3 Replies Latest reply on Oct 18, 2006 12:11 PM by alex_55

    Make SSL connection to JNDI

    alex_55
    alex_55 Oct 18, 2006 5:43 AM

      I have JBoss4.0.4GA and Im' trying to get an SSL connection to JNDI.
      Id' like to know, what I'm doing wrong?


      This is my configuration:

      System.setProperty("javax.net.ssl.trustStore", "c:/client.ts");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
 env.setProperty(Context.PROVIDER_URL, "https://localhost:8443/invoker/JNDIFactorySSL");
 env.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");



       <!-- Expose the Naming service interface via HTTPS -->
 <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
 name="jboss:service=invoker,type=https,target=Naming">
 <!-- The Naming service we are proxying -->
 <attribute name="InvokerName">jboss:service=Naming</attribute>
 <!-- Compose the invoker URL from the cluster node address -->
 <attribute name="InvokerURLPrefix">https://</attribute>
 <attribute name="InvokerURLSuffix">:8443/invoker/JMXInvokerServlet</attribute>
 <attribute name="UseHostName">true</attribute>
 <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
 <attribute name="JndiName"></attribute>
 <attribute name="ClientInterceptors">
 <interceptors>
 <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
 <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
 <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
 <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
 </interceptors>
 </attribute>
 </mbean>


      And stacktrace is : 
      Exception in thread "main" javax.naming.NamingException: Failed to retrieve Naming interface [Root exception is java.io.IOException: HTTPS hostname wrong: should be <localhost>]
 at org.jboss.naming.HttpNamingContextFactory.getInitialContext(HttpNamingContextFactory.java:84)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
 at javax.naming.InitialContext.init(InitialContext.java:223)
 at javax.naming.InitialContext.<init>(InitialContext.java:197)
 at jmx.jboss.JMXBrowser.makeConnection(JMXBrowser.java:60)
 at jmx.jboss.JMXBrowser.main(JMXBrowser.java:72)
Caused by: java.io.IOException: HTTPS hostname wrong: should be <localhost>
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
 at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1206)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1200)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:889)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
 at org.jboss.naming.HttpNamingContextFactory.getNamingServer(HttpNamingContextFactory.java:133)
 at org.jboss.naming.HttpNamingContextFactory.getInitialContext(HttpNamingContextFactory.java:80)
 ... 6 more
Caused by: java.io.IOException: HTTPS hostname wrong: should be <localhost>
 at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:917)
 at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:1874)
 at java.net.URLConnection.getHeaderFieldInt(URLConnection.java:573)
 at java.net.URLConnection.getContentLength(URLConnection.java:468)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContentLength(HttpsURLConnectionImpl.java:378)
 at org.jboss.naming.HttpNamingContextFactory.getNamingServer(HttpNamingContextFactory.java:128)
 ... 7 more


      • 1468 Views
      • Tags:
        • 1. Re: Make SSL connection to JNDI
          alex_55
          alex_55 Oct 18, 2006 6:24 AM (in response to alex_55)

           

          "alex_55" wrote:
          ...

          After remade certificates I'm able to connect, but now I see this error: 
          Exception in thread "main" javax.naming.NamingException: Failed to retrieve Naming interface [Root exception is java.io.IOException: Invalid reply content seen: class org.jboss.invocation.InvocationException]
 at org.jboss.naming.HttpNamingContextFactory.getInitialContext(HttpNamingContextFactory.java:84)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
 at javax.naming.InitialContext.init(InitialContext.java:223)
 at javax.naming.InitialContext.<init>(InitialContext.java:197)
 at jmx.jboss.JMXBrowser.makeConnection(JMXBrowser.java:63)
 at jmx.jboss.JMXBrowser.main(JMXBrowser.java:75)
Caused by: java.io.IOException: Invalid reply content seen: class org.jboss.invocation.InvocationException
 at org.jboss.naming.HttpNamingContextFactory.getNamingServer(HttpNamingContextFactory.java:153)
 at org.jboss.naming.HttpNamingContextFactory.getInitialContext(HttpNamingContextFactory.java:80)
 ... 6 more


          My conf is : 
          env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
env.setProperty(Context.PROVIDER_URL, "https://localhost:8443/invoker/JMXInvokerServlet");
env.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces"); or
env.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming");


            • Actions
          • 2. Re: Make SSL connection to JNDI
            alex_55
            alex_55 Oct 18, 2006 7:57 AM (in response to alex_55)

             

            "alex_55" wrote:

            ...


            Finally, fixed this problem via :

            env.setProperty(Context.PROVIDER_URL, "https://localhost:8443/invoker/JNDIFactory");

            Thanks./

              • Actions
            • 3. Re: Make SSL connection to JNDI
              alex_55
              alex_55 Oct 18, 2006 12:11 PM (in response to alex_55)

               

              "alex_55" wrote:

              ...
              Thanks./


              it is very likely that JBoss transfer data insecurily after all SSL handshake done on port HTTPS/8443, it redirect on port HTTP/8083.

              is this possible to turn this behaviour off and use SSL all the time ?

              Thank you.

                • Actions