4:22 p.m.
Hello:
I'm trying to use SSL, in particular WSRP over SSL. I want JBoss to be a portlet
provider and BEA AquaLogic to be the consumer of a portlet. I'm trying to demonstrate
that SSL from AquaLogic through to JBoss will work. I've done nothing so far with
AquaLogic, my question regards JBoss only. Without SSL, AquaLogic consumes the JBoss
portlet without problems (on non-default port 9080), but SSL is what I'm after now.
JBoss Portal Version: 2.6.2.GA, downloaded
JBoss AS Version: 4.2.1
OS Platform: RedHat Enterprise Linux 4, Update 5
Describe the problem:
SSL access into JBoss appears to work. I can get there by going to
http://localhost:8443/portal. However, the self producer is always inactive, and
validation on that producer fails. Furthermore, http://localhost:8443/jbossws/services
reveals: "There are currently no endpoints deployed". I've read the
documentation on using WSRP over SSL and followed the configuration steps:
- I Used keytool to generate a server certificate: cn=localhost, o=bits, ou=bits,
l=Dulles, st=VA, c=US
- I copied the keystore to server/default/conf
- I updated bin/run.conf with
-Djavax.net.ssl.trustStore="<fully/qualified/path/to/keystore>" and
| -Djavax.net.ssl.trustStorePassword="<password>"
- I configured an SSL/TLS connector in the tomcat
server/default/deploy/jboss-web.deployer/server.xml, as follows:
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
| maxThreads="150" scheme="https" secure="true"
| clientAuth="false" sslProtocol="TLS"
| keystoreFile="<fully/qualified/path/to/keystore>"
| keystorePass="<password>" />
|
- The server certificate has been imported into my browser (FF 2.0.0.12) as an authority.
- I've updated server/default/deploy/jboss-portal.sar/portal-wsrp.sar/WEB-INF/wsdl/ to
use http://localhost:8443 as the prefix for all 4 endpoints.
- I've updated server/default/deploy/jboss-portal.sar/portal-wsrp.sar/default-wsrp to
use http://localhost:8443 as prefix for all 4 endpoints.
- I added a JaasSecurityDomain mbean to server/default/conf/jboss-service.xml:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
| name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
| <constructor><arg type="java.lang.String"
value="RMI+SSL"/></constructor>
| <attribute
name="KeyStoreURL">fully/qualified/path/to/keystore</attribute>
| <attribute name="KeyStorePass">password</attribute>
| </mbean>
- I added another JRMPInvoker to jboss-service.xml:
<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
| name="jboss:service=invoker,type=jrmp,socketType=SSL">
| <attribute name="RMIObjectPort">14445</attribute>
| <attribute
name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
| <attribute
name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute>
| <attribute
name="SecurityDomain">java:/jaas/RMI+SSL</attribute>
|
<depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
| </mbean>
- I added an <invoker-proxy-binding> to server/default/conf/standardjboss.xml
<invoker-proxy-binding>
| <name>stateless-ssl-invoker</name>
|
<invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-name>
| <proxy-factory>org.jboss.proxy.ejbProxyFactory</proxy-factory>
| <proxy-factory-config>
| <client-interceptors>
| <home>
| <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
| <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
| <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
| <interceptor
call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
| <interceptor
call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
| </home>
| <bean>
|
<interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
| <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
| <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
| <interceptor
call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
| <interceptor
call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
| </bean>
| </client-interceptors>
| </proxy-factory-config>
| </invoker-proxy-binding>
- I added 2 lines to
server/default/deploy/jbossws.sar/jbossws.beans/META-INF/jboss-beans.xml:
<property name="webServiceSecurePort">8443</property>
| <property name="webServicePort">9080</property>
within the ServiceEndpointManager" bean
- The WSDLPortFixFilter is in place in
server/default/deploy/jboss-portal.sar/portal-wsrp.sar/WEB-INF/web.xml:
<filter>
| <filter-name>WSDLPortFixFilter</filter-name>
|
<filter-class>org.jboss.portal.wsrp.servlet.WSDLPortFixFilter</filter-class>
| </filter>
| <filter-mapping>
| <filter-name>WSDLPortFixFilter</filter-name>
| <url-pattern>/*</url-pattern>
| </filter-mapping>
I've restarted JBoss many times - no success - am I missing something?
Thanks in advance for your help,
Dan
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135788#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...