ssl connection to ejb in cluster env
smolin May 29, 2009 5:52 AMHello there,
could anybody help or point the right direction? I tried on JBoss users forum, but no any answer.
Conf:
JBoss 5.1.0CR1, JDK 1.6, XP (development env)
cluster (configuration: all)
I try to use ssl connection to reach ejb component.
1. added ssl-service.xml to META-INF of ejb jar
<?xml version="1.0" encoding="UTF-8"?> <server> <!-- The server socket factory mbean to be used as attribute to socket invoker --> <!-- which uses the JaasSecurityDomain --> <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService" name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced" display-name="SecurityDomain Server Socket Factory"> <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute> <depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends> </mbean> <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced"> <!-- This must correlate with the java:/jaas/SSL above --> <constructor> <arg type="java.lang.String" value="SSLAdvanced"/> </constructor> <!-- The location of the keystore resource: loads from the classloaders conf/ is the first classloader --> <attribute name="KeyStoreURL">traffic.keystore</attribute> <attribute name="KeyStorePass">trafficssl</attribute> </mbean> <!-- The Connector is the core component of the remoting server service. --> <!-- It binds the remoting invoker (transport protocol, callback configuration, --> <!-- data marshalling, etc.) with the invocation handlers. --> <mbean code="org.jboss.remoting.transport.Connector" name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3"> display-name="Socket transport Connector"> <attribute name="Configuration"> <config> <invoker transport="sslsocket"> <attribute name="dataType" isParam="true">invocation</attribute> <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute> <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute> <!-- The following is for setting the server socket factory. If want ssl support --> <!-- use a server socket factory that supports ssl. The only requirement is that --> <!-- the server socket factory value must be an ObjectName, meaning the --> <!-- server socket factory implementation must be a MBean and also --> <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. --> <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute> <attribute name="serverBindAddress">${jboss.bind.address}</attribute> <attribute name="serverBindPort">3843</attribute> </invoker> <handlers> <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler> </handlers> </config> </attribute> <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends> </mbean> </server>
2. generated all keystore/certificate etc.
3. added annotation to ejb (many different trials):
@RemoteBinding(jndiBinding="someEjb/remote", clientBindUrl = "sslsocket://${jboss.bind.address}:3843") then @RemoteBinding(jndiBinding="someEjb/remote", clientBindUrl = "sslsocket://0.0.0.0:3843")
If I put real target ip of ejb container then it works fine, but only with one machines from cluster (obvious, you can't put two ip addresses in clientBindUrl), whenever I try to use 0.0.0.0 mask or ${jboss.bind.address} it doesn't work.
I couldn't find any working solution and of course many examples that use 0.0.0.0 mask works fine (but only for local communication: client and server on the same machine). Could not find any working solution for ssl in cluster setup.
Any help would be really appreciated!