Hello everybody.
I've tried to configure Jboss to use RMI over SSL to access my Session beans.
It works fine only that way, the server sends it's certificate key to the
client and client must have it in it's trust store, but the client isn't
required to send it's certificate key to the server and server doesn't control
it. Could you please help me? What am I doing wrong?
The service XML file deployed on server:
| <?xml version="1.0" encoding="UTF-8"?>
| <server>
|
| <!-- The SSL domain setup -->
| <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
| name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
| <constructor>
| <arg type="java.lang.String" value="RMI+SSL"/>
| </constructor>
| <attribute
name="KeyStoreURL">d:/jboss-4.0.4.GA/server/suc/certs/ServerKeyTrust.jks</attribute>
| <attribute name="KeyStorePass">password</attribute>
| <attribute
name="TrustStoreURL">d:/jboss-4.0.4.GA/server/suc/certs/ServerKeyTrust.jks</attribute>
| <attribute name="TrustStorePass">password</attribute>
| <attribute
name="ManagerServiceName">jboss.security:service=JaasSecurityManager</attribute>
| </mbean>
|
| <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
|
name="jboss.security:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true">
| <attribute name="RMIObjectPort">14445</attribute>
| <attribute
name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory
| </attribute>
| <attribute name="RMIServerSocketFactoryBean"
| attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory"
| serialDataType="javaBean">
| <property name="bindAddress">${jboss.bind.address}</property>
| <property name="securityDomain">java:/jaas/RMI+SSL</property>
| <property name="wantsClientAuth">true</property>
| <property name="needsClientAuth">true</property>
| </attribute>
|
<depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
| </mbean>
| </server>
|
Part of the definition in jboss.xml in my deployed application:
| <session>
| <ejb-name>SlSbModule</ejb-name>
| <jndi-name>ejb/SlSbModule</jndi-name>
| <local-jndi-name>SlSbModuleLocal</local-jndi-name>
| <invoker-bindings>
| <invoker>
| <invoker-proxy-binding-name>
| stateless-ssl-invoker
| </invoker-proxy-binding-name>
| </invoker>
| <call-logging>true</call-logging>
| </invoker-bindings>
| </session>
| ...
| <invoker-proxy-bindings>
| <invoker-proxy-binding>
| <name>stateless-ssl-invoker</name>
| <!--
invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-mbean -->
|
<invoker-mbean>jboss.security:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true</invoker-mbean>
| <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
| <proxy-factory-config>
| <client-interceptors>
| <home>
|
<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
|
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
|
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
|
<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
| </home>
| <bean>
|
<interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
|
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
|
<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
|
<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
| </bean>
| </client-interceptors>
| </proxy-factory-config>
| </invoker-proxy-binding>
| </invoker-proxy-bindings>
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993308#3993308
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3993308
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
