[jboss-remoting-issues] [JBoss JIRA] Commented: (JBREM-1191) Support org.jboss.security.ssl.JaasSecurityDomainSocketFactory for SSL protocols when the client is a JBoss Application Server

Ron Sigal (JIRA) jira-events at lists.jboss.org
Thu May 27 22:09:08 EDT 2010 

    [ https://jira.jboss.org/browse/JBREM-1191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12532900#action_12532900 ] 

Ron Sigal commented on JBREM-1191:
----------------------------------

Hey Ben,

Setting "socketFactoryClassName" (Remoting.SOCKET_FACTORY_CLASS_NAME) to "org.jboss.security.ssl.JaasSecurityDomainSocketFactory" in the InvokerLocator - i.e.,

  <attribute name="socketFactoryClassName" isParam="true">org.jboss.security.ssl.JaasSecurityDomainSocketFactory</attribute>

will cause the Remoting client to create an org.jboss.security.ssl.JaasSecurityDomainSocketFactory.  What am I missing?

> Support org.jboss.security.ssl.JaasSecurityDomainSocketFactory for SSL protocols when the client is a JBoss Application Server
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBREM-1191
>                 URL: https://jira.jboss.org/browse/JBREM-1191
>             Project: JBoss Remoting
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: security
>    Affects Versions: 2.5.2.SP2 (Flounder)
>         Environment: Server and Client are instances of JBoss EAP 5.x or above.
>            Reporter: Ben Schofield
>
> The JBoss Application Server uses JaasSecurityDomains for creating KeyManager and TrustManagers.  When one JBoss instance is making a call to another JBoss instance which uses remoting such as a remote EJB3 call, then JaasSecurityDomains could be used to load key and trust stores on the client when negotiation SSL.  The JBoss code base already defines a SSLSocketFactory to do this. (org.jboss.security.ssl.JaasSecurityDomainSocketFactory) 
> The solution could be as simple as supporting something similar to Remoting.SOCKET_FACTORY_CLASS_NAME which instantiates a SocketFactory on the client side. A new flag Remoting.SSLSOCKET_FACTORY_CLASS_NAME could be used to instantiate a javax.net.ssl.SSLSocketFactory like org.jboss.security.ssl.JaasSecurityDomainSocketFactory.
> Supporting this feature would free JBoss from having to share key and trust stores with enterprise applications that use the standard javax.net.ssl.* properties to locate and load their key and trust stores.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-remoting-issues mailing list