[jboss-jira] [JBoss JIRA] Commented: (JGRP-372) TCP with SSL

Bela Ban (JIRA) jira-events at jboss.com
Mon Dec 4 11:45:55 EST 2006 

    [ http://jira.jboss.com/jira/browse/JGRP-372?page=comments#action_12348131 ] 
            
Bela Ban commented on JGRP-372:
-------------------------------

[Hal]
Unfortunately, it's written against the 2.4 base.  Also, I forgot to test
one branch and forgot the constructor modifications.  New sources are
attached.

The only mods are to move the construction of the socket connection wrappers
so this can be subclassed (to mods to methods, plus the addition of the two
methods).  I also had to modify two constructors along similar lines as the
NIO version of the connection table so that I could control the starting of
the connection table.  This modified two methods and added two which add the
boolean start variable.  The changes are really simple, though, and
hopefully should be obvious.

> TCP with SSL
> ------------
>
>                 Key: JGRP-372
>                 URL: http://jira.jboss.com/jira/browse/JGRP-372
>             Project: JGroups
>          Issue Type: Feature Request
>    Affects Versions: 2.4
>            Reporter: Bela Ban
>         Assigned To: Bela Ban
>             Fix For: 2.5
>
>         Attachments: tcp_ssl.jar
>
>
> From Hal Hildebrand:
> Here's the straight TCP version, as I am still working on the handshake
> implementation for the TCP_NIO_SSL protocol.  This protocol stack element
> provides security and authentication (using client side authentication) for
> a JGroups TCP stack.
> Like the NIO version, this required four minor modifications in the
> ConnectionTable class.  These modifications allow one to subclass to create
> a connection table which uses SSL for the connections.  Finally, there is a
> new protocol stack element, TCP_SSL, which one can add to a stack to make
> use of it.
> As with my previous request, it would be nice to have the changes to
> ConnectionTable make it into the mainline, as I currently have to overwrite
> the original class to easily implement this.  The mods are simple and
> innocuous (marked with "HSH").
> Right now, the TCP_SSL needs to be configured with an SSLContext.  I didn't
> bother with integrating with the normal JGroups mechanism using properties
> from the configuration because I consider it inherently insecure to ensconce
> my passwords in configuration files, but the changes to enable this are
> straight forward.  Currently, to configure the factory for the protocol
> layer, do something like the following before connecting your channel:
>     // Construct your Jchannel
>     JChannel jchannel = ...
>     //  Access your protocol stack
>     ProtocolStack protocolStack = jchannel.getProtocolStack();
>     // Retrieve the TCP_SSL protocol layer
>     TCP_SSL protocol = (TCP_SSL) protocolStack.findProtocol("TCP_SSL");
>     
>     // Create your SSLContext
>     SSLContext sslContext = ....
>     // Set up the protocol
>     protocol.setSslContext(sslContext);
>     // Connect your channel
>     jchannel.connnect("my-group");
> Cheers.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list