1 Reply Latest reply on Apr 22, 2005 5:16 AM by yoge_babu

Access JNDI over HTTPS

yoge_babu Apr 16, 2005 6:50 AM

I tried to connect to JBoss MBeanServer through http-invoker.sar

I followed the steps given in http://docs.jboss.org/jbossas/admindevel326/html/ch3.chapter.html#d0e7813

Below code gets JNDI reference
String host = "yogendrav";
int port = 8443;
Properties jndiprops = new Properties();
String servletUrl="/invoker/JNDIFactory";
String providerurl="https://"+host+":"+port+servletUrl;
jndiprops.put("java.naming.provider.url",providerurl);
jndiprops.put("java.naming.factory.initial","org.jboss.naming.HttpNamingContextFactory");
InitialContext ic = new InitialContext(jndiprops);
Object o =ic.lookup("jmx/rmi/RMIAdaptor"); But the code works only if add the keystore file in the system property

If I dont add the below line I get certification handshake exception.
System.setProperty("javax.net.ssl.trustStore", "E:\\jboss\\jboss-3.2.6\\jboss-3.2.6\\server\\default\\conf\\chap8.keystore");

I want to avoid adding the keystore file in the code.

I tried below code snippet to override default TrustManager with mine which dont bother about trusting the server certificates.

TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
}
};
try {
SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(null, trustAllCerts, null);//new java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.printStackTrace();
}

Unfortunately this workaround doesnot work!!!!!!!!

My question is how to override default trust manager so that I dont have to bother about adding keystore file in the program.

Regards
--Yoge

1. Re: Access JNDI over HTTPS

yoge_babu Apr 22, 2005 5:16 AM (in response to yoge_babu)

I found the solution.

Added below two lines of code in my client program
System.setProperty("org.jboss.security.httpInvoker.sslSocketFactoryBuilder","AMSSLSocketFactoryBuilder");
System.setProperty("org.jboss.security.ignoreHttpsHost","true");

AMSSLSocketFactoryBuilder is a class and code is given below

import javax.net.ssl.SSLSocketFactory;

import org.jboss.net.ssl.SSLSocketFactoryBuilder;

import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;

/**
* @author Yogendrababu
*
* TODO
*
*/
public class AMSSLSocketFactoryBuilder implements SSLSocketFactoryBuilder
{
public AMSSLSocketFactoryBuilder()
{
System.out.println("Should work now");
}
public SSLSocketFactory getSocketFactory() throws Exception
{
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
System.out.println("Yoge");
return true;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
System.out.println("7777");
return true;
}
}
};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());//new java.security.SecureRandom());
// con.setSSLSocketFactory(sc.getSocketFactory());
return sc.getSocketFactory();

} catch (Exception e) {
e.printStackTrace();
}
return null;

}
}
Actions