[jboss-user] [Security & JAAS/JBoss] - Re: SSL Certificates Dynamic Loading

rgurzhiy do-not-reply at jboss.com
Mon Nov 17 04:45:59 EST 2008 

Hello.
I found some information, but it still not work.

Anyway...

I use JBoss Portal 2.7.0 (with JBoss AS 4.2.3)
I have configured my security to use jboss implementation. 

This is my ssl connector from [path-to-jboss-default]/deploy/jboss-web.deployer/server.xml

  | 	<Connector port="443" address="${jboss.bind.address}" 
  | 		protocol="HTTP/1.1" SSLEnabled="true"
  |      		maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
  |      		emptySessionPath="true"
  |      		scheme="https" secure="true" clientAuth="true" 
  |      		securityDomain="java:/jaas/portal-ssl"
  | 		SSLImplementation="org.jboss.net.ssl.JBossImplementation"
  | 		sslProtocol="TLS">
  | 
  | 		<Factory className="org.apache.catalina.net.SSLServerSocketFactory" />
  | 
  | 	</Connector>
  | 

this is my new JbossSecurityDomain from [path-to-jboss-default]/conf/jboss-service.xml

  |    <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  | 	name="jboss.security:service=JaasSecurityDomain,domain=portal-ssl">
  | 	<depends>jboss.security:service=JaasSecurityManager</depends>
  | 	<constructor>
  |         <arg type="java.lang.String" value="portal-ssl" />
  | 	</constructor>
  | 
  | 	<attribute name="ManagerServiceName">jboss.security:service=JaasSecurityManager</attribute>
  | 	<attribute name="KeyStoreURL">D:/server.keystore</attribute>
  | 	<attribute name="KeyStorePass">server</attribute>
  | 	<attribute name="TrustStoreURL">D:/trusted.keystore</attribute>
  | 	<attribute name="TrustStorePass">trusted</attribute>
  |    </mbean> 
  | 
So, my security uses keystores from this mbean.

after that I inserted in my code, that updates keystores

  | 	ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityDomain,domain=portal-ssl");
  | 	Object[] params = {};
  | 	String[] signature = {};
  | 
  | 	MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
  | 	server.invoke(jaasMgr, "reloadKeyAndTrustStore", params, signature);
  | 

I don't know, what reloadKeyAndTrustStore mbean method do, but I suppose, that it reloads cached keystores.

Well, result is - keystores does not reload if I invoke reloadKeyAndTrustStore either from my code or from jmx-console. Changes does not apply until restart jboss.


Can anybody help me with my configuration?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189733#4189733

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4189733

More information about the jboss-user mailing list