4 Replies Latest reply on Apr 9, 2002 5:36 AM by jean.christophe

is this being supported

eriklee Apr 3, 2002 5:06 AM

as we know, ejb is based rmi and rmi itself is not safe
Can I config jboss and make it work like this:
1.no one can sniffer my remote invocation , they can not get my parameters and return value of invocation
2.only some special address and user can invoke a ejb
they need login with a password before any invocation and
the password can not be get by sniffering.

1. Re: is this being supported

adrian.brock Apr 3, 2002 5:40 AM (in response to eriklee)

http://java.sun.com/j2se/1.3/docs/guide/rmi/SSLInfo.html

You'll need to modify the naming service and jrmp
invoker service configurations.

I just noticed, the rmi codebase webserver doesn't
support pluggable socket implementations :-(

Regards,
Adrian
Actions
2. Re: is this being supported

eriklee Apr 9, 2002 3:05 AM (in response to eriklee)

So, it is very difficult to configure all ejb invocation via a ssl layer.
if I can , what need I do? Or which document should I refer .
Thanks.
Actions
3. Re: is this being supported

adrian.brock Apr 9, 2002 4:50 AM (in response to eriklee)

With the document above, this document explains
plugging different socket implementations into jboss.

http://www.jboss.org/online-manual/HTML/ch13s131.html

Regards,
Adrian
Actions
4. Re: is this being supported

jean.christophe Apr 9, 2002 5:36 AM (in response to eriklee)

This is explained in the new documentation
($9.99 - end of chapter 8), even if some details
remains obscure (how to change the RMI+SSL domain
name for example).

It works fine for me, and it is transparent (except
for the property).

For CA and keystore, if you do not want to share
the same keystore, I recom this 'cookbook'
http://www.xmlbus.com/docs/UsersGuide/Security3.html.
(so I dinot manage to run openssl under W2K but on
a linux box it works fine)

jc
Actions

Go to original post