10 Replies Latest reply on May 5, 2008 8:58 PM by dbmac45

    EJB with SSL does not work with JBoss AS 4.2.2

      Hello,
      I am trying to connect to my EJB via SSL and I have tried all the different approaches including the ones in the 4.2.2 administration guide as well as the JBoss Remoting guide and nothing seems to work. I would really appreciate any and all help in resolving this.

      First, let me describe the error:
      On the Client


      Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://127.0.0.1:3843/]
      at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:532)
      at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
      at org.jboss.remoting.Client.invoke(Client.java:1634)
      at org.jboss.remoting.Client.invoke(Client.java:548)
      at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
      at $Proxy0.echo(Unknown Source)
      at SSLEJBClient.main(SSLEJBClient.java:22)
      Caused by: java.lang.reflect.InvocationTargetException
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      at java.lang.reflect.Constructor.newInstance(Unknown Source)
      at org.jboss.remoting.transport.socket.SocketClientInvoker.createClientSocket(SocketClientInvoker.java:152)
      at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.getConnection(MicroSocketClientInvoker.java:856)
      at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:525)
      at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
      at org.jboss.remoting.Client.invoke(Client.java:1634)
      at org.jboss.remoting.Client.invoke(Client.java:548)
      at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
      at $Proxy0.echo(Unknown Source)
      at SSLEJBClient.main(SSLEJBClient.java:22)
      at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:74)
      ... 10 more
      Caused by: java.net.SocketException: Socket Closed
      at java.net.PlainSocketImpl.setOption(Unknown Source)
      at java.net.Socket.setSoTimeout(Unknown Source)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(Unknown Source)
      at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
      at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:168)
      at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      at java.lang.reflect.Constructor.newInstance(Unknown Source)
      at org.jboss.remoting.transport.socket.SocketClientInvoker.createClientSocket(SocketClientInvoker.java:152)
      at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.getConnection(MicroSocketClientInvoker.java:856)
      at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:525)
      at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
      at org.jboss.remoting.Client.invoke(Client.java:1634)
      at org.jboss.remoting.Client.invoke(Client.java:548)
      at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
      ... 10 more


      From the Server Side
      12:25:31,367 ERROR [ServerThread] Worker thread initialization failure
      java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
       at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
       at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
       at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
       at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
      Caused by: java.net.SocketException: Socket Closed
       at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
       at java.net.Socket.setSoTimeout(Socket.java:997)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:2047)
       at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
       at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:168)
       at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
       at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
      


      My server side configuration looks like the following:
      SSL-Service-xml


      <?xml version="1.0" encoding="UTF-8"?>
      <server>
       <mbean code="org.jboss.remoting.transport.Connector"
       name="jboss.remoting:service=Connector,transport=sslsocket"
       display-name="SSL Socket transport Connector">
       <attribute name="Configuration">
       <config>
       <invoker transport="sslsocket">
       <attribute name="dataType" isParam="true">invocation</attribute>
       <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
       <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
       <attribute name="numAcceptThreads">100</attribute>
       <attribute name="maxPoolSize">303</attribute>
       <attribute name="clientMaxPoolSize" isParam="true">304</attribute>
       <attribute name="socketTimeout" isParam="true">600000</attribute>
       <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
       <attribute name="serverBindPort">3843</attribute>
       <attribute name="clientConnectPort">7777</attribute>
       <attribute name="enableTcpNoDelay" isParam="true">true</attribute>
       </invoker>
       <handlers>
       <handler subsystem="invoker">jboss:service=invoker,type=unified</handler>
       </handlers>
       </config>
       </attribute>
       <depends>jboss.remoting:service=NetworkRegistry</depends>
       </mbean>
      <mbean code="org.jboss.remoting.security.SSLSocketBuilder"
       name="jboss.remoting:service=SocketBuilder,type=SSL"
       display-name="SSL Server Socket Factory Builder">
       <attribute name="UseSSLServerSocketFactory">true</attribute>
       <attribute name="KeyStoreURL">c:/java/jboss-4.2.2.GA/server/default/conf/example.keystore</attribute>
       <attribute name="KeyStorePassword">SomePassword</attribute>
       <attribute name="SecureSocketProtocol">TLS</attribute>
       <attribute name="KeyStoreType">JKS</attribute>
      </mbean>
      <mbean code="org.jboss.remoting.security.SSLServerSocketFactoryService"
       name="jboss.remoting:service=ServerSocketFactory,type=SSL"
       display-name="SSL Server Socket Factory">
       <depends optional-attribute-name="SSLSocketBuilder"
       proxy-type="attribute">jboss.remoting:service=SocketBuilder,type=SSL</depends>
      </mbean>
      </server>
      


