[Jboss-cvs] JBossAS SVN: r55977 - trunk/ejb3/docs/tutorial/ssl
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Aug 16 05:48:30 EDT 2006
Author: wolfc
Date: 2006-08-16 05:48:23 -0400 (Wed, 16 Aug 2006)
New Revision: 55977
Modified:
trunk/ejb3/docs/tutorial/ssl/
trunk/ejb3/docs/tutorial/ssl/build.xml
trunk/ejb3/docs/tutorial/ssl/ssl.html
Log:
ssl tutorial
Property changes on: trunk/ejb3/docs/tutorial/ssl
___________________________________________________________________
Name: svn:ignore
+ build
Modified: trunk/ejb3/docs/tutorial/ssl/build.xml
===================================================================
--- trunk/ejb3/docs/tutorial/ssl/build.xml 2006-08-16 09:11:22 UTC (rev 55976)
+++ trunk/ejb3/docs/tutorial/ssl/build.xml 2006-08-16 09:48:23 UTC (rev 55977)
@@ -8,7 +8,8 @@
<property file="../local.properties"/> <property environment="env"/>
<property name="src.dir" value="${basedir}/src"/>
- <property name="jboss.home" value="${env.JBOSS_HOME}"/> <property name="jboss.server.config" value="default"/>
+ <property name="jboss.home" value="${env.JBOSS_HOME}"/>
+ <property name="jboss.server.config" value="default"/>
<property name="build.dir" value="${basedir}/build"/>
<property name="build.classes.dir" value="${build.dir}/classes"/>
@@ -61,8 +62,8 @@
<include name="**/*.class"/>
</fileset>
<fileset dir=".">
- <include name="ssl-service.xml"/>
- <include name="localhost.keystore"/>
+ <!--include name="ssl-service.xml"/-->
+ <!--include name="localhost.keystore"/-->
<include name="*.properties"/>
</fileset>
</jar>
@@ -71,7 +72,7 @@
<target name="run" depends="ejbjar">
<java classname="org.jboss.tutorial.ssl.client.Client" fork="yes" dir=".">
- <jvmarg line="-Djavax.net.ssl.trustStore=./localhost.truststore -Djavax.net.ssl.trustStorePassword=opensource"/>
+ <jvmarg line="-Djavax.net.ssl.trustStore=${jboss.home}/server/${jboss.server.config}/conf/localhost.truststore -Djavax.net.ssl.trustStorePassword=opensource"/>
<classpath refid="classpath"/>
</java>
</target>
Modified: trunk/ejb3/docs/tutorial/ssl/ssl.html
===================================================================
--- trunk/ejb3/docs/tutorial/ssl/ssl.html 2006-08-16 09:11:22 UTC (rev 55976)
+++ trunk/ejb3/docs/tutorial/ssl/ssl.html 2006-08-16 09:48:23 UTC (rev 55977)
@@ -1,12 +1,115 @@
<html>
+<head>
+<title>EJB3 SSL Tutorial</title>
+</head>
<body>
<p>
-<h2> Invoking EJBs through SSL</h2>
+<h2>Invoking EJBs through SSL</h2>
+This tutorial shows you how to invoke remote EJBs through a SSL connection.
</p><p>
+Setting up SSL for use in EJB3 involves creating a keystore and making sure the correct transport is available in the EJB3 configuration.
+After which you only have to use the RemoteBinding annotation with a clientBindUrl to make sure the bean is called through SSL.
+</p><p>
+This tutorial assumes you've setup JBoss 4.0.4.GA with EJB3 support. Make sure the enviroment variable JBOSS_HOME refers to the
+installation directory.
+<br/><i>TODO: simple SSL remoting doesn't work in 4.0.4.GA, only advanced.</i>
+</p><p>
+<h4>Creating a keystore</h4>
+For SSL to work we need to create a public/private key pair, which will be stored in a keystore. Generate this using the <tt class="literal">genkey</tt> command that comes with the JDK.
+<pre class="programlisting">
+ $ cd $JBOSS_HOME/server/default/conf/
+ $ keytool -genkey -alias ejb3-ssl -keypass opensource -keystore localhost.keystore
+ Enter keystore password: opensource
+ What is your first and last name?
+ [Unknown]:
+ What is the name of your organizational unit?
+ [Unknown]:
+ What is the name of your organization?
+ [Unknown]:
+ What is the name of your City or Locality?
+ [Unknown]:
+ What is the name of your State or Province?
+ [Unknown]:
+ What is the two-letter country code for this unit?
