[jboss-user] [EJB 3.0] - Re: SSL EJB 3.0 invocation 4.0.5.GA
paul_da_programmer
do-not-reply at jboss.com
Tue Aug 14 10:31:24 EDT 2007
ok...I took a step back and tried option 1 from above:
http://docs.jboss.org/jbossas/jboss4guide/r3/html/ch8.chapter.html#d0e20905
I now have a more managable issue (I think)
The client is now giving me the dreaded
javax.net.ssl.SSLHandshakeException:
I followed the instructions above to create the client and server certificates.
Is there anything specific I need to do to allow another JBoss server to be a client of the SSL EJB? All of the examples seem to assume the client is a J2SE app.
As far as following the instructions above I added this to server/conf/jboss.xml
| <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
| name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
| <constructor>
| <arg type="java.lang.String" value="RMI+SSL"/>
| </constructor>
| <attribute name="KeyStoreURL">C:/Paul/apps/jboss-4.0.5.GA/server/DC_DEVL/conf/serverKeys</attribute>
| <attribute name="KeyStorePass">xxx+123</attribute>
| </mbean>
|
| <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
| name="jboss:service=invoker,type=jrmp,socketType=SSL">
| <attribute name="RMIObjectPort">14445</attribute>
| <attribute name="RMIClientSocketFactory">
| org.jboss.security.ssl.RMISSLClientSocketFactory
| </attribute>
| <attribute name="RMIServerSocketFactory">
| org.jboss.security.ssl.RMISSLServerSocketFactory
| </attribute>
| <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute>
| <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
| </mbean>
|
I created jboss.xml file and placed it in the conf directory. It contains:
| <?xml version="1.0"?>
|
| <jboss>
| <enterprise-beans>
| <session>
| <ejb-name>*</ejb-name>
| <configuration-name>Standard Stateless SessionBean</configuration-name>
| <invoker-bindings>
| <invoker>
| <invoker-proxy-binding-name>stateless-ssl-invoker</invoker-proxy-binding-name>
| </invoker>
| </invoker-bindings>
| </session>
| </enterprise-beans>
|
| <invoker-proxy-bindings>
| <invoker-proxy-binding>
| <name>stateless-ssl-invoker</name>
| <invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-mbean>
| <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
| <proxy-factory-config>
| <client-interceptors>
| <home>
| <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
| <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
| <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
| <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
| </home>
| <bean>
| <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
| <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
| <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
| <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
| </bean>
| </client-interceptors>
| </proxy-factory-config>
| </invoker-proxy-binding>
| </invoker-proxy-bindings>
| </jboss>
|
I did NOT modify server/deploy/ejb3.deployer/META-INF/jboss-service.xml
as that was only mentioned in option 1 above
Here's the stack trace:
| at com.abccorp.abcdiv.dcsynchronizer.services.impl.DCSynchronizerImpl.processPendingRecords(DCSynchronizerImpl.java:457)
| at com.abccorp.abcdiv.dcsynchronizer.services.impl.DCSynchronizerImpl.sync(DCSynchronizerImpl.java:305)
| at com.abccorp.abcdiv.tap.worker.WorkerBean.processMessage(WorkerBean.java:351)
| at com.abccorp.abcdiv.tap.worker.WorkerBean.onMessage(WorkerBean.java:288)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
| at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
| at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:46)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.tx.BMTInterceptor.handleStateless(BMTInterceptor.java:71)
| at org.jboss.ejb3.tx.BMTInterceptor.invoke(BMTInterceptor.java:131)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.mdb.MessagingContainer.localInvoke(MessagingContainer.java:245)
| at org.jboss.ejb3.mdb.inflow.MessageInflowLocalProxy.delivery(MessageInflowLocalProxy.java:268)
| at org.jboss.ejb3.mdb.inflow.MessageInflowLocalProxy.invoke(MessageInflowLocalProxy.java:138)
| at $Proxy122.onMessage(Unknown Source)
| at org.jboss.resource.adapter.jms.inflow.JmsServerSession.onMessage(JmsServerSession.java:183)
| at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:905)
| at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:170)
| at org.jboss.mq.SpySession.run(SpySession.java:323)
| at org.jboss.resource.adapter.jms.inflow.JmsServerSession.run(JmsServerSession.java:249)
| at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:204)
| at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:275)
| at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743)
| at java.lang.Thread.run(Thread.java:595)
| Caused by: org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection.
| at org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:267)
| at org.jboss.remoting.RemoteClientInvoker.invoke(RemoteClientInvoker.java:143)
| at org.jboss.remoting.Client.invoke(Client.java:525)
| at org.jboss.remoting.Client.invoke(Client.java:488)
| at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:55)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:77)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:102)
| at $Proxy123.publishEvents(Unknown Source)
| at com.abccorp.abcdiv.server.dc.api.impl.remote.RemoteClientEventAPI.publishEvents(RemoteClientEventAPI.java:35)
| at com.abccorp.abcdiv.dcsynchronizer.services.impl.DCSynchronizerImpl.processPendingRecords(DCSynchronizerImpl.java:427)
| ... 33 more
| Caused by: java.lang.reflect.InvocationTargetException
| at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
| at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
| at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
| at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
| at org.jboss.remoting.transport.socket.SocketClientInvoker.createClientSocket(SocketClientInvoker.java:518)
| at org.jboss.remoting.transport.socket.SocketClientInvoker.getConnection(SocketClientInvoker.java:485)
| at org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:263)
| ... 48 more
| Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
| at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
| at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:678)
| at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
| at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
| at java.io.BufferedInputStream.read1(BufferedInputStream.java:256)
| at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
| at java.io.ObjectInputStream$PeekInputStream.read(ObjectInputStream.java:2213)
| at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2226)
| at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2694)
| at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:761)
| at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
| at org.jboss.remoting.loading.ObjectInputStreamWithClassLoader.<init>(ObjectInputStreamWithClassLoader.java:73)
| at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.createInput(JavaSerializationManager.java:52)
| at org.jboss.remoting.transport.socket.ClientSocketWrapper.createInputStream(ClientSocketWrapper.java:83)
| at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:76)
| at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:54)
| ... 55 more
| Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
| at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
| at sun.security.validator.Validator.validate(Validator.java:203)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
| at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
| ... 75 more
| Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
| at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
| ... 80 more
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4074049#4074049
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4074049
More information about the jboss-user
mailing list