3 Replies Latest reply on Sep 2, 2009 6:30 PM by dmac

    IIOP over SSL

    dmac Aug 5, 2009 12:17 AM

      I'm having trouble configuring IIOP over SSL on JBoss 5.1.0. My environment is Windows XP using jdk1.6.0_13.

      I have it working on 4.2.3 performing the following steps:

      1. server/all/conf/jacorb.properties
      set jacorb.security.support_ssl=on
      2. server/all/deploy/iiop-service.xml
      uncomment the org.jboss.security.plugins.JaasSecurityDomain mbean and fill
      in relevant KeyStoreURL and KeyStorePass and then uncomment the SecurityDomain
      attribute and depends on jboss.security:service=JaasSecurityDomain,domain=IIOP+SSL


      It then starts up successfully: 
      13:22:11,819 INFO [SSLServerSocketFactory] Will create SSL sockets that support client authentication
13:22:11,819 INFO [SSLServerSocketFactory] Created


      However on JBoss 5.0.0 and 5.1.0 using the exact same steps i get: 

      13:31:56,207 WARN [CorbaORBService] Security domain java:/jaas/IIOP+SSL not found
13:31:56,442 INFO [SSLServerSocketFactory] Creating
13:31:56,442 WARN [SSLServerSocketFactory] Could not create DomainServerSocketFactory: java.io.IOException: The securityDomain may not be null
13:31:56,442 ERROR [AbstractKernelController] Error installing to Start: name=jboss:service=CorbaORB state=Create mode=Manual requiredState=Installed
org.omg.CORBA.INITIALIZE: there was an invocation failure with the socket factory org.jboss.iiop.jacorb.SSLServerSocketFactory: java.io.IOException: The securityDomain may not be
null vmcid: 0x0 minor code: 0 completed: No
 at org.jacorb.orb.factory.SocketFactoryManager.newFactory(Unknown Source)


      • 2222 Views
      • Tags:
        • 1. Re: IIOP over SSL
          dmac Aug 5, 2009 7:37 PM (in response to dmac)

          I also get the same error using jdk1.5.0_18

          I note that if i leave jacorb.security.support_ssl set to off, that java:/jaas/IIOP+SSL is visible in the JNDIView, so it does get deployed .. but probably after CORBA has been looking for it, hence the error.

          Has the configuration changed somewhere between jboss 4.2.3 and 5.1.0 ? If so, could someone please point me in the right direction.

          Thanks

            • Actions
          • 2. Re: IIOP over SSL
            sguilhen
            sguilhen Sep 2, 2009 4:32 PM (in response to dmac)

            Thanks for raising this. The issue is that CorbaORBService needs an extra dependency on AS5 when IIOP/SSL is configured. In other words, the section of the iiop-service.xml that configures IIOP/SSL should look as follows:

             <!-- uncomment to use IIOP over SSL -->
 <attribute name="SecurityDomain">java:/jaas/IIOP+SSL</attribute>
 <depends>JBossSecurityJNDIContextEstablishment</depends
 <depends>jboss.security:service=JaasSecurityDomain,domain=IIOP+SSL</depends>


            Notice the dependency on JBossSecurityJNDIContextEstablishment. This is the missing dep that will make CorbaORBService wait until the security domain is available in JNDI before creating the SSLSocket factories.

            I've applied the change to iiop-service.xml on Branch_5_x and Trunk, so it will be available in the next AS release.

              • Actions
            • 3. Re: IIOP over SSL
              dmac Sep 2, 2009 6:30 PM (in response to dmac)

              Excellent, thanks Stefan

              This was driving me crazy :)

                • Actions