[jboss-user] [Remoting] - Re: make ejb3 client use ServerAuthMode=false on sslsocket t

ron.sigal@jboss.com do-not-reply at jboss.com
Fri Apr 17 01:48:08 EDT 2009


I think there are two issues here.

1. "deckrider" wrote : but I also don't want the client to know about port 3873

If you mean "client" in the sense of your own application code, then don't worry.  It doesn't need to know about port 3873.  When you execute


  | hello = (HelloWorld) ctx.lookup("HelloWorldBean/remote");
  | 

you're bringing over a proxy object which knows about port 3873.

2. "deckrider" wrote :  I've read how one can use SSLSocketFactory to somehow configure the client to use SSLSocketBuilder.REMOTING_SERVER_AUTH_MODE=false ... . How would I change my stand alone test client to make this work?"

I'd like to be able to say: just add "org.jboss.remoting.serverAuthMode=false" to the EJB3 InvokerLocator.  That is:


  | sslsocket://${jboss.bind.address}:3873/?org.jboss.remoting.serverAuthMode=false
  | 

but, unfortunately, that doesn't work right now.  I've created JBREM-1121 "Client SocketFactory should be configurable by InvokerLocator" to fix that. 

For now, there is one parameter that you could add to the InvokerLocator which will get used by the client: "socketFactoryClassName".  That is, you could write your own SocketFactory and insure that it doesn't authenticate the server. The easiest way to do that, I think, is to write a MySocketFactory class that (1) uses SSLSocketBuilder to create an appropriate NoServerAuthenticateSocketFactory, and (2) just wraps the NoServerAuthenticateSocketFactory.  That is, calls to MySocketFactory.createSocket() return the result of  NoServerAuthenticateSocketFactory.createSocket().  Then modify the InvokerLocator:


  | sslsocket://${jboss.bind.address}:3873/?socketFactoryClassName=org.deckrider.MySocketFactory
  | 

For more information about SSLSocketBuilder, see Section "5.7.6 SSLSocketBuilder" of the Remoting Guide at http://www.jboss.org/jbossremoting/docs/guide/2.2/html/index.html .

It's a pain, but it should work.  Hope that helps. 




View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226080#4226080

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226080



More information about the jboss-user mailing list