[jboss-dev-forums] [Design of Security on JBoss] - Re: Security EJB2 and dependencies

[adrian@jboss.org]

It's failing because this configuration simply cannot work in general:


  |    <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  |       name="jboss.security:service=JaasSecurityDomain,domain=pooled-ssl">
  |       <constructor>
  |          <arg type="java.lang.String" value="pooled-ssl"/>
  |       </constructor>
  |       <attribute name="KeyStoreURL">resource:localhost.keystore</attribute>
  |       <attribute name="KeyStorePass">unit-tests-server</attribute>
  |       <attribute name="TrustStoreURL">resource:localhost.keystore</attribute>
  |       <attribute name="TrustStorePass">unit-tests-server</attribute>
  |       <attribute name="Salt">abcdefgh</attribute>
  |       <attribute name="IterationCount">13</attribute>
  |       <depends>jboss.security.tests:service=LoginConfig,policy=pooled-ssl</depends>
  |    </mbean>
  | 
  |    <mbean code="org.jboss.invocation.pooled.server.PooledInvoker"
  |       name="jboss:service=invoker,type=pooled,socketType=SSLSocketFactory,wantsClientAuth=true">
  |       <attribute name="NumAcceptThreads">1</attribute>
  |       <attribute name="MaxPoolSize">300</attribute>
  |       <attribute name="ClientMaxPoolSize">300</attribute>
  |       <attribute name="SocketTimeout">60000</attribute>
  |       <attribute name="ServerBindAddress">${jboss.bind.address}</attribute>
  |       <attribute name="ServerBindPort">0</attribute>
  |       <attribute name="ClientConnectAddress">${jboss.bind.address}</attribute>
  |       <attribute name="ClientConnectPort">0</attribute>
  |       <attribute name="ClientRetryCount">1</attribute>
  |       <attribute name="EnableTcpNoDelay">false</attribute>
  | 
  |       <!-- Customized socket factory attributes -->
  |       <attribute name="ClientSocketFactoryName">org.jboss.security.ssl.ClientSocketFactory</attribute>
  |       <attribute name="ServerSocketFactory"
  |          attributeClass="org.jboss.security.ssl.DomainServerSocketFactory"
  |          serialDataType="javaBean">
  |         <property name="bindAddress">${jboss.bind.address}</property>
  |         <property name="securityDomain">java:/jaas/pooled-ssl</property>
  |         <property name="wantsClientAuth">true</property>
  |         <property name="needsClientAuth">true</property>
  |          <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
  |          <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
  |       </attribute>
  |       <depends>jboss.security.tests:service=LoginConfig,policy=pooled-ssl</depends>
  |    </mbean>
  | 
  | The server socket factory is being constructed during 
  | the PooledInvoker::CONFIGURE stage.
  | But it requires the SecurityDomain to be in the STARTED state to work
  | (it needs to be bound into JNDI).
  | 
  | There's no way to express this dependency for this config.
  | 
  | JBoss5 does have the option to do:
  | 
  |   |     <attribute name="SecurityDomain"><inject bean="jboss.security:service=JaasSecurityDomain,domain=pooled-ssl"/></attribute>
  |   | 
  | which will do what is required.
  | 
  | But the above example isn't configuring an mbean. It is configuring a POJO
  | that is not managed by the MC which then gets set on the MBean.
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146161#4146161

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4146161