3:55 a.m.
Elad o [https://community.jboss.org/people/pfennig] created the discussion
"JNDI over SSL Naming problem"
To view the discussion, visit: https://community.jboss.org/message/788699#788699
--------------------------------------------------------------
Hi everyone and thanks to anyone reading this post.
I've been struggling a few days, trying to change the communication of my
client-server JNDI lookup from http to https.
I'm using JBoss 4.2.0 and upgrading it is currently not an option.
What I did in the client is to change the url as advised in the jboss manual.
| | |
|
| | | System.setProperty("javax.net.ssl.trustStore", "C:/Program Files
(x86)/localhost.truststore"); |
| | | System.setProperty("javax.net.ssl.trustStoreType", "JKS"); |
| | | System.setProperty("javax.net.ssl.trustStorePassword",
"opensource"); | | |
| | | System.setProperty(HTTPSClientInvoker.IGNORE_HTTPS_HOST,"true"); |
| | | |
| | | jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.naming.HttpNamingContextFactory"); |
| | |
|
| | | jndiProperties.put(Context.PROVIDER_URL,
"https://"+serverIp+":8443/invoker/JNDIFactory"
| | | final Context context = new InitialContext(jndiProperties); |
| | | |
| | | T facade = (T) context.lookup(facadeName); |
| | | return facade; |
|
previously the url was:
jndiProperties.put(Context.PROVIDER_URL, "jnp://"+serverIp+":1099");
and the contextfactory was
jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jnp.interfaces.NamingContextFactory");
the serverIp is the real server the user enters. I don't want to use a network host
name since I don't have a dns server in my server.
I didn't have any problem with the jnp url and the jnp naming factory, but when I try
the access over SSL, the Jboss code in
HTTPNamingContextFactory.getNamingServer(URL providerURL) overrides my ip with a host name
the client doesn't recognize.
It does some marshalling from the server and takes the first host entry which is defined
in my linux server hosts file.
The HttpInvokerProxy does that eventually by writing the externalURLValue from the server,
which is:
https://myhost:8443/invoker/JMXInvokerServlet
https://myhost:8443/invoker/JMXInvokerServlet.
My client doesn't know what to do with this "myhost", it needs the real ip
of the server, which I initially provide in the JNDI properties in the client.
The only thing I was able to do is edit the hosts file in the client windows system hosts
file, and add an entry myhosts with the real ip, but this is of course
not a solution for a production environment, since I can't ask my user to make such
modifications.
So I get this exception in the client:
javax.naming.CommunicationException: Operation failed [Root exception is
java.rmi.ServerException: IOE; nested exception is:
java.net.UnknownHostException: myhost
My server's deploy/http-invoker.sar/META-INF/jboss-service.xml is below, if I try to
set useHostName to false, then the localhost ip would be used
127.0.0.1 instead of myhost, which isn't any helpful, since I just need to keep my
initially provided ip.
I'm a newbee to JBoss so I will appreciate any answer as to what am I doing wrong, and
how can I resolve this without upgrade of JBOSS.
Thank You
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server>
<!-- $Id: jboss-service.xml 26202 2004-11-29 16:54:36Z starksm $ -->
<server>
<!-- The HTTP invoker service configration
-->
<mbean code="org.jboss.invocation.http.server.HttpInvoker"
name="jboss:service=invoker,type=https">
<!-- Use a URL of the form http://
http://<hostname>:8080/invoker/EJBInvokerServlet
where <hostname> is InetAddress.getHostname value on which the server
is running.
-->
<attribute name="InvokerURLPrefix"> https://
https://</attribute>
<attribute
name="InvokerURLSuffix">:${https.port}/invoker/EJBInvokerServlet</attribute>
<attribute name="UseHostName">true</attribute>
</mbean>
<!-- Expose the Naming service interface via HTTP -->
<mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
name="jboss:service=invoker,type=http,target=Naming">
<!-- The Naming service we are proxying -->
<attribute
name="InvokerName">jboss:service=Naming</attribute>
<!-- Compose the invoker URL from the cluster node address -->
<attribute name="InvokerURLPrefix"> https://
https://</attribute>
<attribute
name="InvokerURLSuffix">:${https.port}/invoker/JMXInvokerServlet</attribute>
<attribute name="UseHostName">true</attribute>
<attribute
name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
<attribute name="JndiName"></attribute>
<attribute name="ClientInterceptors">
<interceptors>
<interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
<interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
</interceptors>
</attribute>
</mbean>
<!-- Expose the Naming service interface via clustered HTTP. This maps
to the ReadOnlyJNDIFactory servlet URL
-->
<mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
name="jboss:service=invoker,type=http,target=Naming,readonly=true">
<attribute
name="InvokerName">jboss:service=Naming</attribute>
<attribute name="InvokerURLPrefix"> http://
http://</attribute>
<attribute
name="InvokerURLSuffix">:8080/invoker/readonly/JMXInvokerServlet</attribute>
<attribute name="UseHostName">true</attribute>
<attribute
name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
<attribute name="JndiName"></attribute>
<attribute name="ClientInterceptors">
<interceptors>
<interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
<interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
</interceptors>
</attribute>
</mbean>
</server>
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/788699#788699]
Start a new discussion in JNDI and Naming at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&...]
4425
days inactive
4425
days old
0 comments
1 participants
participants (1)
-
Elad o