[jboss-user] [Remoting] - SSLServlet
MarcReis
do-not-reply at jboss.com
Wed Dec 6 11:54:12 EST 2006
Hi,
I have a few Questions to using the sslservlet. We Are using JBossGA 4.0.4 with Remoting 1.4.1.
The communication over the servlet for http works fine.
For https contacting the webconsole on https over 8443 also works over the browser. But using my client over https to go for ejb3's fails.
I looked at the wiki and docs, but I dont get it togehter correctly...
So here what I did:
First of I generated the keys and put them to the server and to the client (seems to have worked)
.
For the Client I then:
configured the jndi.propteries as follows:
| mct.java.naming.factory.initial=org.jboss.naming.HttpNamingContextFactory
| mct.java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces,java.protocol.handler.pkgs
| mct.java.naming.provider.url=https://myserver.de/invoker/restricted/JNDIFactorySSL
|
added the following jvm parameters
| -Djavax.net.ssl.trustStore=C:\work\tmp\Certificates\myclient\client.truststore
| -Djavax.net.ssl.trustStorePassword=topsecret
|
Then I configured the tomcat server:
| <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
| <Connector port="8443" address="${jboss.bind.address}"
| maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
| emptySessionPath="true"
| scheme="https" secure="true" clientAuth="false"
| keystoreFile="${jboss.server.home.dir}/conf/ssl/server.keystore"
| keystorePass="topsecret" sslProtocol = "TLS"/>
|
... moved on to the http-invoker. There I added the the following mbean to the META-INF/jboss-service.xml
| <!-- Expose the Naming service interface via HTTPS -->
| <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
| name="jboss:service=invoker,type=https,target=Naming">
| <!-- The Naming service we are proxying -->
| <attribute name="InvokerName">jboss:service=Naming</attribute>
| <!-- Compose the invoker URL from the cluster node address -->
| <attribute name="InvokerURLPrefix">https://</attribute>
| <attribute name="InvokerURLSuffix">:8443/invoker/restricted/JMXInvokerServlet</attribute>
| <attribute name="UseHostName">true</attribute>
| <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
| <attribute name="JndiName"></attribute>
| <attribute name="ClientInterceptors">
| <interceptors>
| <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
| <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
| <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
| <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
| </interceptors>
| </attribute>
| </mbean>
|
and this to the WEB-INF/web.xml
| <!--Https servlet for https Kommunikation-->
| <servlet>
| <servlet-name>JNDIFactorySSL</servlet-name>
| <description>A servlet that exposes the JBoss JNDI Naming service stub through http. The return content is a serialized MarshalledValue containing the org.jnp.interfaces.Naming stub. This configuration handles requests for the standard JNDI naming service. </description>
| <servlet- class>org.jboss.invocation.http.servlet.NamingFactoryServlet</servlet-class>
| <init-param>
| <param-name>namingProxyMBean</param- name>
| <param- value>jboss:service=invoker,type=https,target=Naming</param-value>
| </init-param>
| <init-param>
| <param-name>proxyAttribute</param- name>
| <param-value>Proxy</param-value>
| </init-param>
| <load-on-startup>2</load-on-startup>
| </servlet>
|
| <!--Mapping for SSL-->
| <servlet-mapping>
| <servlet-name>JNDIFactorySSL</servlet-name>
| <url-pattern>/restricted/JNDIFactorySSL/*</url- pattern>
| </servlet-mapping>
|
After that I added the following to the servlet-invoker.war/WEB-INF/web.xml
| <servlet>
| <servlet-name>ServerInvokerServletSSL</servlet-name>
| <description>The ServerInvokerServlet receives requests via HTTPS
| protocol from within a web container and passes it onto the
| ServletServerInvoker for processing.
| </description>
| <servlet- class>org.jboss.remoting.transport.servlet.web.ServerInvokerServlet</servlet-class>
| <init-param>
| <param-name>locatorUrl</param-name>
| <param- value>sslservlet://${jboss.bind.address}:8443/servlet- invoker/ServerInvokerServlet</param-value>
| <description>The servlet server invoker url</description>
| </init-param>
| <load-on-startup>1</load-on-startup>
| </servlet>
| <servlet-mapping>
| <servlet-name>ServerInvokerServlet</servlet-name>
| <url-pattern>/ServerInvokerServlet/*</url-pattern>
| </servlet-mapping>
| </web-app>
|
Then I moved on to the ejb3-deployer/META-INF/jboss-service.xml. Here I am not sure what I actualy need. I first tried it with this
| <mbean code="org.jboss.remoting.transport.Connector"
| name="jboss.remoting:type=Connector, transport=SSLServlet"
| display-name="Servlet transport Connector">
| <depends>jboss.aop:service=AspectDeployer</depends>
| <attribute name="InvokerLocator">
| sslservlet://${jboss.bind.address}:8443/servlet-invoker/ServerInvokerServlet</attribute>
| <attribute name="Configuration">
| <handlers>
| <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
| </handlers>
| </attribute>
| </mbean>
|
The above results in a
| [org.jboss.system.ServiceController] Problem creating service jboss.remoting:type=Connector,nam
| e=DefaultEjb3ConnectorSSL,handler=ejb3
| java.lang.RuntimeException: Couldn't find valid server invoker class for transport 'sslservlet'
| at org.jboss.remoting.InvokerRegistry.createServerInvoker(InvokerRegistry.java:434)
| at org.jboss.remoting.transport.Connector.init(Connector.java:388)
| at org.jboss.remoting.transport.Connector.create(Connector.java:745)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
|
(Altervatively I tried it with defining the SSLSocketBuilder, SSLServerSocketFactoryService mbeans and then a
the connector mbean)
I also passt the server the follwing jvm parameters:
| -Ddefault.client.bindurl=sslservlet://myserver.de/servlet- invoker/ServerInvokerServlet
| -Djavax.net.ssl.keyStore=$JBOSS_HOME/server/conf/ssl/server.keystore
| -Djavax.net.ssl.keyStorePassword=olga4all
|
At the moments all my attempts lead me the above server error or to this on the client:
| javax.naming.NamingException: Failed to retrieve Naming interface [Root exception is java.net.ConnectException: Connection refused: connect]
| at org.jboss.naming.HttpNamingContextFactory.getInitialContext(HttpNamingContextFactory.java:84)
| at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
| at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
| at javax.naming.InitialContext.init(InitialContext.java:223)
| at javax.naming.InitialContext.<init>(InitialContext.java:197)
|
I appreciate any help!
Thanks!
Marc
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3991708#3991708
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3991708
More information about the jboss-user
mailing list