[Design of Security on JBoss] - Re: Security EJB2 and dependencies
by adrian@jboss.org
It's failing because this configuration simply cannot work in general:
| <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
| name="jboss.security:service=JaasSecurityDomain,domain=pooled-ssl">
| <constructor>
| <arg type="java.lang.String" value="pooled-ssl"/>
| </constructor>
| <attribute name="KeyStoreURL">resource:localhost.keystore</attribute>
| <attribute name="KeyStorePass">unit-tests-server</attribute>
| <attribute name="TrustStoreURL">resource:localhost.keystore</attribute>
| <attribute name="TrustStorePass">unit-tests-server</attribute>
| <attribute name="Salt">abcdefgh</attribute>
| <attribute name="IterationCount">13</attribute>
| <depends>jboss.security.tests:service=LoginConfig,policy=pooled-ssl</depends>
| </mbean>
|
| <mbean code="org.jboss.invocation.pooled.server.PooledInvoker"
| name="jboss:service=invoker,type=pooled,socketType=SSLSocketFactory,wantsClientAuth=true">
| <attribute name="NumAcceptThreads">1</attribute>
| <attribute name="MaxPoolSize">300</attribute>
| <attribute name="ClientMaxPoolSize">300</attribute>
| <attribute name="SocketTimeout">60000</attribute>
| <attribute name="ServerBindAddress">${jboss.bind.address}</attribute>
| <attribute name="ServerBindPort">0</attribute>
| <attribute name="ClientConnectAddress">${jboss.bind.address}</attribute>
| <attribute name="ClientConnectPort">0</attribute>
| <attribute name="ClientRetryCount">1</attribute>
| <attribute name="EnableTcpNoDelay">false</attribute>
|
| <!-- Customized socket factory attributes -->
| <attribute name="ClientSocketFactoryName">org.jboss.security.ssl.ClientSocketFactory</attribute>
| <attribute name="ServerSocketFactory"
| attributeClass="org.jboss.security.ssl.DomainServerSocketFactory"
| serialDataType="javaBean">
| <property name="bindAddress">${jboss.bind.address}</property>
| <property name="securityDomain">java:/jaas/pooled-ssl</property>
| <property name="wantsClientAuth">true</property>
| <property name="needsClientAuth">true</property>
| <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
| <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
| </attribute>
| <depends>jboss.security.tests:service=LoginConfig,policy=pooled-ssl</depends>
| </mbean>
|
| The server socket factory is being constructed during
| the PooledInvoker::CONFIGURE stage.
| But it requires the SecurityDomain to be in the STARTED state to work
| (it needs to be bound into JNDI).
|
| There's no way to express this dependency for this config.
|
| JBoss5 does have the option to do:
|
| | <attribute name="SecurityDomain"><inject bean="jboss.security:service=JaasSecurityDomain,domain=pooled-ssl"/></attribute>
| |
| which will do what is required.
|
| But the above example isn't configuring an mbean. It is configuring a POJO
| that is not managed by the MC which then gets set on the MBean.
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146161#4146161
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4146161
16 years, 5 months