[jboss-user] [JNDI and Naming] - JNDI over SSL Naming problem

Elad o do-not-reply at jboss.com
Mon Jan 7 04:55:46 EST 2013


Elad o [https://community.jboss.org/people/pfennig] created the discussion

"JNDI over SSL Naming problem"

To view the discussion, visit: https://community.jboss.org/message/788699#788699

--------------------------------------------------------------
Hi everyone and thanks to anyone reading this post.

I've been struggling a few days, trying to change the communication of my client-server JNDI lookup from http to https.
I'm using JBoss 4.2.0 and upgrading it is currently not an option.

What I did in the client is to change the url as advised in the jboss manual. 

|  |  | 
 |
|  |  | System.setProperty("javax.net.ssl.trustStore", "C:/Program Files (x86)/localhost.truststore"); |
|  |  | System.setProperty("javax.net.ssl.trustStoreType", "JKS"); |
|  |  | System.setProperty("javax.net.ssl.trustStorePassword", "opensource"); |  |  |
|  |  | System.setProperty(HTTPSClientInvoker.IGNORE_HTTPS_HOST,"true"); |
|  |  |  |
|  |  | jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory"); |
|  |  | 
 |
|  |  | jndiProperties.put(Context.PROVIDER_URL, "https://"+serverIp+":8443/invoker/JNDIFactory"

|  |  | final Context context = new InitialContext(jndiProperties); |
|  |  |  |
|  |  | T facade = (T) context.lookup(facadeName); |
|  |  | return facade; |
 |

previously the url was: 
jndiProperties.put(Context.PROVIDER_URL, "jnp://"+serverIp+":1099");
and the contextfactory was
jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");

the serverIp is the real server the user enters. I don't want to use a network host name since I don't have a dns server in my server.

I didn't have any problem with the jnp url and the jnp naming factory, but when I try the access over SSL, the Jboss code in 
HTTPNamingContextFactory.getNamingServer(URL providerURL) overrides my ip with a host name the client doesn't recognize.
It does some marshalling from the server and takes the first host entry which is defined in my linux server hosts file.
The HttpInvokerProxy does that eventually by writing the externalURLValue from the server, which is:
 https://myhost:8443/invoker/JMXInvokerServlet https://myhost:8443/invoker/JMXInvokerServlet. 

My client doesn't know what to do with this "myhost", it needs the real ip of the server, which I initially provide in the JNDI properties in the client.
The only thing I was able to do is edit the hosts file in the client windows system hosts file, and add an entry myhosts with the real ip, but this is of course 
not a solution for a production environment, since I can't ask my user to make such modifications. 

So I get this exception in the client:
javax.naming.CommunicationException: Operation failed [Root exception is java.rmi.ServerException: IOE; nested exception is: 
    java.net.UnknownHostException: myhost

My server's deploy/http-invoker.sar/META-INF/jboss-service.xml is below, if I try to set useHostName to false, then the localhost ip would be used
127.0.0.1 instead of myhost, which isn't any helpful, since I just need to keep my initially provided ip.

I'm a newbee to JBoss so I will appreciate any answer as to what am I doing wrong, and how can I resolve this without upgrade of JBOSS.

Thank You

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server>
<!-- $Id: jboss-service.xml 26202 2004-11-29 16:54:36Z starksm $ -->

<server>

  <!-- The HTTP invoker service configration
  -->
  <mbean code="org.jboss.invocation.http.server.HttpInvoker"
    name="jboss:service=invoker,type=https">
     <!-- Use a URL of the form  http:// http://<hostname>:8080/invoker/EJBInvokerServlet
      where <hostname> is InetAddress.getHostname value on which the server
      is running.
      -->
     <attribute name="InvokerURLPrefix"> https:// https://</attribute>
     <attribute name="InvokerURLSuffix">:${https.port}/invoker/EJBInvokerServlet</attribute>
     <attribute name="UseHostName">true</attribute>
  </mbean>

   <!-- Expose the Naming service interface via HTTP -->
   <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
      name="jboss:service=invoker,type=http,target=Naming">
      <!-- The Naming service we are proxying -->
      <attribute name="InvokerName">jboss:service=Naming</attribute>
      <!-- Compose the invoker URL from the cluster node address -->
      <attribute name="InvokerURLPrefix"> https:// https://</attribute>
      <attribute name="InvokerURLSuffix">:${https.port}/invoker/JMXInvokerServlet</attribute>
      <attribute name="UseHostName">true</attribute>
      <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
      <attribute name="JndiName"></attribute>
      <attribute name="ClientInterceptors">
          <interceptors>
             <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
             <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
             <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
             <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
          </interceptors>
      </attribute>
   </mbean>

   <!-- Expose the Naming service interface via clustered HTTP. This maps
   to the ReadOnlyJNDIFactory servlet URL
   -->
   <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
      name="jboss:service=invoker,type=http,target=Naming,readonly=true">
      <attribute name="InvokerName">jboss:service=Naming</attribute>
      <attribute name="InvokerURLPrefix"> http:// http://</attribute>
      <attribute name="InvokerURLSuffix">:8080/invoker/readonly/JMXInvokerServlet</attribute>
      <attribute name="UseHostName">true</attribute>
      <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
      <attribute name="JndiName"></attribute>
      <attribute name="ClientInterceptors">
          <interceptors>
             <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
             <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
             <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
             <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
          </interceptors>
      </attribute>
   </mbean>
</server>
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/788699#788699]

Start a new discussion in JNDI and Naming at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2083]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20130107/db18b517/attachment-0001.html 


More information about the jboss-user mailing list