[jboss-dev-forums] [Design of Security on JBoss] - Re: Security EJB2 and dependencies
It's failing because this configuration simply cannot work in general:
| <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
|
name="jboss.security:service=JaasSecurityDomain,domain=pooled-ssl">
| <constructor>
| <arg type="java.lang.String" value="pooled-ssl"/>
| </constructor>
| <attribute
name="KeyStoreURL">resource:localhost.keystore</attribute>
| <attribute
name="KeyStorePass">unit-tests-server</attribute>
| <attribute
name="TrustStoreURL">resource:localhost.keystore</attribute>
| <attribute
name="TrustStorePass">unit-tests-server</attribute>
| <attribute name="Salt">abcdefgh</attribute>
| <attribute name="IterationCount">13</attribute>
|
<depends>jboss.security.tests:service=LoginConfig,policy=pooled-ssl</depends>
| </mbean>
|
| <mbean code="org.jboss.invocation.pooled.server.PooledInvoker"
|
name="jboss:service=invoker,type=pooled,socketType=SSLSocketFactory,wantsClientAuth=true">
| <attribute name="NumAcceptThreads">1</attribute>
| <attribute name="MaxPoolSize">300</attribute>
| <attribute name="ClientMaxPoolSize">300</attribute>
| <attribute name="SocketTimeout">60000</attribute>
| <attribute
name="ServerBindAddress">${jboss.bind.address}</attribute>
| <attribute name="ServerBindPort">0</attribute>
| <attribute
name="ClientConnectAddress">${jboss.bind.address}</attribute>
| <attribute name="ClientConnectPort">0</attribute>
| <attribute name="ClientRetryCount">1</attribute>
| <attribute name="EnableTcpNoDelay">false</attribute>
|
| <!-- Customized socket factory attributes -->
| <attribute
name="ClientSocketFactoryName">org.jboss.security.ssl.ClientSocketFactory</attribute>
| <attribute name="ServerSocketFactory"
| attributeClass="org.jboss.security.ssl.DomainServerSocketFactory"
| serialDataType="javaBean">
| <property
name="bindAddress">${jboss.bind.address}</property>
| <property
name="securityDomain">java:/jaas/pooled-ssl</property>
| <property name="wantsClientAuth">true</property>
| <property name="needsClientAuth">true</property>
| <property
name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
| <property
name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
| </attribute>
|
<depends>jboss.security.tests:service=LoginConfig,policy=pooled-ssl</depends>
| </mbean>
|
| The server socket factory is being constructed during
| the PooledInvoker::CONFIGURE stage.
| But it requires the SecurityDomain to be in the STARTED state to work
| (it needs to be bound into JNDI).
|
| There's no way to express this dependency for this config.
|
| JBoss5 does have the option to do:
|
| | <attribute name="SecurityDomain"><inject
bean="jboss.security:service=JaasSecurityDomain,domain=pooled-ssl"/></attribute>
| |
| which will do what is required.
|
| But the above example isn't configuring an mbean. It is configuring a POJO
| that is not managed by the MC which then gets set on the MBean.
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146161#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...