-
1. Re: SSL ClientAuth
Meaning support for requiring client authentication on the server socket? This was added to the DomainServerSocketFactory in 4.0.3:
http://jira.jboss.com/jira/browse/JBAS-1983 -
2. Re: SSL ClientAuth
Ok, so we probably need a JIRA task to go through the code
and add pojo injection of the server socket factory rather than
the old "class name" injection used by UIL2? -
3. Re: SSL ClientAuth
Yes, an example of this from the testsuite using the javaBean injection of the legacy SARDeployer is:
<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true"> <attribute name="RMIObjectPort">0</attribute> <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory </attribute> <attribute name="RMIServerSocketFactoryBean" attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory" serialDataType="javaBean"> <property name="bindAddress">${jboss.bind.address}</property> <property name="securityDomain">java:/jaas/rmi-ssl</property> <property name="wantsClientAuth">true</property> <property name="needsClientAuth">true</property> <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property> <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property> </attribute> </mbean> -
5. Re: SSL ClientAuth
Done. See jira issue for details, but in a nutshell, the server socket factory can be set within any of the remoting transports using:
1. setter method with a live instance
2. configuration property 'serverSocketFactory' with fully qualified classname
3, configuration property 'serverSocketFactory' with ObjectName of registered MBean service.