[jboss-user] [EJB 3.0 Users] - Re: Overriding clientBindUrl does not work! Why?

eminil do-not-reply at jboss.com
Fri Sep 4 04:54:12 EDT 2009


Posting the complete setup here again:

Suppose our IP on the server is 10.10.10.10
We're using JBoss 5.1.0.GA

Our EJB is defined as:

  | @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="SystemEJB")
  | public class SystemEJB implements SystemEJBRemote {
  | 

The jboss.xml file which is placed into our myapp.ear file under META-INF/jboss.xml together with
the application.xml and jboss-app.xml. It looks like this:

  | <?xml version="1.0" encoding="UTF-8"?>
  | <jboss xmlns="http://www.jboss.com/xml/ns/javaee"
  |      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |      xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_5_0.xsd"
  |      version="3.0">
  | 	<enterprise-beans>
  | 		<session>
  | 			<ejb-name>SystemEJB</ejb-name>
  | 			<remote-binding>
  | 				<jndi-name>SystemEJB</jndi-name>
  | 				<client-bind-url>sslsocket://10.10.10.10</client-bind-url>
  | 			</remote-binding>
  | 		</session>
  | 	</enterprise-beans>
  | </jboss>
  | 

We have a ssl-service.xml file which we during deploy copies to the /deploy dir of the jboss server and
it looks like this:

  | <?xml version="1.0" encoding="UTF-8"?>
  | <server>
  | 
  |    <!-- ==================================================================== -->
  |    <!-- For SSL with EJB3                                                    -->
  |    <!-- ==================================================================== -->
  |    
  |    <!-- The server socket factory mbean to be used as attribute to socket invoker -->
  |    <!-- which uses the JaasSecurityDomain -->
  |    <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
  |       name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced"
  |       display-name="SecurityDomain Server Socket Factory">
  |        <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
  |       <depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends>
  |       <depends>JBossSecurityJNDIContextEstablishment</depends>
  |    </mbean>
  | 
  |     <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  |          name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced">
  |       <!-- This must correlate with the java:/jaas/SSL above -->
  |       <constructor>
  |          <arg type="java.lang.String" value="SSLAdvanced"/>
  |       </constructor>
  |       <!-- The location of the keystore
  |           resource: loads from the classloaders conf/ is the first classloader -->
  |      <attribute name="KeyStoreURL">ourapp.keystore</attribute>
  |      <attribute name="KeyStorePass">ourpassword</attribute>
  |   </mbean>
  | 
  |    <!-- The Connector is the core component of the remoting server service. -->
  |    <!-- It binds the remoting invoker (transport protocol, callback configuration, -->
  |    <!-- data marshalling, etc.) with the invocation handlers.  -->
  |    <mbean code="org.jboss.remoting.transport.Connector"
  |           
  |           name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
  |           display-name="Socket transport Connector">
  | 
  |       <attribute name="Configuration">
  |          <config>
  |              <invoker transport="sslsocket">
  |                <attribute name="dataType" isParam="true">invocation</attribute>
  |                <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
  |                <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
  |                <!-- The following is for setting the server socket factory.  If want ssl support -->
  |                <!-- use a server socket factory that supports ssl.  The only requirement is that -->
  |                <!-- the server socket factory value must be an ObjectName, meaning the -->
  |                <!-- server socket factory implementation must be a MBean and also -->
  |                <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
  |                <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute>
  |                <!-- <attribute name="serverBindAddress">${jboss.bind.address}</attribute> -->
  |                <attribute name="serverBindAddress">10.10.10.10</attribute>
  |                <attribute name="serverBindPort">3843</attribute>
  |             </invoker>
  |             <handlers>
  |             <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
  |             </handlers>
  |          </config>
  |       </attribute>
  |       <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends>
  | 
  |    </mbean>
  | 
  | </server>
  | 

When starting up jboss we provide the following arguments to the run.bat:

  | -Djboss.bind.address=10.10.10.10 -Djava.rmi.server.hostname=10.10.10.10
  | 


When trying to run the client we get the following error:

  | javax.naming.NamingException: Could not dereference object [Root exception is org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://0.0.0.0:3843/]]
  | 

So it seems the clientBindUrl in the bean is not overriden by our jboss.xml file... anyone have any idea how we should approach this now? It is frutstrating that there is no functional documentation or working examples to actually get SSL working in server and a REMOTELY connecting client...






View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4253504#4253504

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4253504



More information about the jboss-user mailing list