1 Reply Latest reply on May 11, 2011 4:42 AM by thescientist

    RMI with SSL

    thescientist Newbie

      Hello

      it's me again with the next challenge to migrate from as 4.2.3 to 6.0.0.

      In Jboss AS 4.2.3 we had a container configuration on top of the "stateless-rmi-invoker" invoker-prxoy-binding, where we configured a SSL connection via

      <container-invoker-conf>
         <Optimized>True</Optimized>
         <RMIObjectPort>port</RMIObjectPort>
         <RMIClientSocketFactory>...SSLClientSocketFactory</RMIClientSocketFactory>
         <RMIServerSocketFactory>...SSLServerSocketFactory</RMIServerSocketFactory>
      </container-invoker-conf>
      

      and the corresponding mbean in jboss-service.xml

       

      <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
            name="jboss:service=invoker,type=jrmp">
            <attribute name="RMIObjectPort">40004</attribute>
            <attribute name="ServerAddress">${jboss.bind.address}</attribute>
            <depends>jboss:service=TransactionManager</depends>
      </mbean>
      

      Now i know that there is just the unified invoker left and also read the security guide,

       

      Is it the only possibility to change the whole transport configuration of the unified invoker to sslrmi?

       

      If so, am i on the right path with defining my own deploy/ssl-service.xml file and this content:

       

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE server>
      
      <mbean code="org.jboss.remoting.transport.Connector"
             name="jboss.remoting:service=Connector,transport=RMI"
             display-name="SSL RMI Transport Connector">
      
         <attribute name="Configuration">
            <config>
               <invoker transport="sslrmi">
                  <attribute name="serverSocketFactory">
                    SSLServerSocketFactory,type=SSL
                  </attribute>
                  <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
                  <attribute name="serverBindPort">4444</attribute>
               </invoker>
               <handlers>
                  <handler subsystem="mock">
                     org.jboss.test.remoting.transport.mock.MockServerInvocationHandler
                  </handler>
               </handlers>
            </config>
         </attribute>
         <!-- This depends is included because need to make sure
              this mbean is running before configure invoker. -->
         <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends>
      </mbean>
      

       

      thanks for any tips

        • 1. RMI with SSL
          thescientist Newbie

          Cause I don't get familiar with the new remoting stuff which i meant above, i just try the normal way using keystores to secure all transport instead of specific beans as we had before.

          If anyone has a better solution feel free to comment.