      My EJB is very simple, it has one method called echo (taken from the Jboss test suites). However, instead of using annotations, I used the jboss.xml configuration route as shown below:
      <?xml version="1.0" encoding="UTF-8"?>
      <jboss>
      <enterprise-beans>
       <session>
       <ejb-name>CallFireStatelessBean</ejb-name>
       <remote-binding>
       <jndi-name>CallFireStatelessBeanSSL</jndi-name>
       <client-bind-url>sslsocket://0.0.0.0:3843</client-bind-url>
       </remote-binding>
       </session>
      </enterprise-beans>
      </jboss>
      




      My Client Code Looks like this:
       Properties props = System.getProperties();
       props.setProperty("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
       props.setProperty("java.naming.provider.url", "localhost:1099");
       Context ctx = new InitialContext();
       Object obj = ctx.lookup("java:/CallFireStatelessBeanSSL");
       CallFireBusinessInterface cf = (CallFireBusinessInterface) obj;
       cf.echo("This works!");
      



      To answer some possible questions:

      Yes, I can telnet into that port.
      Yes, the key store and passoword have been generated
      Yes, the JVM arguments have been modified to point to the keystore.
      Yes, the client gets a references to the EJB but fails when trying to call the echo method.
      Yes, all firewalls have been disabled.
      Yes, I am using the jbossall-client.jar from version 4.2.2 when running the client.
      The JRE version is 1.6.


      As stated earlier, any and all help will be greatly appreciated.
      Regards,
      TJ

      -------------------------------

        • 1. Re: EJB with SSL does not work with JBoss AS 4.2.2
          dbmac45

          I am having the same issue. Have you found a resolution?

          Regards,

          Dave M.

          • 2. Re: EJB with SSL does not work with JBoss AS 4.2.2
            jaikiran

            Dave,

            You haven't posted details about your setup nor the exception stacktrace. So its hard to guess what's wrong. How do you start JBoss? Which version of JBoss and Java? What exception do you see? And what are the configurations you have done?

            While posting the logs or xml content or code, remember to wrap it in a code block using the Code button in the message editor window and please hit the Preview button to make sure your post is correctly formatted

            • 3. Re: EJB with SSL does not work with JBoss AS 4.2.2

               

              "dbmac45" wrote:
              I am having the same issue. Have you found a resolution?

              Regards,

              Dave M.


              Dave,
              No, I haven't gotten any response to it. However, it seems they have agreed to issues, as my problem is referenced in this post: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=131073

              and is now a JIRA issue: http://jira.jboss.com/jira/browse/EJBTHREE-1198

              Now, the fact that the JIRA has shown no progress is an entirely different issue.

              Jaikiran,
              As you have asked for exception/stacktraces etc, perhaps you can have a look at my original post which is very elaborate and give your suggestions and comments.
              Regards,
              TJ

              • 4. Re: EJB with SSL does not work with JBoss AS 4.2.2
                jaikiran

                TJ,

                Personally, i haven't tried EJB with SSL on 4.2.2 (for that matter, on any versions of JBoss). So i don't have much experience on this. But based on the exception stacktrace (and based on another discussion that i saw in the forums) i guess, you could try changing the following two configurations:

                In your SSL-service.xml:

                <attribute name="serverBindAddress">${jboss.bind.address}</attribute>


                Change this to use the IP address of the server. Something like:

                <attribute name="serverBindAddress">10.10.10.10</attribute>


                In jboss.xml

                <client-bind-url>sslsocket://0.0.0.0:3843</client-bind-url>


                Change it to use the IP:

                <client-bind-url>sslsocket://10.10.10.10:3843</client-bind-url>


                And finally, if you are starting JBoss, using -b 0.0.0.0 then change it to use the IP address -b 10.10.10.10

                P.S: As i already mentioned, i don't have much experience on this. These suggestions are based on what i saw in some other posts. So they may or may not work.


                • 5. Re: EJB with SSL does not work with JBoss AS 4.2.2
                  dbmac45

                  jaikiran,

                  I am pretty much experiencing the same results that TJ is seeing and with an almost identical setup. I followed the steps in "Chapter 9 - Transports" in the JBoss EJB 3.0 Reference Documentation.

                  I am running JBoss AS 4.2.2, Java 1.5.0_11 and Windows XP.

