[jboss-user] [Installation, Configuration & DEPLOYMENT] - ssl connection to ejb in cluster env

smolin do-not-reply at jboss.com
Fri May 29 05:52:02 EDT 2009 

Hello there, 
could anybody help or point the right direction? I tried on JBoss users forum, but no any answer.
Conf: 
JBoss 5.1.0CR1, JDK 1.6, XP (development env) 
cluster (configuration: all) 

I try to use ssl connection to reach ejb component. 

1. added ssl-service.xml to META-INF of ejb jar 

  | 
  | <?xml version="1.0" encoding="UTF-8"?>
  | 
  | <server>
  |    <!-- The server socket factory mbean to be used as attribute to socket invoker -->
  |    <!-- which uses the JaasSecurityDomain -->
  |    <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
  |       name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced"
  |       display-name="SecurityDomain Server Socket Factory">
  |        <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
  |       <depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends>
  |    </mbean>
  |    
  |      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  |          name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced">
  |      <!-- This must correlate with the java:/jaas/SSL above -->
  |      <constructor>
  |         <arg type="java.lang.String" value="SSLAdvanced"/>
  |      </constructor>
  |      <!-- The location of the keystore
  |           resource: loads from the classloaders conf/ is the first classloader -->
  |      <attribute name="KeyStoreURL">traffic.keystore</attribute>
  |      <attribute name="KeyStorePass">trafficssl</attribute>
  |   </mbean>
  | 
  |    <!-- The Connector is the core component of the remoting server service. -->
  |    <!-- It binds the remoting invoker (transport protocol, callback configuration, -->
  |    <!-- data marshalling, etc.) with the invocation handlers.  -->
  |    <mbean code="org.jboss.remoting.transport.Connector"
  |           
  |           name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
  |           display-name="Socket transport Connector">
  | 
  |       <attribute name="Configuration">
  |          <config>
  |              <invoker transport="sslsocket">
  |                <attribute name="dataType" isParam="true">invocation</attribute>
  |                <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
  |                <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
  |                <!-- The following is for setting the server socket factory.  If want ssl support -->
  |                <!-- use a server socket factory that supports ssl.  The only requirement is that -->
  |                <!-- the server socket factory value must be an ObjectName, meaning the -->
  |                <!-- server socket factory implementation must be a MBean and also -->
  |                <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
  |                <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute>
  |                <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
  |                <attribute name="serverBindPort">3843</attribute>
  |             </invoker>
  |             <handlers>
  |             <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
  |             </handlers>
  |          </config>
  |       </attribute>
  |       <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends>
  | 
  |    </mbean>
  | 
  | </server>
  | 


2. generated all keystore/certificate etc. 

3. added annotation to ejb (many different trials): 

  | @RemoteBinding(jndiBinding="someEjb/remote", clientBindUrl = "sslsocket://${jboss.bind.address}:3843") 
  | then 
  | @RemoteBinding(jndiBinding="someEjb/remote", clientBindUrl = "sslsocket://0.0.0.0:3843") 
  | 

If I put real target ip of ejb container then it works fine, but only with one machines from cluster (obvious, you can't put two ip addresses in clientBindUrl), whenever I try to use 0.0.0.0 mask or ${jboss.bind.address} it doesn't work. 

I couldn't find any working solution and of course many examples that use 0.0.0.0 mask works fine (but only for local communication: client and server on the same machine). Could not find any working solution for ssl in cluster setup. 

Any help would be really appreciated!

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4234065#4234065

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4234065

More information about the jboss-user mailing list