[jboss-user] [Security & JAAS/JBoss] - Re: SSL Certificates Dynamic Loading
rgurzhiy
do-not-reply at jboss.com
Mon Nov 17 04:45:59 EST 2008
Hello.
I found some information, but it still not work.
Anyway...
I use JBoss Portal 2.7.0 (with JBoss AS 4.2.3)
I have configured my security to use jboss implementation.
This is my ssl connector from [path-to-jboss-default]/deploy/jboss-web.deployer/server.xml
| <Connector port="443" address="${jboss.bind.address}"
| protocol="HTTP/1.1" SSLEnabled="true"
| maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
| emptySessionPath="true"
| scheme="https" secure="true" clientAuth="true"
| securityDomain="java:/jaas/portal-ssl"
| SSLImplementation="org.jboss.net.ssl.JBossImplementation"
| sslProtocol="TLS">
|
| <Factory className="org.apache.catalina.net.SSLServerSocketFactory" />
|
| </Connector>
|
this is my new JbossSecurityDomain from [path-to-jboss-default]/conf/jboss-service.xml
| <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
| name="jboss.security:service=JaasSecurityDomain,domain=portal-ssl">
| <depends>jboss.security:service=JaasSecurityManager</depends>
| <constructor>
| <arg type="java.lang.String" value="portal-ssl" />
| </constructor>
|
| <attribute name="ManagerServiceName">jboss.security:service=JaasSecurityManager</attribute>
| <attribute name="KeyStoreURL">D:/server.keystore</attribute>
| <attribute name="KeyStorePass">server</attribute>
| <attribute name="TrustStoreURL">D:/trusted.keystore</attribute>
| <attribute name="TrustStorePass">trusted</attribute>
| </mbean>
|
So, my security uses keystores from this mbean.
after that I inserted in my code, that updates keystores
| ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityDomain,domain=portal-ssl");
| Object[] params = {};
| String[] signature = {};
|
| MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
| server.invoke(jaasMgr, "reloadKeyAndTrustStore", params, signature);
|
I don't know, what reloadKeyAndTrustStore mbean method do, but I suppose, that it reloads cached keystores.
Well, result is - keystores does not reload if I invoke reloadKeyAndTrustStore either from my code or from jmx-console. Changes does not apply until restart jboss.
Can anybody help me with my configuration?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189733#4189733
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4189733
More information about the jboss-user
mailing list