                  I added the following code to the "jboss-service.xml" file in the "server/default/deploy/ejb3.deployer/META-INF" file as specified in the JBoss EJB 3.0 Reference doc.

                   <mbean code="org.jboss.remoting.transport.Connector"
                   name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
                   <depends>jboss.aop:service=AspectDeployer</depends>
                   <attribute name="InvokerLocator">sslsocket://${jboss.bind.address}:3843</attribute>
                   <attribute name="Configuration">
                   <handlers>
                   <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
                   </handlers>
                   </attribute>
                   </mbean>
                  


                  My EJB code looks like the following:

                  @RemoteBindings({
                   @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="TitanServicesSSL"),
                   @RemoteBinding(jndiBinding="TitanServices")
                   })
                  @Stateless
                  public class TravelAgentBean implements TravelAgentRemote {
                  ...
                  }
                  


                  My test client looks like the following:

                   public static void main(String[] args) {
                   try {
                   // Get initial context.
                   Context jndiContext = getInitialContext();
                  
                   // Get a reference to a travel agent session bean.
                   TravelAgentRemote travelAgentRemote = (TravelAgentRemote) jndiContext.lookup("TitanServicesSSL");
                  // TravelAgentRemote travelAgentRemote = (TravelAgentRemote) jndiContext.lookup("TitanServices");
                  
                   // Create a new cabin.
                   CabinDTO cabin1 = new CabinDTO(1, "Master Suite", 1, 1, 3);
                  
                   travelAgentRemote.createCabin(cabin1);
                  
                   // Retrieve the newly created cabin. If it was found then
                   // display it on the console and then delete it.
                   CabinDTO cabin2 = travelAgentRemote.findCabin(cabin1.getId());
                  
                   if (cabin2 != null) {
                   System.out.println(cabin2.toString());
                  
                   travelAgentRemote.deleteCabin(cabin1.getId());
                   }
                  
                   } catch (NamingException ne) {
                   ne.printStackTrace();
                   }
                  
                   }
                  
                   private static Context getInitialContext() throws NamingException {
                   return new InitialContext();
                   }
                  
                  


                  If I do a "lookup" on "TitanServices" then everything works fine. If I do a "lookup" on "TitanServicesSSL" then it fails (the lookup actually succeeds but the createCabin() method fails). I have created the appropriate keystore, self-signed certificate, etc., according to the JBoss EJB 3.0 Reference doc and have added the appropriate JVM args for the client and JBoss that point to the keystore, etc. JBoss starts successfully and without any errors.

                  The following is the server-side exception that is thrown when I attempt to run my program using the "TitanServicesSSL" lookup.

                  15:44:44,505 ERROR [ServerThread] Worker thread initialization failure
                  java.lang.reflect.InvocationTargetException
                   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                   at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
                   at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
                   at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
                   at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
                  Caused by: java.net.SocketException: Socket Closed
                   at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
                   at java.net.Socket.setSoTimeout(Socket.java:991)
                   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:1971)
                   at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
                   at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:168)
                   at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
                   at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
                   ... 7 more
                  
                  



                  The following is the client-side exception that is thrown:

                  Exception in thread "main" org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://127.0.0.1:3843/]
                   at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:532)
                   at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
                   at org.jboss.remoting.Client.invoke(Client.java:1634)
                   at org.jboss.remoting.Client.invoke(Client.java:548)
                   at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
                   at $Proxy0.createCabin(Unknown Source)
                   at com.titan.client.TitanClient.main(TitanClient.java:27)
                  Caused by: java.lang.reflect.InvocationTargetException
                   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                   at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
                   at org.jboss.remoting.transport.socket.SocketClientInvoker.createClientSocket(SocketClientInvoker.java:152)
                   at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.getConnection(MicroSocketClientInvoker.java:856)
                   at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:525)
                   at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
                   at org.jboss.remoting.Client.invoke(Client.java:1634)
                   at org.jboss.remoting.Client.invoke(Client.java:548)
                   at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
                   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                   at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
                   at $Proxy0.createCabin(Unknown Source)
                   at com.titan.client.TitanClient.main(TitanClient.java:27)
                   at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:74)
                   ... 10 more
                  Caused by: java.net.SocketException: Socket Closed
                   at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
                   at java.net.Socket.setSoTimeout(Socket.java:991)
                   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:1971)
                   at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
                   at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:168)
                   at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
                   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                   at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
                   at org.jboss.remoting.transport.socket.SocketClientInvoker.createClientSocket(SocketClientInvoker.java:152)
                   at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.getConnection(MicroSocketClientInvoker.java:856)
                   at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:525)
                   at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
                   at org.jboss.remoting.Client.invoke(Client.java:1634)
                   at org.jboss.remoting.Client.invoke(Client.java:548)
                   at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
                   ... 10 more
                  
