-
1. Re: SSL support has been added
starksm64 May 6, 2005 2:23 AM (in response to tom.elrod)We need a variation of the SSLSocketBuilder that works with the JaasSecurityDomain or a refactoring of it so that we have a central service that has a mechanism for not requiring clear text passwords.
Do you have a test that shows using this for a secure ejb invocation? -
2. Re: SSL support has been added
tom.elrod May 6, 2005 4:09 PM (in response to tom.elrod)"scott.stark@jboss.org" wrote:
We need a variation of the SSLSocketBuilder that works with the JaasSecurityDomain or a refactoring of it so that we have a central service that has a mechanism for not requiring clear text passwords.
I can build an mbean service that will implement the ServerSocketFactoryMBean and uses the DomainServerSocketFactory (which gets it's SecurityDomain set by an attribute for the preferred JaasSecuirtyDomain). Where should I put this code (since remoting and security don't need to know about one another otherwise)?"scott.stark@jboss.org" wrote:
Do you have a test that shows using this for a secure ejb invocation?
I have run a test using the sslsocket transport for unified invoker, with a home grown ejb and client and it worked, but do not have anything automated or part of the testsuite. How/where should I add something like this to the testsuite? -
3. Re: SSL support has been added
starksm64 May 6, 2005 9:08 PM (in response to tom.elrod)It needs to be in a remoting module of the jbossas project since its integration code that bridges services in the server.
-
4. Re: SSL support has been added
tom.elrod May 9, 2005 1:11 AM (in response to tom.elrod)Have code finished and is working against local ejb test I run. The configuration I used is as follows. Still need to get this into jboss-head's version of remoting, but is going to be part of me changing jboss-head so uses binary of JBossRemoting build and then making remoting directory under jboss-head for stuff like this (which is the integration code between JBossRemoting and jboss-head).
<!-- The server socket factory mbean to be used as attribute to socket invoker --> <!-- which uses the JaasSecurityDomain --> <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService" name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomain" display-name="SecurityDomain Server Socket Factory"> <attribute name="SecurityDomain">java:/jaas/SSL</attribute> <depends>jboss.security:service=JaasSecurityDomain,domain=SSL</depends> </mbean> <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=SSL"> <!-- This must correlate with the java:/jaas/SSL above --> <constructor> <arg type="java.lang.String" value="SSL"/> </constructor> <!-- The location of the keystore resource: loads from the classloaders conf/ is the first classloader --> <attribute name="KeyStoreURL">.keystore</attribute> <attribute name="KeyStorePass">opensource</attribute> </mbean> <!-- The Connector is the core component of the remoting server service. --> <!-- It binds the remoting invoker (transport protocol, callback configuration, --> <!-- data marshalling, etc.) with the invocation handlers. --> <mbean code="org.jboss.remoting.transport.Connector" xmbean-dd="org/jboss/remoting/transport/Connector.xml" name="jboss.remoting:service=Connector,transport=socket" display-name="Socket transport Connector"> <attribute name="Configuration"> <config> <invoker transport="sslsocket"> <attribute name="dataType" isParam="true">invocation</attribute> <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute> <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute> <!-- The following is for setting the server socket factory. If want ssl support --> <!-- use a server socket factory that supports ssl. The only requirement is that --> <!-- the server socket factory value must be an ObjectName, meaning the --> <!-- server socket factory implementation must be a MBean and also --> <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. --> <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomain</attribute> <attribute name="serverBindAddress">${jboss.bind.address}</attribute> <attribute name="serverBindPort">6667</attribute> </invoker> <handlers> <handler subsystem="invoker">jboss:service=invoker,type=unified</handler> </handlers> </config> </attribute> <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomain</depends> <depends>jboss.remoting:service=NetworkRegistry</depends> <!-- <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends> --> </mbean>
-
5. Re: SSL support has been added
tom.elrod May 12, 2005 3:51 PM (in response to tom.elrod)This is now in jboss-head. It is under jbossas/remoting directory and is found in jbossas-remoting.jar (which is also part of jboss server distro under all/lib and default/lib).