+ [Unknown]:
+ Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
+ [no]: yes
+</pre>
+</p><p>
+Since we have not signed our certificate through any certification authoritiy, we also need to create a truststore for the client,
+explicitly saying that we trust the certificate we just created. The first step is to export the certificate using the JDK keytool:
+<pre class="programlisting">
+ $ keytool -export -alias ejb3-ssl -file mycert.cer -keystore localhost.keystore
+ Enter keystore password: opensource
+ Certificate stored in file <mycert.cer>
+
+</pre>
+</p><p>
+Then we need to create the truststore if it does not exist and import the certificate into the trueststore:
+<pre class="programlisting">
+ $ keytool -import -alias ejb3-ssl -file mycert.cer -keystore localhost.truststore
+ Enter keystore password: opensource
+ Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
+ Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
+ Serial number: 43bff927
+ Valid from: Sat Jan 07 18:23:51 CET 2006 until: Fri Apr 07 19:23:51 CEST 2006
+ Certificate fingerprints:
+ MD5: CF:DC:71:A8:F4:EA:8F:5A:E9:94:E3:E6:5B:A9:C8:F3
+ SHA1: 0E:AD:F3:D6:41:5E:F6:84:9A:D1:54:3D:DE:A9:B2:01:28:F6:7C:26
+ Trust this certificate? [no]: yes
+ Certificate was added to keystore
+</pre>
+</p><p>
+<h4>Setting up the transport</h4>
+To setup the transport open $JBOSS_HOME/server/default/deploy/ejb3.deployer/META-INF/jboss-service.xml in your favorite text editor.
+Add the following mbean to it:
+<pre>
+ <mbean code="org.jboss.remoting.transport.Connector"
+ name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
+ <depends>jboss.aop:service=AspectDeployer</depends>
+ <attribute name="InvokerLocator">sslsocket://0.0.0.0:3843</attribute>
+ <attribute name="Configuration">
+ <handlers>
+ <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
+ </handlers>
+ </attribute>
+ </mbean>
+</pre>
+</p><p>
+<h4>Starting JBoss</h4>
+We need to tell JBoss Remoting where to find the keystore to be used for SSl and its password. This is done using the
+<tt class="literal">javax.net.ssl.keyStore</tt> and <tt class="literal">javax.net.ssl.keyStorePassword=opensource</tt> system properties when starting JBoss, as the
+following example shows:
+<pre class="programlisting">
+ $ cd $JBOSS_HOME/bin
+ $ ./run.sh -Djavax.net.ssl.keyStore=../server/default/conf/localhost.keystore -Djavax.net.ssl.keyStorePassword=opensource
+</pre>
+</p><p>
+<h4>Creating your beans</h4>
+Create your EJBs as usual and add the following annotation to bind it to the SSL invoker.
+<pre>
+ at RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843")
+</pre>
+For the purpose this tutorial an example bean is provided (see src/org/jboss/tutorial/ssl/bean/CalculatorBean.java).
+To compile and deploy the example simple execute <tt class="literal">ant ejbjar</tt>.
+</p><p>
+<h4>Running your client</h4>
+While making sure all the correct libraries are on the classpath we can run the provided client.
+<pre class="programlisting">
+ $ java -Djavax.net.ssl.trustStore=$JBOSS_HOME/server/default/conf/localhost.truststore -Djavax.net.ssl.trustStorePassword=opensource org.jboss.tutorial.ssl.client.Client
+</pre>
+Or better yet, just run <tt class="literal">ant run</tt>.
+<h4>OLD</h4>
If you build the tutorial, an ejb jar is created with ssl-service.xml and the local.keystore file. The ssl-service.xml sets up a JAAS security manager to manage the SSL keystore. This is documented pretty well in the JBoss 4.x manual. ssl-service.xml also defines a JBoss Remoting connector. The CalculatorBean EJB, uses the @RemoteBinding annotation to bind the SSL connector to the EJB. The client has define the truststore used be the client.
</p><p>
<i>TODO: better explanation here!</i>
+</p><p>
+<h4>References</h4>
+<ul>
+<li><a href="http://docs.jboss.org/ejb3/app-server/reference/build/reference/en/html/transport.html">JBoss EJB3 Reference, Chapter 9. Transports</a></li>
+<li><a href="http://labs.jboss.com/portal/jbossremoting/docs/guide/ch05.html">JBoss Remoting Guide, Chapter 5. Configuration</a></li>
+</ul>
</p>
</body>
</html>
More information about the jboss-cvs-commits
mailing list