Unable to use WSRP over SSL for self producer
dkc Mar 11, 2008 5:22 PMHello:
I'm trying to use SSL, in particular WSRP over SSL. I want JBoss to be a portlet provider and BEA AquaLogic to be the consumer of a portlet. I'm trying to demonstrate that SSL from AquaLogic through to JBoss will work. I've done nothing so far with AquaLogic, my question regards JBoss only. Without SSL, AquaLogic consumes the JBoss portlet without problems (on non-default port 9080), but SSL is what I'm after now.
JBoss Portal Version: 2.6.2.GA, downloaded
JBoss AS Version: 4.2.1
OS Platform: RedHat Enterprise Linux 4, Update 5
Describe the problem:
SSL access into JBoss appears to work. I can get there by going to http://localhost:8443/portal. However, the self producer is always inactive, and validation on that producer fails. Furthermore, http://localhost:8443/jbossws/services reveals: "There are currently no endpoints deployed". I've read the documentation on using WSRP over SSL and followed the configuration steps:
- I Used keytool to generate a server certificate: cn=localhost, o=bits, ou=bits, l=Dulles, st=VA, c=US
- I copied the keystore to server/default/conf
- I updated bin/run.conf with
-Djavax.net.ssl.trustStore="<fully/qualified/path/to/keystore>" and -Djavax.net.ssl.trustStorePassword="<password>"
- I configured an SSL/TLS connector in the tomcat server/default/deploy/jboss-web.deployer/server.xml, as follows:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<fully/qualified/path/to/keystore>" keystorePass="<password>" />
- The server certificate has been imported into my browser (FF 2.0.0.12) as an authority.
- I've updated server/default/deploy/jboss-portal.sar/portal-wsrp.sar/WEB-INF/wsdl/ to use
http://localhost:8443as the prefix for all 4 endpoints.
- I've updated server/default/deploy/jboss-portal.sar/portal-wsrp.sar/default-wsrp to use
http://localhost:8443as prefix for all 4 endpoints.
- I added a JaasSecurityDomain mbean to server/default/conf/jboss-service.xml:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL"> <constructor><arg type="java.lang.String" value="RMI+SSL"/></constructor> <attribute name="KeyStoreURL">fully/qualified/path/to/keystore</attribute> <attribute name="KeyStorePass">password</attribute> </mbean>
- I added another JRMPInvoker to jboss-service.xml:
<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp,socketType=SSL"> <attribute name="RMIObjectPort">14445</attribute> <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute> <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute> <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute> <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends> </mbean>
- I added an <invoker-proxy-binding> to server/default/conf/standardjboss.xml
<invoker-proxy-binding> <name>stateless-ssl-invoker</name> <invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-name> <proxy-factory>org.jboss.proxy.ejbProxyFactory</proxy-factory> <proxy-factory-config> <client-interceptors> <home> <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor> <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor> </home> <bean> <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor> <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor> </bean> </client-interceptors> </proxy-factory-config> </invoker-proxy-binding>
- I added 2 lines to server/default/deploy/jbossws.sar/jbossws.beans/META-INF/jboss-beans.xml:
<property name="webServiceSecurePort">8443</property> <property name="webServicePort">9080</property>
within the ServiceEndpointManager" bean
- The WSDLPortFixFilter is in place in server/default/deploy/jboss-portal.sar/portal-wsrp.sar/WEB-INF/web.xml:
<filter> <filter-name>WSDLPortFixFilter</filter-name> <filter-class>org.jboss.portal.wsrp.servlet.WSDLPortFixFilter</filter-class> </filter> <filter-mapping> <filter-name>WSDLPortFixFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
I've restarted JBoss many times - no success - am I missing something?
Thanks in advance for your help,
Dan