4 Replies Latest reply on Sep 20, 2005 1:44 AM by tdursun

Configuring two ways authentication when using JBoss + SSL

tdursun Aug 29, 2005 11:22 AM

I intend to use SSL between java clients and JBoss Server.

After I read "Using SSL in JBoss" section of JBoss AdminGuide, I add
a JRMPInvoker MBean into jboss-services.xml.

In the configuration of this JRMPInvoker,
I set RMIServerSocketFactory as RMISSLServerSocketFactory.

Then, I tried to configure "client Authentication as mandatory" in jboss-services.xml,
but I couldn't.

Because JRMPInvoker does not have an attribute like needsClientAuth=true/false.

However RMISSLServerSocketFactory class has a method setNeedsClientAuth(boolen b) but JRMPInvoker does not call this method.

How can I make JBoss perform "client authentication in SSL operations"?

1. Re: Configuring two ways authentication when using JBoss + S

starksm64 Sep 4, 2005 12:21 PM (in response to tdursun)

From the testsuite/src/resources/jrmp/service-inf/jboss-service.xml

 <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
 name="jboss:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true">
 <attribute name="RMIObjectPort">0</attribute>
 <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory
 </attribute>
 <attribute name="RMIServerSocketFactoryBean"
 attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory"
 serialDataType="javaBean">
 <property name="bindAddress">${jboss.bind.address}</property>
 <property name="securityDomain">java:/jaas/rmi-ssl</property>
 <property name="wantsClientAuth">true</property>
 <property name="needsClientAuth">true</property>
 </attribute>
 </mbean>

2. Re: Configuring two ways authentication when using JBoss + S

tdursun Sep 5, 2005 7:02 AM (in response to tdursun)

Dear Scott,
As I explained in my e-mail message that I sent you,
I have already tried to run the sample you gave.

But it does not work.

According to the result I have found out my JBoss debugs,
the SecurityDomain property of the RMIServerSocketFactoryBean
could not been set correctly due to lack of SecurityDomainEditor.
Actions
3. Re: Configuring two ways authentication when using JBoss + S

starksm64 Sep 5, 2005 9:47 AM (in response to tdursun)

The support for this was added in 4.0.1.
Actions
4. Re: Configuring two ways authentication when using JBoss + S

tdursun Sep 20, 2005 1:44 AM (in response to tdursun)

Hi Scott,

My JBoss version is already 4.0.2.

What else wrong?
Actions

Go to original post