1 2 Previous Next 17 Replies Latest reply on Sep 4, 2009 8:09 AM by eminil

Overriding clientBindUrl does not work! Why?

eminil Sep 3, 2009 3:23 AM

Okay.

We are using AS 5.1.0.GA and want to run our EJB3 over SSL. Following the tutorial at:
http://www.jboss.org/ejb3/docs/tutorial/ssl/ssl.html

We have a bean set up as:

@RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843")

This doesn't work good since we are going to run the app on several different machines. So we would like to override this clientBindUrl in the jboss.xml as described here:
https://jira.jboss.org/jira/browse/EJBTHREE-1650

However, using a jboss.xml looking like this:

<?xml version="1.0" encoding="UTF-8"?>
<jboss xmlns:xs="http://www.jboss.org/j2ee/schema"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
 http://www.jboss.org/j2ee/schema/jboss_5_1.xsd"
 version="5.1">

 <enterprise-beans>
 <session>
 <ejb-name>SystemEJB</ejb-name>
 <remote-binding>
 <jndi-name>SystemEJB</jndi-name>
 <client-bind-url>sslsocket://0.0.0.0:3843</client-bind-url>
 </remote-binding>
 </session>
 </enterprise-beans>

</jboss>

Just gives an error when starting up Jboss:

Caused by: org.jboss.xb.binding.JBossXBException: Failed to parse source: remote-binding cannot appear in this position. Expected content of session is unordered_sequence: port-component? call-by-value? configuration-name? security-proxy? clustered? home-jndi-name? method-attributes? cluster-config? security-identity? local-jndi-name? ejb-name? local-home-jndi-name? timer-persistence? security-domain? ior-security-config? exception-on-rollback? jndi-name? ejb-timeout-identity? depends* invoker-bindings? {all descriptionGroup}? {unordered_sequence jndiEnvironmentRefsGroup}?

What is the problem?

1. Re: Overriding clientBindUrl does not work! Why?

wolfgangknauf Sep 3, 2009 6:19 AM (in response to eminil)
Hi,

I think that the XML declaration contains an invalid "xmlns:xs" attribute. It should be:

<jboss xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_5_1.xsd" version="5.1"> ... </jboss>

Maybe this confuses JBoss on parsing the file.

Hope this helps

Wolfgang
Actions

2. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 3, 2009 6:56 AM (in response to eminil)

I tried using your suggestion and now the jboss.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<jboss xmlns="http://www.jboss.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_5_1.xsd"
 version="5.1">

 <enterprise-beans>
 <session>
 <ejb-name>SystemEJB</ejb-name>

 <remote-binding>
 <jndi-name>SystemEJB</jndi-name>
 <client-bind-url>${ejb.ssl.url}</client-bind-url>
 </remote-binding>

 </session>
 </enterprise-beans>
</jboss>

Now i get the following error when trying to start jboss:

Caused by: java.lang.Exception: The xml myapp-jboss.ear/META-INF/jboss.xml is not well formed!

Any idea?

3. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 3, 2009 7:08 AM (in response to eminil)

Ahh you had forgot a " in one of the lines after ..../ns/javaee" <---- which i copy pasted :P

I fixed it and now jboss.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<jboss xmlns="http://www.jboss.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee"
 http://www.jboss.org/j2ee/schema/jboss_5_1.xsd"
 version="5.1">
 <enterprise-beans>
 <session>
 <ejb-name>SystemEJB</ejb-name>
 <remote-binding>
 <jndi-name>SystemEJB</jndi-name>
 <client-bind-url>sslsocket://0.0.0.0:3843</client-bind-url>
 </remote-binding>
 </session>
 </enterprise-beans>
</jboss>

Now i get the following bug instead:

Caused by: org.jboss.xb.binding.JBossXBException: Failed to parse source: Element or attribute do not match QName production: QName::=(NCName':')?NCName. @ vfszip:/D:/JBoss/jboss-5.1.0.GA/server/default/deploy/myapp-jboss.ear/META-INF/jboss.xml[5,11]

4. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 3, 2009 8:05 AM (in response to eminil)
Hmm actually it should probably look like you said:
<jboss xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_5_1.xsd" version="5.1">

But i still get that "not well formed" bug...

What can this be?
Actions
5. Re: Overriding clientBindUrl does not work! Why?

jaikiran Sep 3, 2009 8:50 AM (in response to eminil)
Try this one and see if it works:
<jboss xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_5_0.xsd" version="3.0">

Let us know how it goes. Strange that you are running into issues with the 5_1 xsd.
Actions
6. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 3, 2009 9:12 AM (in response to eminil)

That one worked. Using 5_0 and version 3.0.

Now i can atleast deploy the jboss.xml file. But it didn't seem to have any affect on the clientBindUrl unfortunately.
Actions
7. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 4, 2009 4:30 AM (in response to eminil)

How can i see if the jboss.xml file really overrides the clientBindUrl defined in the java file of the bean?

