Problem configuring JRMPInvoker with SSL
fiddlesticks Mar 18, 2008 1:24 PMI've spent most of the last 2 days trying to get SSL working for EJB3 clients, with no luck.
The problem I'm seeing is a NullPointerException when starting JBoss:
2008-03-18 16:48:19,820 ERROR [main] JRMPInvoker | Failed to setSecurityDomain=java:/jaas/gds on socket factory
java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
at org.jboss.invocation.jrmp.server.JRMPInvoker.loadCustomSocketFactories(JRMPInvoker.java:546)
This seems to be the same problem as at:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137357#4137357
and also the same as the following issue raised in JBoss JIRA at:
http://jira.jboss.com/jira/browse/JBAS-5269
The nitty gritty:
We have a custom JAAS LoginModule setup in login-config.xml. This is working when authenticating from the web container.
For direct EJB-client access I have a jboss.xml file in the ejb jar which points to the application policy setup in login-conf.xml:
<security-domain>java:/jaas/gds</security-domain>
I then have the following in my jboss-service.xml:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL"> <constructor> <arg type="java.lang.String" value="java:/jaas/gds"/> </constructor> <attribute name="KeyStoreURL">${jboss.server.home.dir}/mykeystore</attribute> <attribute name="KeyStorePass">blah</attribute> </mbean> <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp,socketType=SSL"> <attribute name="RMIObjectPort">4444</attribute> <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute> <attribute name="RMIServerSocketFactoryBean" attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory" serialDataType="javaBean"> <property name="bindAddress">${jboss.bind.address}</property> <property name="securityDomain">java:/jaas/gds</property> <property name="wantsClientAuth">true</property> <property name="needsClientAuth">true</property> <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property> <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property> </attribute> <depends>jboss.security:service=JaasSecurityManager</depends> <depends>jboss:service=TransactionManager</depends> <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends> </mbean>
And when I start JBoss I get the NPE shown above.
Running in debug, when Context.forDomain() is called, it's pass a null SecurityDomain.
I'm running JBoss 4.2.0GA.
What am I doing wrong?