were not working on the command line. I saw the following error:
PKIX path building failed: ... unable to find valid certification path to requested target
 So it was clear that maven was not passing the SSL system properties from my .mavenrc file:

This is what I discovered as I read more the documentation.

As it turns out, since the 2.1 release both "surefire" and "failsafe" maven plugins introduced the "optional" parameter to specify the "jvm" for a given test. I can see why it's a useful idea, but I missed to read the "small" foot print:
Option to specify the jvm (or path to the java executable) to use with the forking options. For the default, the jvm will be a new instance of the same VM as the one used to run Maven. JVM settings are not inherited from MAVEN_OPTS.
This means that based on the "forkMode" option, a new VM will (potentially) be started. I tested this by trying the "forkMode=never" configuration. This made my test successfully call the secured web service. As I didn't like that approach, I opted for the plugin configuration approach using the "systemPropertiesVariables" configuration:

Notice that I also added SSL debug flags to see more verbose logging. This configuration ensured that my test was getting the SSL flags needed to enable 2-way SSL and continue operations. This was a small "gotcha" of the "surefire" and "failsafe" plugins. I'm glad they actually documented this feature.

1 comment:

web application development company said...

Thanks a lot for this codes. I was looking from last 20day and today got it.