2 Replies Latest reply on Dec 16, 2013 2:18 AM by jesper.s.karlsen

    Creating SSL enabled InitialContext with Spring JndiTemplate

    lifeonatrip
    lifeonatrip Dec 13, 2013 12:21 AM

      Hi Everyone,

       

      We are trying to create SSL enabled InitialContext with Spring JndiTemplate. The below is our configuration. Our configuration is working via remote interface without SSL enabled. We are using JBoss 7.2 and our remote EJB's are working over ssl, so the assumption is that it is a client configuration issue. Please see error below also.

       

      ERROR [org.jboss.remoting.remote.connection] (Remoting "config-based-naming-client-endpoint" read-1) JBREM000200: Remote connection failed: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL

       

      Client conf.

      <bean id="remoteJndiTemplate" class="org.springframework.jndi.JndiTemplate">
  <property name="environment">
  <props>
  <prop key="remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED">true</prop>
  <prop key="java.naming.factory.initial">org.jboss.naming.remote.client.InitialContextFactory
  </prop>
  <prop key="java.naming.provider.url">remote://my-ip:4447</prop>
  </props>
  </property>
  </bean>


  <bean id="remoteJmsConnectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
  <property name="jndiName">
  <value>java:/jms/RemoteConnectionFactory</value>
  </property>
  <property name="jndiTemplate">
  <ref bean="remoteJndiTemplate" />
  </property>
  </bean>


  <bean id="remoteAuthenticatedConnectionFactory"
  class="org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter">
  <property name="targetConnectionFactory" ref="remoteJmsConnectionFactory" />
  <property name="username" value="messaging_client" />
  <property name="password" value="password" />
  </bean>


  <bean id="remoteCachedConnectionFactory"
  class="org.springframework.jms.connection.CachingConnectionFactory">
  <constructor-arg ref="remoteAuthenticatedConnectionFactory" />
  </bean>

       

      server conf.

                <security-realm name="ApplicationRealm">
                <authentication>
                    <jaas name="myjaas"/>
                </authentication>
                <server-identities>
                    <ssl>
                        <keystore path="mykeystore.ks" password="changeit" relative-to="jboss.server.config.dir"/>
                    </ssl>
                </server-identities>
            </security-realm>

       

        <subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
        </subsystem>

       

      Thanks in advance.

        • 1. Re: Creating SSL enabled InitialContext with Spring JndiTemplate
          ybxiang.china
          ybxiang.china Dec 15, 2013 11:38 PM (in response to lifeonatrip)

          Our configuration is working via remote interface without SSL enabled. We are using JBoss 7.2 and our remote EJB's are working over ssl,

          ~~~~~~~~~ I have replied you in Can HornetQ use JAAS role?.

                            JMS Over SSL doesn't work well in JBoss 7.2.0, I had asked jboss guys here: Why are there so many critical bugs in every jboss as 7.x.x???

                            (It seems that JBoss EAP 6.1 have fixed this problem, but I dare not to use it because of license consideration.)

            • Actions
          • 2. Re: Creating SSL enabled InitialContext with Spring JndiTemplate
            jesper.s.karlsen
            jesper.s.karlsen Dec 16, 2013 2:18 AM (in response to lifeonatrip)

            We created a workaround creating the Initial Context in a in a factory like method.

             

            import java.util.Properties;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.jms.ConnectionFactory;

public class JbossJmsConnectionFactoryHelper {
  public static ConnectionFactory createJmsConnectionFactory() {

  try {
  Properties environment = new Properties(); 
  environment.setProperty(Context.PROVIDER_URL, "remote://xx.xx.xx.xx:4597,remote://xx.xx.xx.xx:4597"); 
    environment.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory"); 
    environment.put(Context.SECURITY_PRINCIPAL, "user"); 
    environment.put(Context.SECURITY_CREDENTIALS, "pass"); 
    environment.put("jboss.naming.client.remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED","true"); 
    environment.put("jboss.naming.client.connect.options.org.xnio.Options.SSL_STARTTLS","true"); 
    InitialContext context = new InitialContext(environment);
    System.out.println(context);
   
    ConnectionFactory connFactory = (ConnectionFactory) context.lookup("java:/jms/RemoteConnectionFactory"); 
    System.out.println("Got connection factory"); 
   
  return connFactory;

  } catch (Exception ex) {
  throw new IllegalStateException("Failed to create connection factory", ex);
  }
  }
}

             

            And then used this inside spring.

             

            <bean id="remoteJmsConnectionFactory" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod" value="mypackage.JbossJmsConnectionFactoryHelper.createJmsConnectionFactory"/>
</bean>


  <bean id="remoteAuthenticatedConnectionFactory"
  class="org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter">
  <property name="targetConnectionFactory" ref="remoteJmsConnectionFactory" />
  <property name="username" value="user" />
  <property name="password" value="pass" />
  </bean>

  <!-- Caching ConnectionFactory Definition -->
  <bean id="remoteCachedConnectionFactory"
  class="org.springframework.jms.connection.CachingConnectionFactory">
  <constructor-arg ref="remoteAuthenticatedConnectionFactory" />
  </bean>
              • Actions