Securing EJB
sl15062 Jun 6, 2011 3:00 PMHi,
I am new to using JBOSS. I want to secure a simple ejb that I wrote with SSL communication. The client is performing a JNDI lookup with JNDI name and it just hanged there forever. The server produced this error in server's log after few minutes. What did I do wrong/?Thanks
50028)] Started in 16s:342ms
13:16:37,405 ERROR [ServerThread] WorkerThread#0[127.0.0.1:54732] exception occurred during first invocation
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:960)
at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:515)
at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)
Caused by: java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:146)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:312)
at sun.security.ssl.InputRecord.read(InputRecord.java:350)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.ObjectOutputStream$BlockDataOutputStream.flush(ObjectOutputStream.java:1803)
at java.io.ObjectOutputStream.flush(ObjectOutputStream.java:715)
at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:90)
at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:72)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.createOutputStream(ClientSocketWrapper.java:223)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:181)
at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:67)
at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)
... 7 more
13:32:11,309 INFO [SessionSpecContainer] Stopping jboss.j2ee:jar=foo.jar,name=FooBean,service=EJB3
13:32:11,319 INFO [EJBContainer] STOPPED EJB: foo.FooBean ejbName: FooBean
I have added the following to ejb3-connectors-jboss-beans.xml
<bean name="EJB3SSLRemotingConnector" class="org.jboss.remoting.transport.Connector">
<property name="invokerLocator">sslsocket://${jboss.bind.address}:3843</property>
<property name="serverConfiguration">
<inject bean="ServerConfiguration" />
</property>
<property name="serverSocketFactory">
<inject bean="sslServerSocketFactory" />
</property>
</bean>
<bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory">
<constructor>
<parameter><inject bean="EJB3SSLDomain"/></parameter>
</constructor>
<!--
<property name="cipherSuites">SSL_RSA_WITH_RC4_128_MD5</property>
-->
</bean>
Here is my ejb impl
-------- FooRemote.java
package foo;
import javax.ejb.*;
@Remote
public interface FooRemote {
public String echo(String s);
}
---------- FooBean.java
package foo;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.ejb3.annotation.*;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.*;
import javax.ejb.*;
@RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="StatelessSSL")
@Remote(FooRemote.class)
@Stateless
public class FooBean implements FooRemote {
public String echo(String s) {
return s ;
}
}
--------------------- Client.java
package foo;
import javax.ejb.*;
import javax.naming.*;
import java.util.Properties;
public class Client {
public static void main(String[] args) throws Exception {
final String jndiName = "StatelessSSL/remote";
Properties props = new Properties();
/*
props.setProperty(Context.SECURITY_PRINCIPAL, "sl15062");
props.setProperty(Context.SECURITY_CREDENTIALS, "e8ight9lso");
props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
InitialContext ic = new InitialContext(props);
*/
InitialContext ic = new InitialContext();
System.out.println("************ about to look up jndi name " + jndiName);
Object obj = ic.lookup(jndiName);
System.out.println("lookup returned " + obj);
FooRemote foo = (FooRemote) obj;
String s = foo.echo("Hello Foo on JBoss!");
System.out.println(foo + " echo returned " + s);
}
}