                  


                  Like TJ, the following are true:

                  Yes, I can telnet into the SSL port (3843).
                  Yes, the key store and passoword have been generated.
                  Yes, the JVM arguments have been modified to point to the keystore.
                  Yes, the client gets a references to the EJB but fails when trying to call the createCabin() method.
                  Yes, all firewalls have been disabled.
                  Yes, I am using the jbossall-client.jar from version 4.2.2 when running the client.
                  The JRE version is 1.5.

                  Thanks in advance for any help,

                  Dave M.


                  • 6. Re: EJB with SSL does not work with JBoss AS 4.2.2

                    Jaikiran,
                    Thanks for your reply, however we need to have 0.0.0.0 set because our server has multiple addresses and needs to be accessible by all of them. So even if the fix worked, it would not really work for us.

                    Dave,
                    Thanks for posting, if it helps, your experience is exactly like mine, which in some way or form is heartening. Let's hope the Jboss dev group finds a resolution soon.

                    Cheers to both of you.
                    TJ

                    • 7. Re: EJB with SSL does not work with JBoss AS 4.2.2
                      javidjamae

                      I have the same problem that I have posted in another thread: http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4148046

                      Aparently, the JBoss unit tests work (which I haven't verified personally), but I can't seem to get it to work in my environment.

                      • 8. Re: EJB with SSL does not work with JBoss AS 4.2.2
                        machine_head

                        i have same problem:(

                        • 9. Re: EJB with SSL does not work with JBoss AS 4.2.2
                          jaikiran

                           

                          "jthinaka" wrote:
                          Jaikiran,
                          Thanks for your reply, however we need to have 0.0.0.0 set because our server has multiple addresses and needs to be accessible by all of them. So even if the fix worked, it would not really work for us.

                          Dave,
                          Thanks for posting, if it helps, your experience is exactly like mine, which in some way or form is heartening. Let's hope the Jboss dev group finds a resolution soon.

                          Cheers to both of you.
                          TJ


                          I was able to reproduce this on my local JBoss-4.2.2 setup and even able to get it working after knowing what was going wrong (atleast in my case).

                          Steps to reproduce this exception:

                          1) Start with this guide http://docs.jboss.org/ejb3/app-server/reference/build/reference/en/html/transport.html. I guess, everyone in this thread too has followed the same.

                          2) My SLSB looks like this:

                          package org.myapp.ejb.impl;
                          
                          import javax.annotation.Resource;
                          import javax.ejb.Remote;
                          import javax.ejb.Stateless;
                          import javax.persistence.EntityManager;
                          
                          import org.jboss.annotation.ejb.RemoteBinding;
                          import org.jboss.annotation.ejb.RemoteBindings;
                          import org.myapp.ejb.AppManager;
                          
                          @Stateless
                          @Remote ({AppManager.class})
                          @RemoteBindings({
                           @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="AppManagerBeanSSL"),
                           @RemoteBinding(jndiBinding="AppManagerBeanNormal")
                           })
                          public class AppManagerBean implements AppManager {
                          
                          
                           public String getVersion() {
                          
                           return "1.0";
                           }
                          
                          
                          }
                          


                          3) Modified the jboss-service.xml in %JBOSS_HOME%\server\< serverName>\deploy\ejb3.deployer\ejb3.deployer\META-INF folder to add (as mentioned in that doc):
                          <mbean code="org.jboss.remoting.transport.Connector"
                           name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
                           <depends>jboss.aop:service=AspectDeployer</depends>
                           <attribute name="InvokerLocator">sslsocket://${jboss.bind.address}:3843</attribute>
                           <attribute name="Configuration">
                           <handlers>
                           <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
                           </handlers>
                           </attribute>
                           </mbean>


                          4) Created the keystore and truststore files and started JBoss passing it the keystore filename and password:
                          run.bat -c jaikiran -b 0.0.0.0 -Djavax.net.ssl.keyStore=C:\jdk1.5.0_07\bin\localhost.keystore -Djavax.net.ssl.keyStorePassword=opensource


                          5) Wrote a simple standalone client to use the AppManagerBean:
                          package org.myapp.core;
                          
                          import javax.naming.Context;
                          import javax.naming.InitialContext;
                          
                          import org.myapp.ejb.AppManager;
                          
