0 Replies Latest reply on Mar 18, 2008 1:24 PM by fiddlesticks

    Problem configuring JRMPInvoker with SSL

    fiddlesticks
    fiddlesticks Mar 18, 2008 1:24 PM

      I've spent most of the last 2 days trying to get SSL working for EJB3 clients, with no luck.

      The problem I'm seeing is a NullPointerException when starting JBoss:

      2008-03-18 16:48:19,820 ERROR [main] JRMPInvoker | Failed to setSecurityDomain=java:/jaas/gds on socket factory
      java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
      at org.jboss.invocation.jrmp.server.JRMPInvoker.loadCustomSocketFactories(JRMPInvoker.java:546)


      This seems to be the same problem as at:
      http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137357#4137357

      and also the same as the following issue raised in JBoss JIRA at:
      http://jira.jboss.com/jira/browse/JBAS-5269


      The nitty gritty:

      We have a custom JAAS LoginModule setup in login-config.xml. This is working when authenticating from the web container.

      For direct EJB-client access I have a jboss.xml file in the ejb jar which points to the application policy setup in login-conf.xml: 

      <security-domain>java:/jaas/gds</security-domain>


      I then have the following in my jboss-service.xml: 



       <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
 name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
 <constructor>
 <arg type="java.lang.String" value="java:/jaas/gds"/>
 </constructor>
 <attribute name="KeyStoreURL">${jboss.server.home.dir}/mykeystore</attribute>
 <attribute name="KeyStorePass">blah</attribute>
 </mbean>

 <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
 name="jboss:service=invoker,type=jrmp,socketType=SSL">
 <attribute name="RMIObjectPort">4444</attribute>
 <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
 <attribute name="RMIServerSocketFactoryBean" attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory" serialDataType="javaBean">
 <property name="bindAddress">${jboss.bind.address}</property>
 <property name="securityDomain">java:/jaas/gds</property>
 <property name="wantsClientAuth">true</property>
 <property name="needsClientAuth">true</property>
 <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
 <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
 </attribute>

 <depends>jboss.security:service=JaasSecurityManager</depends>
 <depends>jboss:service=TransactionManager</depends>
 <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
 </mbean>


      And when I start JBoss I get the NPE shown above.

      Running in debug, when Context.forDomain() is called, it's pass a null SecurityDomain.

      I'm running JBoss 4.2.0GA.

      What am I doing wrong?

      • 1640 Views
      • Tags: