[jboss-user] [JBoss Remoting] New message: "Possible to define client truststore on server when using sslsocket transport?"

Ben Schofield do-not-reply at jboss.com
Tue Feb 23 22:07:59 EST 2010 

User development,

A new message was posted in the thread "Possible to define client truststore on server when using sslsocket transport?":

http://community.jboss.org/message/528080#528080

Author  : Ben Schofield
Profile : http://community.jboss.org/people/dbschofield

Message:
--------------------------------------------------------------
I am using JBoss Remoting 2.5.2 with JBoss EAP 5.0.  When using the sslsocket transport, is it possible to configure the location of the truststore used by the remoting client during the ssl handshake?  From what I have demonstrated to myself already the client will use the cacerts file or the truststore specified by the system property javax.net.ssl.trustStore.  Instead of using either of these truststores I would like to define on the server side which truststore (and truststore password) the client should use.  Is this possible?
 
I have configured both the socketFactory and serverSocketFactory properties of the Connector (xml bean configuration below).  I anticipated that the client would honor the socketFacotory setting but this doesn't seem to be the case.  Did some research and found the following in the remoting guide pdf.
 
5.7.4. Client side configuration from the JBoss Application Server
As described in sections Declarative configuration: MBeans and Declarative configuration: POJOs, the declarative
xml files used by the Application Server can be used to configure the client by way of the parameters included in
the InvokerLocator. However, a peculiarity in the way socket factories are created on the client restricts the parameters
taken into consideration to those passed in the configuration map passed to the
org.jboss.remoting.Client constructor. The following two parameters, introduced in releases 2.4.0.SP1 and
2.5.2, respectively, eliminate that restriction.
org.jboss.remoting.Remoting.SOCKET_FACTORY_NAME (actual value is 'socketFactory') - key for giving
the name of the socket factory class to be used by clients.
org.jboss.remoting.Remoting.USE_ALL_SOCKET_FACTORY_PARAMS (actual value is 'useAllSocketFactoryParams')
- key for indicating that all socket factory parameters in the InvokerLocator should be used by clients.
Note that the parameter org.jboss.remoting.Remoting.CONFIG_OVERRIDES_LOCATOR (actual value "configOverridesLocator"),
described in section org.jboss.remoting.Remoting, is also relevant.
 
I am not 100% these settings are what I need but would like to try them out.  Unfortunately I am not sure how to set these in a JBoss MicroContainer bean xml file.  Any insight on how to do this would be appreciated.
 
<deployment xmlns="urn:jboss:bean-deployer:2.0">
    <!--  We don't want the AOPDependencyBuilder  -->
    <annotation>@org.jboss.aop.microcontainer.annotations.DisableAOP</annotation>
  <!--
    JBoss Remoting Connector
    Note: Bean Name "org.jboss.ejb3.RemotingConnector" is used
    as a lookup value; alter only after checking java references
    to this key.
  -->
  <bean name="org.jboss.ejb3.RemotingConnector"
    class="org.jboss.remoting.transport.Connector">
 
    <property name="invokerLocator">
 
      <value-factory bean="ServiceBindingManager"
        method="getStringBinding">
        <parameter>
          jboss.remoting:type=Connector,name=DefaultEjb3Connector,handler=ejb3
        </parameter>
        <parameter>
          <null />
        </parameter>
         <parameter>sslsocket://${jboss.bind.address}:${port}</parameter>
        <parameter>
          <null />
        </parameter>
         <parameter>3873</parameter> 
      </value-factory>
 
    </property>
    <property name="serverConfiguration">
      <inject bean="ServerConfiguration" />
    </property>
 
    <property name="serverSocketFactory">
      <inject bean="sslServerSocketFactory" />
    </property>
 
    <property name="socketFactory">
      <inject bean="sslSocketFactory" />
    </property>
 
  </bean>
 
        <bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory">
                <constructor>
                         <!-- defines the keystore to use -->
                        <parameter><inject bean="jboss.security:service=JAAS-Security-Domain"/></parameter>
                </constructor>
        </bean>
        <bean name="sslSocketFactory" class="org.jboss.security.ssl.DomainSocketFactory">
                <constructor>
                         <!-- hopefully defines the truststore configured in the injected JaasSecurityDomain to be used by the client -->
                        <parameter><inject bean="jboss.security:service=JAAS-Security-Domain"/></parameter>
                </constructor>
        </bean>
 
 
 
  <!-- Remoting Server Configuration -->
  <bean name="ServerConfiguration"
    class="org.jboss.remoting.ServerConfiguration">
    <property name="invocationHandlers">
      <map keyClass="java.lang.String" valueClass="java.lang.String">
        <entry>
          <key>AOP</key>
          <value>
            org.jboss.aspects.remoting.AOPRemotingInvocationHandler
          </value>
        </entry>
      </map>
    </property>
  </bean>
 
</deployment>

--------------------------------------------------------------

To reply to this message visit the message page: http://community.jboss.org/message/528080#528080

More information about the jboss-user mailing list