Sorry, yes clientAuth was web app specific; but actually it is not necessary if the
login configuration method is used.
Although the wiki material did relate to web apps the security domain and login
settings sould be completely portable; the main difference is that instead of
configuring a tomcat connector you will have to config the RMI invocation machinery,
and instead of configuring the webapp you'll configure the EJBs.
The pay docs detail a "one way" auth secnario which sets out most of the structure for
SSL RMI, and as a first try I would just try porting the login configuration to the
RMI example. A JAASSecurityDomain encapsulates both a key store and a trust store so
if the RMIInvoker picks them up correctly, two way auth should be feasable (if not
pretty much impossible).
with any luck you have a nice SSL mutual auth happening:
SSL handshake, using sockets [hopefully] set up by the relevent invoker services with
keys & trust certificates:
caller ("client") socket configured from security domain with its key & trusting the
callee
Callee ("server") socket configured from security domain with its key & trusting the
caller
and, if you indulge in authorisation/login: login modules will be invoked on the
server (hopefully picking up client cert from connection)
(I'm gambling here as I'm much more a WS expert than RMI, but the low level SSL sould
be the same, it is just a case of delivering the keys & truststore to the sockets;
good luck with it)
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3839469#3839469
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3839469
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
