make ejb3 client use ServerAuthMode=false on sslsocket to jb
deckrider Mar 27, 2009 10:38 AMMy client works fine, but I don't want it to require the trust store. I've read how one can use SSLSocketFactory to somehow configure the client to use SSLSocketBuilder.REMOTING_SERVER_AUTH_MODE=false, but I also don't want the client to know about port 3873, only port 1099.
How would I change my stand alone test client to make this work?
I have changed jboss-4.2.3.GA/server/default/deploy/ejb3.deployer/META-INF/jboss-service.xml as follows:
<mbean code="org.jboss.remoting.transport.Connector" name="jboss.remoting:type=Connector,name=DefaultEjb3Connector,handler=ejb3"> <depends>jboss.aop:service=AspectDeployer</depends> <attribute name="InvokerLocator">sslsocket://${jboss.bind.address}:3873</attribute> <attribute name="Configuration"> <handlers> <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler> </handlers> </attribute> </mbean>
And I have this stand alone test client:
import java.util.Hashtable; import javax.naming.InitialContext; import javax.naming.NamingException; public class TestClient { public static void main(String[] args) throws Exception { InitialContext ctx = null; Hashtable<String, String> props = new Hashtable<String, String>(); props.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory"); props.put("java.naming.provider.url", "jnp://localhost:1099"); props.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); try { ctx = new InitialContext(props); } catch (NamingException e) { e.printStackTrace(); } HelloWorld hello = null; try { hello = (HelloWorld) ctx.lookup("HelloWorldBean/remote"); } catch (NamingException e) { e.printStackTrace(); } System.setProperty("javax.net.ssl.trustStore", "/home/deckrider/jboss-4.2.3.GA-ssl/server/default/conf/localhost.keystore"); System.setProperty("javax.net.ssl.trustStorePassword", "opensource"); System.out.println(hello.getMessage()); } }
And just for reference, here's my EJBs:
import javax.ejb.Remote; import javax.ejb.Stateless; @Stateless @Remote(HelloWorld.class) public class HelloWorldBean implements HelloWorld { public String getMessage() { return "Hello EJB World"; } }
import javax.ejb.Remote; @Remote public interface HelloWorld { public String getMessage(); }
My client works fine, but I don't want it to require the trust store. I've read how one can use SSLSocketFactory to somehow configure the client to use SSLSocketBuilder.REMOTING_SERVER_AUTH_MODE=false, but I also don't want the client to know about port 3873, only port 1099.
How would I change my stand alone test client to make this work?