0 Replies Latest reply on Jun 6, 2011 3:00 PM by soo-on lee

    Securing EJB

    soo-on lee Newbie

      Hi,

       

      I am new to using JBOSS. I want to secure a simple ejb that I wrote with SSL communication. The client is performing a JNDI lookup with JNDI name and it just hanged there forever. The server produced this error in server's log after few minutes.  What did I do wrong/?Thanks

       

      50028)] Started in 16s:342ms

      13:16:37,405 ERROR [ServerThread] WorkerThread#0[127.0.0.1:54732] exception occurred during first invocation

      java.lang.reflect.InvocationTargetException

              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)

              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

              at java.lang.reflect.Constructor.newInstance(Constructor.java:532)

              at org.jboss.remoting.transport.socket.ServerThread.createServerSocketWrapper(ServerThread.java:960)

              at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:515)

              at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)

      Caused by: java.net.SocketTimeoutException: Read timed out

              at java.net.SocketInputStream.socketRead0(Native Method)

              at java.net.SocketInputStream.read(SocketInputStream.java:146)

              at sun.security.ssl.InputRecord.readFully(InputRecord.java:312)

              at sun.security.ssl.InputRecord.read(InputRecord.java:350)

              at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)

              at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)

              at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)

              at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)

              at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)

              at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

              at java.io.ObjectOutputStream$BlockDataOutputStream.flush(ObjectOutputStream.java:1803)

              at java.io.ObjectOutputStream.flush(ObjectOutputStream.java:715)

              at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:90)

              at org.jboss.remoting.marshal.serializable.SerializableMarshaller.getMarshallingStream(SerializableMarshaller.java:72)

              at org.jboss.remoting.transport.socket.ClientSocketWrapper.createOutputStream(ClientSocketWrapper.java:223)

              at org.jboss.remoting.transport.socket.ClientSocketWrapper.createStreams(ClientSocketWrapper.java:181)

              at org.jboss.remoting.transport.socket.ClientSocketWrapper.<init>(ClientSocketWrapper.java:67)

              at org.jboss.remoting.transport.socket.ServerSocketWrapper.<init>(ServerSocketWrapper.java:46)

              ... 7 more

      13:32:11,309 INFO  [SessionSpecContainer] Stopping jboss.j2ee:jar=foo.jar,name=FooBean,service=EJB3

      13:32:11,319 INFO  [EJBContainer] STOPPED EJB: foo.FooBean ejbName: FooBean

       

       

      I have added the following to ejb3-connectors-jboss-beans.xml

       

       

      <bean name="EJB3SSLRemotingConnector" class="org.jboss.remoting.transport.Connector">

          <property name="invokerLocator">sslsocket://${jboss.bind.address}:3843</property>

          <property name="serverConfiguration">

            <inject bean="ServerConfiguration" />

          </property>

          <property name="serverSocketFactory">

            <inject bean="sslServerSocketFactory" />

          </property>

        </bean>

       

        <bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory">

           <constructor>

              <parameter><inject bean="EJB3SSLDomain"/></parameter>

           </constructor>

      <!--

           <property name="cipherSuites">SSL_RSA_WITH_RC4_128_MD5</property>

      -->

       

        </bean>

       

      Here is my ejb impl

      -------- FooRemote.java

      package foo;

      import javax.ejb.*;

       

      @Remote

      public interface FooRemote {

        public String echo(String s);

      }

       

      ---------- FooBean.java

      package foo;

      import org.jboss.ejb3.annotation.SecurityDomain;

      import org.jboss.ejb3.annotation.*;

      import javax.annotation.security.RolesAllowed;

      import javax.annotation.security.*;

      import javax.ejb.*;

      @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="StatelessSSL")

      @Remote(FooRemote.class)

      @Stateless

      public class FooBean implements FooRemote {

       

        public String echo(String s) {

        return s ;

      }

      }

       

      --------------------- Client.java

      package foo;

      import javax.ejb.*;

      import javax.naming.*;

      import java.util.Properties;

       

      public class Client {

      public static void main(String[] args) throws Exception {

       

      final String jndiName = "StatelessSSL/remote";

       

        Properties props = new Properties();

      /*

        props.setProperty(Context.SECURITY_PRINCIPAL, "sl15062");

        props.setProperty(Context.SECURITY_CREDENTIALS, "e8ight9lso");

        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");

        InitialContext ic = new InitialContext(props);

      */

        InitialContext ic = new InitialContext();

       

       

        System.out.println("************ about to look up jndi name " + jndiName);

        Object obj = ic.lookup(jndiName);

        System.out.println("lookup returned " + obj);

       

        FooRemote foo = (FooRemote) obj;

        String s = foo.echo("Hello Foo on JBoss!");

        System.out.println(foo + " echo returned " + s);

      }

      }