User development, A new message was posted in the thread "Possible to define client truststore on server when using sslsocket transport?":
http://community.jboss.org/message/528080#528080 Author : Ben Schofield Profile : http://community.jboss.org/people/dbschofield Message: -------------------------------------------------------------- I am using JBoss Remoting 2.5.2 with JBoss EAP 5.0. When using the sslsocket transport, is it possible to configure the location of the truststore used by the remoting client during the ssl handshake? From what I have demonstrated to myself already the client will use the cacerts file or the truststore specified by the system property javax.net.ssl.trustStore. Instead of using either of these truststores I would like to define on the server side which truststore (and truststore password) the client should use. Is this possible? I have configured both the socketFactory and serverSocketFactory properties of the Connector (xml bean configuration below). I anticipated that the client would honor the socketFacotory setting but this doesn't seem to be the case. Did some research and found the following in the remoting guide pdf. 5.7.4. Client side configuration from the JBoss Application Server As described in sections Declarative configuration: MBeans and Declarative configuration: POJOs, the declarative xml files used by the Application Server can be used to configure the client by way of the parameters included in the InvokerLocator. However, a peculiarity in the way socket factories are created on the client restricts the parameters taken into consideration to those passed in the configuration map passed to the org.jboss.remoting.Client constructor. The following two parameters, introduced in releases 2.4.0.SP1 and 2.5.2, respectively, eliminate that restriction. org.jboss.remoting.Remoting.SOCKET_FACTORY_NAME (actual value is 'socketFactory') - key for giving the name of the socket factory class to be used by clients. org.jboss.remoting.Remoting.USE_ALL_SOCKET_FACTORY_PARAMS (actual value is 'useAllSocketFactoryParams') - key for indicating that all socket factory parameters in the InvokerLocator should be used by clients. Note that the parameter org.jboss.remoting.Remoting.CONFIG_OVERRIDES_LOCATOR (actual value "configOverridesLocator"), described in section org.jboss.remoting.Remoting, is also relevant. I am not 100% these settings are what I need but would like to try them out. Unfortunately I am not sure how to set these in a JBoss MicroContainer bean xml file. Any insight on how to do this would be appreciated. <deployment xmlns="urn:jboss:bean-deployer:2.0"> <!-- We don't want the AOPDependencyBuilder --> <annotation>@org.jboss.aop.microcontainer.annotations.DisableAOP</annotation> <!-- JBoss Remoting Connector Note: Bean Name "org.jboss.ejb3.RemotingConnector" is used as a lookup value; alter only after checking java references to this key. --> <bean name="org.jboss.ejb3.RemotingConnector" class="org.jboss.remoting.transport.Connector"> <property name="invokerLocator"> <value-factory bean="ServiceBindingManager" method="getStringBinding"> <parameter> jboss.remoting:type=Connector,name=DefaultEjb3Connector,handler=ejb3 </parameter> <parameter> <null /> </parameter> <parameter>sslsocket://${jboss.bind.address}:${port}</parameter> <parameter> <null /> </parameter> <parameter>3873</parameter> </value-factory> </property> <property name="serverConfiguration"> <inject bean="ServerConfiguration" /> </property> <property name="serverSocketFactory"> <inject bean="sslServerSocketFactory" /> </property> <property name="socketFactory"> <inject bean="sslSocketFactory" /> </property> </bean> <bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory"> <constructor> <!-- defines the keystore to use --> <parameter><inject bean="jboss.security:service=JAAS-Security-Domain"/></parameter> </constructor> </bean> <bean name="sslSocketFactory" class="org.jboss.security.ssl.DomainSocketFactory"> <constructor> <!-- hopefully defines the truststore configured in the injected JaasSecurityDomain to be used by the client --> <parameter><inject bean="jboss.security:service=JAAS-Security-Domain"/></parameter> </constructor> </bean> <!-- Remoting Server Configuration --> <bean name="ServerConfiguration" class="org.jboss.remoting.ServerConfiguration"> <property name="invocationHandlers"> <map keyClass="java.lang.String" valueClass="java.lang.String"> <entry> <key>AOP</key> <value> org.jboss.aspects.remoting.AOPRemotingInvocationHandler </value> </entry> </map> </property> </bean> </deployment> -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/528080#528080
_______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
