4 Replies Latest reply on Sep 2, 2011 4:27 AM by Wen Cheng

    EJB3 over SSL doesn't work for remote client

    Wen Cheng Newbie

      I read the post: http://community.jboss.org/thread/148760

      And my situation is similar. But the solution dosen't works.

       

      JBOSS Version: JBoss 6.0.0.0 Final

      OS: Windows XP

       

      I created a stateless bean in my application and configure it to use SSLSocket.

       

      @Stateless

      @Remote(ReflectEJB.class)

      @RemoteBinding(clientBindUrl="sslsocket://${jboss.bind.address}:3843")

      public class ReflectEJBBean implements ReflectEJB{

         public String sayHello(){

                return "hello" ;

           }

      }

       

      And I also configured ejb3-connectors-jboss-beans.xml file where I added a MBean:

       

       

      <bean name="EJB3SSLRemotingConnector" class="org.jboss.remoting.transport.Connector"> 
          <property name="invokerLocator">sslsocket://${jboss.bind.address}:3843</property> 
          <property name="serverConfiguration"> 
            <inject bean="ServerConfiguration" /> 
          </property> 
          <property name="serverSocketFactory"> 
            <inject bean="sslServerSocketFactory" /> 
          </property> 
        </bean>
      
        <bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory"> 
           <constructor> 
              <parameter><inject bean="EJB3SSLDomain"/></parameter> 
           </constructor> 
        </bean> 
        <bean name="EJB3SSLDomain" class="org.jboss.security.plugins.JaasSecurityDomain"> 
           <constructor> 
              <parameter>EJB3SSLDomain</parameter> 
           </constructor> 
           <property name="keyStoreURL">../conf/server.keystore</property> 
           <property name="keyStorePass">mypassword</property>    
        </bean>
      

       

       

      I start jboss with " -b 0.0.0.0 " on windows,

       

      The bean works pretty well when I running the test code on the machine where jboss running.

      However ,when I running the test code on a different machine , an exception is throw,

       

       

      javax.naming.NamingException: Could not dereference object [Root exception is org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://0.0.0.0:3843/]]
          at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1508)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:824)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:688)
          at javax.naming.InitialContext.lookup(InitialContext.java:392)
          at com.css.waterbox.server.api.consoleapi.SessionDriver.main(SessionDriver.java:445)
      Caused by: org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://0.0.0.0:3843/]
          at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:831)
          at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:167)
          at org.jboss.remoting.Client.invoke(Client.java:1961)
          at org.jboss.remoting.Client.invoke(Client.java:804)
          at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
          at org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsLocalProxyFactoryInterceptor.java:104)
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
          at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
          at $Proxy0.createProxyBusiness(Unknown Source)
          at org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.createProxy(SessionProxyObjectFactory.java:129)
          at org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionProxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
          at org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance(ProxyObjectFactory.java:161)
          at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
          at org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1483)
          at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1500)
          ... 4 more
      Caused by: java.net.ConnectException: Connection refused: connect
          at java.net.PlainSocketImpl.socketConnect(Native Method)
          at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
          at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:193)
          at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
          at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
          at java.net.Socket.connect(Socket.java:519)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:550)
          at org.jboss.remoting.transport.sslsocket.SSLSocketClientInvoker.connect(SSLSocketClientInvoker.java:243)
          at org.jboss.remoting.transport.sslsocket.SSLSocketClientInvoker.createSocket(SSLSocketClientInvoker.java:186)
          at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.getConnection(MicroSocketClientInvoker.java:1165)
          at org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:816)
          at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:167)
          at org.jboss.remoting.Client.invoke(Client.java:1961)
          at org.jboss.remoting.Client.invoke(Client.java:804)
          at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
          at org.jboss.ejb3.proxy.impl.remoting.IsLocalProxyFactoryInterceptor.invoke(IsLocalProxyFactoryInterceptor.java:104)
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
          at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
          at $Proxy0.createProxyBusiness(Unknown Source)
          at org.jboss.ejb3.proxy.impl.objectfactory.session.SessionProxyObjectFactory.createProxy(SessionProxyObjectFactory.java:129)
          at org.jboss.ejb3.proxy.impl.objectfactory.session.stateless.StatelessSessionProxyObjectFactory.getProxy(StatelessSessionProxyObjectFactory.java:79)
          at org.jboss.ejb3.proxy.impl.objectfactory.ProxyObjectFactory.getObjectInstance(ProxyObjectFactory.java:161)
          at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
          at org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1483)
          at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1500)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:824)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:688)
          at javax.naming.InitialContext.lookup(InitialContext.java:392)
          at com.css.waterbox.server.api.consoleapi.SessionDriver.main(SessionDriver.java:445)
          at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:72)
          ... 15 more
      

       

      I tried the way mentioned in https://jira.jboss.org/jira/browse/EJBTHREE-1650 , In another word, I add jboss.xml in META-INF folder in myejb.jar:

       

       

      <?xml version="1.0" encoding="utf-8"?>
      
      <jboss xmlns="http://www.jboss.com/xml/ns/javaee"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                   xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
                                  http://www.jboss.org/j2ee/schema/jboss_5_0.xsd"
                   version="5.0">
                   
        <enterprise-beans>
           <session>
             <ejb-name>ReflectEJBBean</ejb-name>
             <remote-binding>
                 <jndi-name>ReflectEJBBean/remote</jndi-name>
                 <client-bind-url>sslsocket://${jboss.bind.address}:3843</client-bind-url>
             </remote-binding>
      
           </session>
        </enterprise-beans>
      
      </jboss>
      

       

      But it got no improvement.

