[jboss-user] [JBoss Portal] - Unable to use WSRP over SSL for self producer

dkc do-not-reply at jboss.com
Tue Mar 11 17:22:42 EDT 2008 

Hello:
I'm trying to use SSL, in particular WSRP over SSL.  I want JBoss to be a portlet provider and BEA AquaLogic to be the consumer of a portlet.  I'm trying to demonstrate that SSL from AquaLogic through to JBoss will work.  I've done nothing so far with AquaLogic, my question regards JBoss only.  Without SSL, AquaLogic consumes the JBoss portlet without problems (on non-default port 9080), but SSL is what I'm after now.

JBoss Portal Version: 2.6.2.GA, downloaded
JBoss AS Version: 4.2.1
OS Platform: RedHat Enterprise Linux 4, Update 5

Describe the problem:
SSL access into JBoss appears to work.  I can get there by going to http://localhost:8443/portal.  However, the self producer is always inactive, and validation on that producer fails.  Furthermore, http://localhost:8443/jbossws/services reveals: "There are currently no endpoints deployed".  I've read the documentation on using WSRP over SSL and followed the configuration steps:

- I Used keytool to generate a server certificate: cn=localhost, o=bits, ou=bits, l=Dulles, st=VA, c=US

- I copied the keystore to server/default/conf

- I updated bin/run.conf with -Djavax.net.ssl.trustStore="<fully/qualified/path/to/keystore>" and
  | -Djavax.net.ssl.trustStorePassword="<password>"

- I configured an SSL/TLS connector in the tomcat server/default/deploy/jboss-web.deployer/server.xml, as follows:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  | maxThreads="150" scheme="https" secure="true"
  | clientAuth="false" sslProtocol="TLS"
  | keystoreFile="<fully/qualified/path/to/keystore>"
  | keystorePass="<password>" />
  | 

- The server certificate has been imported into my browser (FF 2.0.0.12) as an authority.

- I've updated server/default/deploy/jboss-portal.sar/portal-wsrp.sar/WEB-INF/wsdl/ to use http://localhost:8443 as the prefix for all 4 endpoints.

- I've updated server/default/deploy/jboss-portal.sar/portal-wsrp.sar/default-wsrp to use http://localhost:8443 as prefix for all 4 endpoints.

- I added a JaasSecurityDomain mbean to server/default/conf/jboss-service.xml:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  |   name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
  |   <constructor><arg type="java.lang.String" value="RMI+SSL"/></constructor>
  |   <attribute name="KeyStoreURL">fully/qualified/path/to/keystore</attribute>
  |   <attribute name="KeyStorePass">password</attribute>
  | </mbean>

- I added another JRMPInvoker to jboss-service.xml:
<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
  |   name="jboss:service=invoker,type=jrmp,socketType=SSL">
  |   <attribute name="RMIObjectPort">14445</attribute>
  |   <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
  |   <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute>
  |   <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute>
  |   <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
  | </mbean>

- I added an <invoker-proxy-binding> to server/default/conf/standardjboss.xml
<invoker-proxy-binding>
  | <name>stateless-ssl-invoker</name>
  | <invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-name>
  | <proxy-factory>org.jboss.proxy.ejbProxyFactory</proxy-factory>
  | <proxy-factory-config>
  |   <client-interceptors>
  |     <home>
  |       <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
  |       <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
  |       <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
  |       <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
  |       <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
  |     </home>
  |     <bean>
  |       <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
  |       <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
  |       <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
  |       <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
  |       <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
  |     </bean>
  |   </client-interceptors>
  | </proxy-factory-config>
  | </invoker-proxy-binding>

- I added 2 lines to server/default/deploy/jbossws.sar/jbossws.beans/META-INF/jboss-beans.xml:
<property name="webServiceSecurePort">8443</property>
  | <property name="webServicePort">9080</property>
within the ServiceEndpointManager" bean

- The WSDLPortFixFilter is in place in server/default/deploy/jboss-portal.sar/portal-wsrp.sar/WEB-INF/web.xml:
<filter>
  |   <filter-name>WSDLPortFixFilter</filter-name>
  |   <filter-class>org.jboss.portal.wsrp.servlet.WSDLPortFixFilter</filter-class>
  | </filter>
  | <filter-mapping>
  |   <filter-name>WSDLPortFixFilter</filter-name>
  |   <url-pattern>/*</url-pattern>
  | </filter-mapping>

I've restarted JBoss many times - no success - am I missing something?
Thanks in advance for your help,
Dan

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135788#4135788

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135788

More information about the jboss-user mailing list