This content has been marked as final.
Show 2 replies
-
1. Re: EJB client and its authentication by the client certific
starksm64 Mar 28, 2006 1:08 PM (in response to gfzhang)Support for this was just recently added to the pooled invoker. See
testsuite/src/resources/pooled/jboss-service.xml for an example:<?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=pooled-ssl"> <constructor> <arg type="java.lang.String" value="pooled-ssl"/> </constructor> <attribute name="KeyStoreURL">resource:localhost.keystore</attribute> <attribute name="KeyStorePass">unit-tests-server</attribute> <attribute name="TrustStoreURL">resource:localhost.keystore</attribute> <attribute name="TrustStorePass">unit-tests-server</attribute> <attribute name="Salt">abcdefgh</attribute> <attribute name="IterationCount">13</attribute> </mbean> <mbean code="org.jboss.invocation.pooled.server.PooledInvoker" name="jboss:service=invoker,type=pooled,socketType=SSLSocketFactory,wantsClientAuth=true"> <attribute name="NumAcceptThreads">1</attribute> <attribute name="MaxPoolSize">300</attribute> <attribute name="ClientMaxPoolSize">300</attribute> <attribute name="SocketTimeout">60000</attribute> <attribute name="ServerBindAddress">${jboss.bind.address}</attribute> <attribute name="ServerBindPort">0</attribute> <attribute name="ClientConnectAddress">${jboss.bind.address}</attribute> <attribute name="ClientConnectPort">0</attribute> <attribute name="ClientRetryCount">1</attribute> <attribute name="EnableTcpNoDelay">false</attribute> <!-- Customized socket factory attributes --> <attribute name="ClientSocketFactoryName">org.jboss.security.ssl.ClientSocketFactory</attribute> <attribute name="ServerSocketFactory" attributeClass="org.jboss.security.ssl.DomainServerSocketFactory" serialDataType="javaBean"> <property name="bindAddress">${jboss.bind.address}</property> <property name="securityDomain">java:/jaas/pooled-ssl</property> <property name="wantsClientAuth">true</property> <property name="needsClientAuth">true</property> <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property> <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property> </attribute> </mbean> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss.security.tests:service=LoginConfig,policy=pooled-ssl"> <attribute name="PolicyConfig" serialDataType="jbxb"> <jaas:policy xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd" xmlns:jaas="urn:jboss:security-config:4.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > <jaas:application-policy name="pooled-ssl"> <jaas:authentication> <jaas:login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag = "required"> <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option> <jaas:module-option name="securityDomain">java:/jaas/pooled-ssl</jaas:module-option> </jaas:login-module> <jaas:login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required"> <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option> <jaas:module-option name="userInfo"> <ur:users xsi:schemaLocation="urn:jboss:user-roles:1.0 resource:user-roles_1_0.xsd" xmlns:ur="urn:jboss:user-roles:1.0"> <ur:user name="CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, C=US" password=""> <ur:role name="Echo"/> </ur:user> </ur:users> </jaas:module-option> <jaas:module-option name="unauthenticatedIdentity">guest</jaas:module-option> </jaas:login-module> </jaas:authentication> </jaas:application-policy> </jaas:policy> </attribute> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server>
-
2. Re: EJB client and its authentication by the client certific
pchojniak Sep 8, 2006 4:11 AM (in response to gfzhang)Hi
I'm not sure that this answer coresponds to posted questions!
I have the same problem I want to use "ssl Client" credential and principal to use them in my own AuthorizationLoginModule. As I understand ssl, it authenticates client so we do not need to authenticate client in BaseCertLoginModule again, why not take the credential and principal from ssl and put them into sharedState.
Do I have to use LoginContext when I use SSL?!