[jboss-user] [Security & JAAS/JBoss] - Problem configuring JRMPInvoker with SSL

fiddlesticks do-not-reply at jboss.com
Tue Mar 18 13:25:00 EDT 2008 

I've spent most of the last 2 days trying to get SSL working for EJB3 clients, with no luck.

The problem I'm seeing is a NullPointerException when starting JBoss:

anonymous wrote : 2008-03-18 16:48:19,820 ERROR [main] JRMPInvoker | Failed to setSecurityDomain=java:/jaas/gds on socket factory
  | java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
  |         at org.jboss.invocation.jrmp.server.JRMPInvoker.loadCustomSocketFactories(JRMPInvoker.java:546)
  | 

This seems to be the same problem as at:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137357#4137357

and also the same as the following issue raised in JBoss JIRA at:
http://jira.jboss.com/jira/browse/JBAS-5269


The nitty gritty:

We have a custom JAAS LoginModule setup in login-config.xml. This is working when authenticating from the web container. 

For direct EJB-client access I have a jboss.xml file in the ejb jar which points to the application policy setup in login-conf.xml:

<security-domain>java:/jaas/gds</security-domain>

I then have the following in my jboss-service.xml:



   
  |    <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  |           name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
  |        <constructor>
  | 			<arg type="java.lang.String" value="java:/jaas/gds"/>
  |        </constructor>
  |        <attribute name="KeyStoreURL">${jboss.server.home.dir}/mykeystore</attribute>
  |        <attribute name="KeyStorePass">blah</attribute>
  |    </mbean> 
  | 
  |    <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
  |       name="jboss:service=invoker,type=jrmp,socketType=SSL">
  |       <attribute name="RMIObjectPort">4444</attribute>
  |       <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
  |       <attribute name="RMIServerSocketFactoryBean" attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory" serialDataType="javaBean">
  |         <property name="bindAddress">${jboss.bind.address}</property>
  |         <property name="securityDomain">java:/jaas/gds</property>
  |         <property name="wantsClientAuth">true</property>
  |         <property name="needsClientAuth">true</property>
  |         <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
  |         <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
  |       </attribute>
  | 
  |       <depends>jboss.security:service=JaasSecurityManager</depends>
  |       <depends>jboss:service=TransactionManager</depends>
  |       <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
  |    </mbean>

And when I start JBoss I get the NPE shown above.

Running in debug, when Context.forDomain() is called, it's pass a null SecurityDomain.

I'm running JBoss 4.2.0GA.

What am I doing wrong?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137528#4137528

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137528

More information about the jboss-user mailing list