-
1. Re: JBossMQ messages over SSL
colinmadere Jul 7, 2004 3:34 PM (in response to sharris)After much prodding I got some info in September 2003. I saved the answers but forgot to get the second page. This was probably for 3.2.1, so not sure if there are differences for the latest version. Good thing I saved it because it appears they deleted it from the forums. I'll leave it to the reader to speculate on why that might be.
Below is what I coaxed out of Adrian, though I think there was still something missing that was posted on the second page of the now deleted thread.
One thing that snagged me was needing to set up the client-side truststore for the entity connecting to the server's JBossMQ instance and needing to have the server's certificate in the client's truststore.
Posted Sep 24, 2003 5:48 PM by adrian@jboss.org:
OK, I just tried it, here is what I did.
1) Created a keystore in server/default/conf/test.keystore
2) Created a security domain that references it
(resource: is jboss specific protocol that loads from the
classloader, conf/ is the first classloader installed by jboss)
resource:test.keystore
ssltest
3) Deployed a HTTPSUIL2ConnectionFactory
<depends optional-attribute-name="Invoker">jboss.mq:service=Invoker
HTTPSUIL2ConnectionFactory
HTTPSUIL2XAConnectionFactory
8193
60000
true
<!-- Used to disconnect the client if there is no activity -->
<!-- Ensure this is greater than the ping period -->
70000
<!-- The size of the buffer (in bytes) wrapping the socket -->
<!-- The buffer is flushed after each request -->
2048
<!-- Large messages may block the ping/pong -->
<!-- A pong is simulated after each chunk (in bytes) for both reading and writing -->
<!-- It must be larger than the buffer size -->
1000000
org.jboss.security.ssl.ClientSocketFactory
org.jboss.security.ssl.DomainServerSocketFactory
java:/jaas/SSL
On the client set the system property to use the keystore
as the truststore.
Job Done.
Regards,
Adrian -
2. Re: JBossMQ messages over SSL
colinmadere Jul 7, 2004 3:37 PM (in response to sharris)Fix for last post, forgot to "disable HTML" even though it's XML :)
1) Created a keystore in server/default/conf/test.keystore 2) Created a security domain that references it (resource: is jboss specific protocol that loads from the classloader, conf/ is the first classloader installed by jboss) <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=SSL"> <constructor> <arg type="java.lang.String" value="SSL"/> </constructor> <attribute name="KeyStoreURL">resource:test.keystore</attribute> <attribute name="KeyStorePass">ssltest</attribute> </mbean> 3) Deployed a HTTPSUIL2ConnectionFactory <mbean code="org.jboss.mq.il.uil2.UILServerILService" name="jboss.mq:service=InvocationLayer,type=HTTPSUIL2"> <depends optional-attribute-name="Invoker">jboss.mq:service=Invoker</depends> <attribute name="ConnectionFactoryJNDIRef">HTTPSUIL2ConnectionFactory</attribute> <attribute name="XAConnectionFactoryJNDIRef">HTTPSUIL2XAConnectionFactory</attribute> <attribute name="ServerBindPort">8193</attribute> <attribute name="PingPeriod">60000</attribute> <attribute name="EnableTcpNoDelay">true</attribute> <!-- Used to disconnect the client if there is no activity --> <!-- Ensure this is greater than the ping period --> <attribute name="ReadTimeout">70000</attribute> <!-- The size of the buffer (in bytes) wrapping the socket --> <!-- The buffer is flushed after each request --> <attribute name="BufferSize">2048</attribute> <!-- Large messages may block the ping/pong --> <!-- A pong is simulated after each chunk (in bytes) for both reading and writing --> <!-- It must be larger than the buffer size --> <attribute name="ChunkSize">1000000</attribute> <attribute name="ClientSocketFactory">org.jboss.security.ssl.ClientSocketFactory</attribute> <attribute name="ServerSocketFactory">org.jboss.security.ssl.DomainServerSocketFactory</attribute> <attribute name="SecurityDomain">java:/jaas/SSL</attribute> </mbean> On the client set the system property to use the keystore as the truststore. <java classname="test.client.Client" fork="true"> <sysproperty key="javax.net.ssl.trustStore" path="${jboss.home}/server/${jboss.config}/conf/test.keystore"/> <classpath refid="client.classpath"/> </java>
-
3. Original thread still exists
rhand Nov 19, 2004 2:49 AM (in response to sharris)The original thread still exists: http://jboss.com/index.html?module=bb&op=viewtopic&t=39049 ... it doesn't look as if it's been deleted after all.