2 Replies Latest reply on Aug 15, 2006 3:34 AM by lamas

JBoss SSL problem

s.rzytki Jun 21, 2006 7:52 AM

Hello
I try to apply ssl to rmi communication for stateless session beans. So using documentation I made steps like below:

1) Generating file test.keystore using jboss tool (like example in documentation)

2) Adding to jboss-service.xml lines like below

<!-- ===============================================================================================================
 SSL
 =================================================================================================================== -->


 <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
 <constructor>
 <arg type="java.lang.String" value="RMI+SSL"/>
 </constructor>
 <attribute name="KeyStoreURL">test.keystore</attribute>
 <attribute name="KeyStorePass">testPassword</attribute>
 </mbean>
 <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp,socketType=SSL">
 <attribute name="RMIObjectPort">14445</attribute>
 <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
 <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute>
 <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute>
 <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
 </mbean>

Next step:
3) Adding to standardjboss.xml lines like below:

<!-- ===================================================================== -->
<!-- SSL START -->
<!-- ===================================================================== -->

 <invoker-proxy-binding>
 <name>stateless-ssl-rmi-invoker</name>
 <invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-mbean>
 <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
 <proxy-factory-config>
 <client-interceptors>
 <home>
 <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
 <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
 <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
 <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
 <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
 </home>
 <bean>
 <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
 <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
 <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
 <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
 <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
 </bean>
 </client-interceptors>
 </proxy-factory-config>
 </invoker-proxy-binding>

<!-- ===================================================================== -->
<!-- SSL END -->
<!-- ===================================================================== -->

4) Next in this file I've changed a line

<invoker-proxy-binding-name>stateless-rmi-invoker</invoker-proxy-binding-name>

for Standard Stateless SessionBean
on

<invoker-proxy-binding-name>stateless-ssl-rmi-invoker</invoker-proxy-binding-name>

like below

<container-configuration>
 <container-name>Standard Stateless SessionBean</container-name>
 <call-logging>false</call-logging>
 <invoker-proxy-binding-name>stateless-ssl-rmi-invoker</invoker-proxy-binding-name>
 <container-interceptors>
 <interceptor>org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor</interceptor>
 <interceptor>org.jboss.ejb.plugins.LogInterceptor</interceptor>
 <interceptor>org.jboss.ejb.plugins.SecurityInterceptor</interceptor>
 <!-- CMT -->
 <interceptor transaction="Container">org.jboss.ejb.plugins.TxInterceptorCMT</interceptor>
 <interceptor transaction="Container">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor>
 <interceptor transaction="Container">org.jboss.ws.server.ServiceEndpointInterceptor</interceptor>
 <interceptor transaction="Container">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor>
 <!-- BMT -->
 <interceptor transaction="Bean">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor>
 <interceptor transaction="Bean">org.jboss.ejb.plugins.TxInterceptorBMT</interceptor>
 <interceptor transaction="Bean">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor>
 <interceptor transaction="Bean">org.jboss.ws.server.ServiceEndpointInterceptor</interceptor>
 <interceptor>org.jboss.resource.connectionmanager.CachedConnectionInterceptor</interceptor>
 </container-interceptors>
 <instance-pool>org.jboss.ejb.plugins.StatelessSessionInstancePool</instance-pool>
 <instance-cache></instance-cache>
 <persistence-manager></persistence-manager>
 <container-pool-conf>
 <MaximumSize>100</MaximumSize>
 </container-pool-conf>
 </container-configuration>

After that I stared jboss I've received an exception like below:

13:31:03,024 WARN [ServiceController] Problem starting service jboss.j2ee:jndiN
ame=oe3/SessionController,service=EJB
java.lang.RuntimeException: invoker is null: jboss:service=invoker,type=jrmp,soc
ketType=SSL
 at org.jboss.proxy.ejb.ProxyFactory.setupInvokers(ProxyFactory.java:258)

 at org.jboss.proxy.ejb.ProxyFactory.start(ProxyFactory.java:242)
 at org.jboss.ejb.SessionContainer.startInvokers(SessionContainer.java:44
0)
 at org.jboss.ejb.SessionContainer.startService(SessionContainer.java:399
)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanS
upport.java:289)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMB
eanSupport.java:245)
 at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatch
er.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.
java:260)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceControl
ler.java:974)
 at $Proxy0.start(Unknown Source)
 at org.jboss.system.ServiceController.start(ServiceController.java:417)
 at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatch
er.java:155)

Problem is when I remove my ear application and start again jboss, everything will start appropriate without any exception. Next when I deploy my ear application, deploy will finish without any exception too, and all application works fine without any problems.

Tested on jboss 4.0.4 RC1 and jboss 4.0.4 GA

Thanks for any suggestions.

Best regards Sebastian.

1. Re: JBoss SSL problem

lamas Aug 15, 2006 2:37 AM (in response to s.rzytki)

I do same settings as you do. Then, of-course, get same problem like you. could anyone help us?
Actions

2. Re: JBoss SSL problem

lamas Aug 15, 2006 3:34 AM (in response to s.rzytki)

I seems solve the problem with follow change.
in jboss-service.xml

<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
 name="jboss:service=invoker,type=jrmp,socketType=SSL">
 <attribute name="RMIObjectPort">14445</attribute>
 <attribute name="ServerAddress">${jboss.bind.address}</attribute>
 <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
 <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute>
 <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute>
 <depends>jboss:service=TransactionManager</depends>
 <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
 </mbean>

add jboss:service=TransactionManager .

Try it out. but is there any way to test whether the ejb is really go through ssl?

Go to original post