[jboss-jira] [JBoss JIRA] Resolved: (JBREM-902) InvocationRequest need SSLSession for certificates and principal in sslsocket transport

ya xiang (JIRA) jira-events at lists.jboss.org
Mon Feb 11 17:39:03 EST 2008 

     [ http://jira.jboss.com/jira/browse/JBREM-902?page=all ]

ya xiang resolved JBREM-902.
----------------------------

    Resolution: Done

I checkouted sessionId and requestPalyload, and think it's safe processing in later.
So I patch this code:
676:
-         if (req.getRequestPayload() == null)
-            req.setRequestPayload(new HashMap());

-         req.getRequestPayload().put(Remoting.CLIENT_ADDRESS, clientAddress);

 +++
     try
      {
         // Make absolutely sure thread interrupted is cleared.
         Thread.interrupted();

         if(trace) { log.trace("about to call " + invoker + ".invoke()"); }

			Map payload = req.getRequestPayload();
			if (payload == null) {
				payload = new HashMap();
				req.setRequestPayload(payload);
			}
			payload.put(Remoting.CLIENT_ADDRESS, clientAddress);
			if (socketWrapper.socket instanceof SSLSocket)
				payload.put("SSLSession", ((SSLSocket) socketWrapper.getSocket()).getSession());

         // call transport on the subclass, get the result to handback
         resp = invoker.invoke(req);

         if(trace) { log.trace(invoker + ".invoke() returned " + resp); }
      }
      catch (Throwable ex)
      {
         resp = ex;
         isError = true;
         if (trace) log.trace(invoker + ".invoke() call failed", ex);
      }finally{
    	  req.getRequestPayload().remove("SSLSession");
      }


And in server invoker handlers, maybe write this code:
public Object invoke(InvocationRequest invocation) throws Throwable {
	SSLSession session= (SSLSession)invocation.getRequestPayload().get("SSLSession");
	System.out.println(session);
	System.out.println(session.getPeerPrincipal());
	return "success";
}
I run an example, seem to work fine.
Cheers.


> InvocationRequest need SSLSession for certificates and principal in sslsocket transport
> ---------------------------------------------------------------------------------------
>
>                 Key: JBREM-902
>                 URL: http://jira.jboss.com/jira/browse/JBREM-902
>             Project: JBoss Remoting
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: security
>            Reporter: ya xiang
>
> In a SSL context, there is a real need for check principal and certificates.
> There are ways to do this, but current jboss remoting not provide it, just provider socket remote address as sessionId. seems not enough.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list