It doesn't seem to do this for us. I get exactly the same bug with the jboss.xml file as without it...
Actions

8. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 4, 2009 4:54 AM (in response to eminil)

Posting the complete setup here again:

Suppose our IP on the server is 10.10.10.10
We're using JBoss 5.1.0.GA

Our EJB is defined as:

@RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="SystemEJB")
public class SystemEJB implements SystemEJBRemote {

The jboss.xml file which is placed into our myapp.ear file under META-INF/jboss.xml together with
the application.xml and jboss-app.xml. It looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<jboss xmlns="http://www.jboss.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_5_0.xsd"
 version="3.0">
 <enterprise-beans>
 <session>
 <ejb-name>SystemEJB</ejb-name>
 <remote-binding>
 <jndi-name>SystemEJB</jndi-name>
 <client-bind-url>sslsocket://10.10.10.10</client-bind-url>
 </remote-binding>
 </session>
 </enterprise-beans>
</jboss>

We have a ssl-service.xml file which we during deploy copies to the /deploy dir of the jboss server and
it looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<server>

 <!-- ==================================================================== -->
 <!-- For SSL with EJB3 -->
 <!-- ==================================================================== -->

 <!-- The server socket factory mbean to be used as attribute to socket invoker -->
 <!-- which uses the JaasSecurityDomain -->
 <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
 name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced"
 display-name="SecurityDomain Server Socket Factory">
 <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
 <depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends>
 <depends>JBossSecurityJNDIContextEstablishment</depends>
 </mbean>

 <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
 name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced">
 <!-- This must correlate with the java:/jaas/SSL above -->
 <constructor>
 <arg type="java.lang.String" value="SSLAdvanced"/>
 </constructor>
 <!-- The location of the keystore
 resource: loads from the classloaders conf/ is the first classloader -->
 <attribute name="KeyStoreURL">ourapp.keystore</attribute>
 <attribute name="KeyStorePass">ourpassword</attribute>
 </mbean>

 <!-- The Connector is the core component of the remoting server service. -->
 <!-- It binds the remoting invoker (transport protocol, callback configuration, -->
 <!-- data marshalling, etc.) with the invocation handlers. -->
 <mbean code="org.jboss.remoting.transport.Connector"

 name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
 display-name="Socket transport Connector">

 <attribute name="Configuration">
 <config>
 <invoker transport="sslsocket">
 <attribute name="dataType" isParam="true">invocation</attribute>
 <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
 <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
 <!-- The following is for setting the server socket factory. If want ssl support -->
 <!-- use a server socket factory that supports ssl. The only requirement is that -->
 <!-- the server socket factory value must be an ObjectName, meaning the -->
 <!-- server socket factory implementation must be a MBean and also -->
 <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
 <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute>
 <!-- <attribute name="serverBindAddress">${jboss.bind.address}</attribute> -->
 <attribute name="serverBindAddress">10.10.10.10</attribute>
 <attribute name="serverBindPort">3843</attribute>
 </invoker>
 <handlers>
 <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
 </handlers>
 </config>
 </attribute>
 <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends>

 </mbean>

</server>

When starting up jboss we provide the following arguments to the run.bat:

-Djboss.bind.address=10.10.10.10 -Djava.rmi.server.hostname=10.10.10.10

When trying to run the client we get the following error:

javax.naming.NamingException: Could not dereference object [Root exception is org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://0.0.0.0:3843/]]

So it seems the clientBindUrl in the bean is not overriden by our jboss.xml file... anyone have any idea how we should approach this now? It is frutstrating that there is no functional documentation or working examples to actually get SSL working in server and a REMOTELY connecting client...

9. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 4, 2009 5:16 AM (in response to eminil)
I can also find this in the logs btw:
WARN [org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB] (main) Ingore ejb deployment with null classname: org.jboss.metadata.ejb.jboss.JBoss50SessionBeanMetaData@babed78e{SystemEJB}
Actions
10. Re: Overriding clientBindUrl does not work! Why?

wolfgangknauf Sep 4, 2009 6:08 AM (in response to eminil)

Hi,

I think "jboss.xml" is placed in the wrong location:
The jboss.xml file which is placed into our myapp.ear file under META-INF/jboss.xml together with the application.xml and jboss-app.xml.

It should be located in your EJB-JAR in "META-INF". I don't know whether JBoss finds it at other locations, too...

Hope this helps

Wolfgang
Actions
11. Re: Overriding clientBindUrl does not work! Why?

jaikiran Sep 4, 2009 6:37 AM (in response to eminil)

Wolfgang, spotted it right. The jboss.xml should not be in .ear/META-INF. Instead it should be in the ejb jar's META-INF folder. If the jboss.xml is picked up and processed when it's placed in the META-INF of the ear then it's probably a bug with the way the new deployers in AS-5 look for metadata files.
Actions

12. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 4, 2009 6:51 AM (in response to eminil)

Okay, i put it into the jar containing the bean classes instead.

Now i get the following exception:

Caused by: java.lang.IllegalStateException: Multiple security domains not supported
 at org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)

Might this have something to do with the bean also being configured to use JBossWS as:

@Stateless
@WebService(endpointInterface = "com.our.company.SystemEJBRemote")
@Remote(SystemEJBRemote.class)
@SecurityDomain("JBossWS")
@RolesAllowed("friend")
@WebContext
(
 contextRoot="/myapp-jboss-app-server",
 urlPattern="/*",
 authMethod="BASIC",
 transportGuarantee="CONFIDENTIAL",
 secureWSDLAccess=false
)
@RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="SystemEJB")

And have any idea how i should fix this?

13. Re: Overriding clientBindUrl does not work! Why?

eminil Sep 4, 2009 6:58 AM (in response to eminil)

Hmm yes, removing the webcontext and securitydomain + rolesallowed annotations makes the bean work as it should through rmi. Now i just need to be able to reach it through JBossWS as well...
Actions
14. Re: Overriding clientBindUrl does not work! Why?

jaikiran Sep 4, 2009 7:09 AM (in response to eminil)

"jaikiran" wrote:
Strange that you are running into issues with the 5_1 xsd.

I now remember why jboss_5_1 xsd does not work. See this http://www.jboss.org/index.html?module=bb&op=viewtopic&t=157386
Actions

1 2 Previous Next

Go to original post