                          public class SSLBeanLookup {
                          
                           public static void main(String args[]) {
                           try {
                          
                          
                           Context ctx = new InitialContext();
                          
                           AppManager appManagerSSL = (AppManager) ctx.lookup("AppManagerBeanSSL");
                           System.out.println("AppManager : " + appManagerSSL);
                           System.out.println("AppManager version returned is : " + appManagerSSL.getVersion());
                          
                           } catch(Exception e) {
                           e.printStackTrace();
                           }
                           }
                          
                          }
                          


                          6) Ran this standalone client without passing any parameters:

                          java org.myapp.core.SSLBeanLookup


                          The client failed with the exact same exception as mentioned in this thread. The server side also showed the similar exception:
                          2008-05-05 20:19:44,569 ERROR [org.jboss.remoting.transport.socket.ServerThread] Worker thread initialization failure
                          java.lang.reflect.InvocationTargetException
                           at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                           at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                           at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                           at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
                           at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
                           at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
                           at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
                          Caused by: java.net.SocketException: Socket Closed
                           at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
                           at java.net.Socket.setSoTimeout(Socket.java:988)
                           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:1971)
                           at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
                           at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:171)
                           at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
                           at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
                           ... 7 more
                          


                          I then downloaded the JBossRemoting source code and a bit of debugging and modification to the code (to print out the exception) showed exactly what was going wrong. I changed the ClientSocketWrapper to catch and print out the exception:

                          try
                           {
                           out = createOutputStream(serializationType, socket, marshaller);
                           in = createInputStream(serializationType, socket, unmarshaller);
                           } catch (Exception e) {
                           //Jaikiran: Added this catch block for debugging
                           System.out.println("Exception caught " + e);
                           e.printStackTrace();
                           }
                           finally
                           {
                           setTimeout(savedTimeout);
                           log.debug("reset timeout: " + savedTimeout);
                           }


                          Turns out, the root cause of this exception is this:
                          2008-05-05 20:19:44,569 ERROR [org.jboss.remoting.transport.socket.ServerThread] Worker thread initialization failure
                          java.lang.reflect.InvocationTargetException
                           at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                           at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                           at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                           at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
                           at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
                           at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
                           at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
                          Caused by: java.net.SocketException: Socket Closed
                           at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:201)
                           at java.net.Socket.setSoTimeout(Socket.java:988)
                           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setSoTimeout(SSLSocketImpl.java:1971)
                           at org.jboss.remoting.transport.socket.SocketWrapper.setTimeout(SocketWrapper.java:85)
                           at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:171)
                           at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
                           at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
                           ... 7 more
                          
                          .................
                          .................
                          2008-05-05 20:20:34,711 INFO [STDOUT] Exception caught javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
                           2008-05-05 20:20:36,149 ERROR [STDERR] javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
                          2008-05-05 20:20:36,149 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
                          2008-05-05 20:20:36,149 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
                          2008-05-05 20:20:36,149 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.ObjectOutputStream$BlockDataOutputStream.flush(ObjectOutputStream.java:1628)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at java.io.ObjectOutputStream.flush(ObjectOutputStream.java:666)
                          2008-05-05 20:20:36,164 ERROR [STDERR] at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:90)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:72)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ClientSocketWrapper.createOutputStream(ClientSocketWrapper.java:207)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:163)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:66)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
                          2008-05-05 20:20:36,180 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:720)
                          2008-05-05 20:20:36,196 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:368)
                          2008-05-05 20:20:36,196 ERROR [STDERR] at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
                          


                          This exception provides enough clues.

                          How to fix this:

                          Pass the truststore file and truststore password -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword arguments when running the standalone client:
                          java org.myapp.core.SSLBeanLookup -Djavax.net.ssl.trustStore=C:\jdk1.5.0_07\bin\localhost.truststore -Djavax.net.ssl.trustStorePassword=opensource


                          That's it. With these arguments passed to the client, i got my expected output without any exceptions.

                          The whole confusion is because of the original exception stacktrace not being clear enough.



                          • 10. Re: EJB with SSL does not work with JBoss AS 4.2.2
                            dbmac45

                            Thanks jaikiran, I am now able to get my configuration to work as well.

                            It turns out that I was setting the keystore system property instead of the truststore when running the client. I was setting the truststore password system property correctly, I just messed up the truststore part.

                            "Chapter 9 - Transports" in the JBoss EJB 3.0 Reference Documentation is correct--I just missed it.

                            Thanks again,

                            Dave M.