renz13 [
https://community.jboss.org/people/renz13] created the discussion
"Re: Remoting with SSL and Cipher Suite"
To view the discussion, visit:
https://community.jboss.org/message/743154#743154
--------------------------------------------------------------
I don't understand why do you say they are "completely unrelated" (my
english is not so good, maybe i've not explain correctly my problem)?
For the moment I'm using security-realm to manage athentication/authorization of my
remote ejb client.
I use a database to store login/password and roles and use ssl to secure and identify my
server.
Here is a part of my standalone.xml, which is working :
....
<security-realm name="myRealm">
<server-identities>
<ssl>
<keystore path="server.keystore"
relative-to="jboss.server.config.dir" password="pass"/>
</ssl>
</server-identities>
<authentication>
<jaas name="myDomain"/>
</authentication>
</security-realm>
......
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting"
security-realm="AreaFseRealm"/>
</subsystem>
.....
<security-domain name="myDomain" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
<login-module code="Database" flag="required">
<module-option name="dsJndiName"
value="java:jboss/datasources/myDS"/>
<module-option name="principalsQuery" value="SELECT pass
FROM user WHERE username=?"/>
<module-option name="rolesQuery" value="SELECT r.roles,
'Roles' FROM role r INNER JOIN user u USING (id_user) WHERE
u.username=?"/>
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
What I try to add now is :
- client certificate authentication (with revocation check) : clients certificates are
delivered by a CA. I have the CA certificate and I can download CRL => Maybe i've
to code my own TrustManager or something else
- use one of this cipher (i'm developping both client and server side) :
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA
=> If it's not possible, how can I know the cipher used by default?
I thought this could be done in the <jsse> element looking at
https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration
https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/743154#743154]
Start a new discussion in JBoss AS 7 Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]