SSLServlet
marcreis Dec 6, 2006 11:54 AMHi,
I have a few Questions to using the sslservlet. We Are using JBossGA 4.0.4 with Remoting 1.4.1.
The communication over the servlet for http works fine.
For https contacting the webconsole on https over 8443 also works over the browser. But using my client over https to go for ejb3's fails.
I looked at the wiki and docs, but I dont get it togehter correctly...
So here what I did:
First of I generated the keys and put them to the server and to the client (seems to have worked)
.
For the Client I then:
configured the jndi.propteries as follows:
mct.java.naming.factory.initial=org.jboss.naming.HttpNamingContextFactory mct.java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces,java.protocol.handler.pkgs mct.java.naming.provider.url=https://myserver.de/invoker/restricted/JNDIFactorySSL
added the following jvm parameters
-Djavax.net.ssl.trustStore=C:\work\tmp\Certificates\myclient\client.truststore -Djavax.net.ssl.trustStorePassword=topsecret
Then I configured the tomcat server:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore--> <Connector port="8443" address="${jboss.bind.address}" maxThreads="100" strategy="ms" maxHttpHeaderSize="8192" emptySessionPath="true" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/ssl/server.keystore" keystorePass="topsecret" sslProtocol = "TLS"/>
... moved on to the http-invoker. There I added the the following mbean to the META-INF/jboss-service.xml
<!-- Expose the Naming service interface via HTTPS --> <mbean code="org.jboss.invocation.http.server.HttpProxyFactory" name="jboss:service=invoker,type=https,target=Naming"> <!-- The Naming service we are proxying --> <attribute name="InvokerName">jboss:service=Naming</attribute> <!-- Compose the invoker URL from the cluster node address --> <attribute name="InvokerURLPrefix">https://</attribute> <attribute name="InvokerURLSuffix">:8443/invoker/restricted/JMXInvokerServlet</attribute> <attribute name="UseHostName">true</attribute> <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute> <attribute name="JndiName"></attribute> <attribute name="ClientInterceptors"> <interceptors> <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor> <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> </interceptors> </attribute> </mbean>
and this to the WEB-INF/web.xml
<!--Https servlet for https Kommunikation--> <servlet> <servlet-name>JNDIFactorySSL</servlet-name> <description>A servlet that exposes the JBoss JNDI Naming service stub through http. The return content is a serialized MarshalledValue containing the org.jnp.interfaces.Naming stub. This configuration handles requests for the standard JNDI naming service. </description> <servlet- class>org.jboss.invocation.http.servlet.NamingFactoryServlet</servlet-class> <init-param> <param-name>namingProxyMBean</param- name> <param- value>jboss:service=invoker,type=https,target=Naming</param-value> </init-param> <init-param> <param-name>proxyAttribute</param- name> <param-value>Proxy</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <!--Mapping for SSL--> <servlet-mapping> <servlet-name>JNDIFactorySSL</servlet-name> <url-pattern>/restricted/JNDIFactorySSL/*</url- pattern> </servlet-mapping>
After that I added the following to the servlet-invoker.war/WEB-INF/web.xml
<servlet> <servlet-name>ServerInvokerServletSSL</servlet-name> <description>The ServerInvokerServlet receives requests via HTTPS protocol from within a web container and passes it onto the ServletServerInvoker for processing. </description> <servlet- class>org.jboss.remoting.transport.servlet.web.ServerInvokerServlet</servlet-class> <init-param> <param-name>locatorUrl</param-name> <param- value>sslservlet://${jboss.bind.address}:8443/servlet- invoker/ServerInvokerServlet</param-value> <description>The servlet server invoker url</description> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>ServerInvokerServlet</servlet-name> <url-pattern>/ServerInvokerServlet/*</url-pattern> </servlet-mapping> </web-app>
Then I moved on to the ejb3-deployer/META-INF/jboss-service.xml. Here I am not sure what I actualy need. I first tried it with this
<mbean code="org.jboss.remoting.transport.Connector" name="jboss.remoting:type=Connector, transport=SSLServlet" display-name="Servlet transport Connector"> <depends>jboss.aop:service=AspectDeployer</depends> <attribute name="InvokerLocator"> sslservlet://${jboss.bind.address}:8443/servlet-invoker/ServerInvokerServlet</attribute> <attribute name="Configuration"> <handlers> <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler> </handlers> </attribute> </mbean>
The above results in a
[org.jboss.system.ServiceController] Problem creating service jboss.remoting:type=Connector,nam e=DefaultEjb3ConnectorSSL,handler=ejb3 java.lang.RuntimeException: Couldn't find valid server invoker class for transport 'sslservlet' at org.jboss.remoting.InvokerRegistry.createServerInvoker(InvokerRegistry.java:434) at org.jboss.remoting.transport.Connector.init(Connector.java:388) at org.jboss.remoting.transport.Connector.create(Connector.java:745) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
(Altervatively I tried it with defining the SSLSocketBuilder, SSLServerSocketFactoryService mbeans and then a
the connector mbean)
I also passt the server the follwing jvm parameters:
-Ddefault.client.bindurl=sslservlet://myserver.de/servlet- invoker/ServerInvokerServlet -Djavax.net.ssl.keyStore=$JBOSS_HOME/server/conf/ssl/server.keystore -Djavax.net.ssl.keyStorePassword=olga4all
At the moments all my attempts lead me the above server error or to this on the client:
javax.naming.NamingException: Failed to retrieve Naming interface [Root exception is java.net.ConnectException: Connection refused: connect] at org.jboss.naming.HttpNamingContextFactory.getInitialContext(HttpNamingContextFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.<init>(InitialContext.java:197)
I appreciate any help!
Thanks!
Marc