       

      I know when I start jboss with "-b the_real_IP_of_the_machine" instead of "-b 0.0.0.0" , I can access ReflectEJBBean in a remote machine.

      But I want to keep the "-b 0.0.0.0" for some reason.

       

      Any idea?

       

      Thanks very much in advance.

        • 1. Re: EJB3 over SSL doesn't work for remote client
          Carlo de Wolf Master
          @RemoteBinding(clientBindUrl="sslsocket://${jboss.bind.address}:3843")
          

           

          Means that you ask the client to connect to the address specified after '-b'. When the client tries to connect to 0.0.0.0 it won't find the server, hence the connection refused.

           

          Instead of ${jboss.bind.address} you could use your server hostname. That would instruct the client to connect to that address instead.

          If the server lives behind a NAT make sure you also use a split DNS configuration.

          1 of 1 people found this helpful
          • 2. Re: EJB3 over SSL doesn't work for remote client
            Wen Cheng Newbie

            Thanks, Carlo!

             

            I fixed it now!

            • 3. Re: EJB3 over SSL doesn't work for remote client
              Siddu Bulla Newbie

              Hi Wen,

              I am trying exactly the same.

               

              JBoss 5.1.0-GA

              Eclipse Java EE IDE 1.2.0

              Java - jdk1.6.0_21

              OS: Windows XP

               

              I have added below snippet to ejb3-connectors-jboss-beans.xml from \jboss-5.1.0.GA\server\default\deploy folder

               

                <bean name="org.jboss.ejb3.RemotingConnector" class="org.jboss.remoting.transport.Connector">
                  <property name="invokerLocator">sslsocket://${jboss.bind.address}:3843</property>
                  <property name="serverConfiguration">
                    <inject bean="ServerConfiguration" />
                  </property>
                  <property name="serverSocketFactory">
                    <inject bean="sslServerSocketFactory" />
                  </property>
                </bean>

                <bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory">
                   <constructor>
                      <parameter><inject bean="EJB3SSLDomain"/></parameter>
                   </constructor>
                </bean>
                <bean name="EJB3SSLDomain" class="org.jboss.security.plugins.JaasSecurityDomain">
                   <constructor>
                      <parameter>EJB3SSLDomain</parameter>
                   </constructor>
                   <property name="keyStoreURL">resource:archserver.keystore</property>
                   <property name="keyStorePass">testing</property>
                </bean>

               

              My jboss.xml from EJB jar META-INF fodler

               

              <?xml version="1.0" encoding="utf-8"?>

              <jboss xmlns="http://www.jboss.com/xml/ns/javaee"
                           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                           xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
                                          http://www.jboss.org/j2ee/schema/jboss_5_0.xsd"
                           version="5.0">
                 <enterprise-beans>
                   <session>
                     <ejb-name>FooBean</ejb-name>
                     <remote-binding>
                         <jndi-name>FooBean/remote</jndi-name>
                         <client-bind-url>sslsocket://147.141.95.125:3843</client-bind-url>
                     </remote-binding>

                   </session>
                </enterprise-beans>

              </jboss>

               

              My EJB is:

               

              @Stateless
              @Remote(FooRemote.class)
              @RemoteBinding(clientBindUrl="sslsocket://147.141.95.125:3843")


              public class FooBean implements FooRemote {
              public String echo(String s)
              {  
                System.out.println("############Calling echo().................");
                return s;             
              }
              }

               

              And My server startup arguments are

              -c default -Djavax.net.ssl.keyStore=C:/jboss-5.1.0.GA/server/default/conf/archserver.keystore -Djavax.net.ssl.keyStorePassword=testing

              When I try to access the EJB from client I get the error message

              Exception in thread "main" javax.naming.NamingException: Could not dereference object [Root exception is org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket://147.141.95.125:3843/]]
              at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1504)
              at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:822)
              at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:686)
              at javax.naming.InitialContext.lookup(Unknown Source)
              at com.ssga.ejb3.test.Client.main(Client.java:38)

              I tried changing the binding address to

               

              ${jboss.bind.address} - Still same error

              0.0.0.0 - Still Same Error

              P-BOSLOCALPC(my PC name) - Still Same error

               

              Do you think anything wrong in my configuration or server startup arguments to eliminate this error?

               

              Thanks in advance,

              Siddu

               

               

               

              • 4. Re: EJB3 over SSL doesn't work for remote client
                Wen Cheng Newbie

                Hello, Siddu:

                 

                I use jboss 6.0.0.0 final. So my configuration is based on jboss6.

                 

                If you don't care to bind the IP address to the Jboss server, try to start jboss with:

                 

                -c default -b 147.141.95.125 -Djavax.net.ssl.keyStore=C:/jboss-5.1.0.GA/server/default/conf/archserver.keystore  -Djavax.net.ssl.keyStorePassword=testing

                 

                 

                If this doesn't work, tryp to change your pc name(maybe you need to restart your computer after the change). Remove the character "-" from your computer name. It's an "invalid" character form jboss, I think.

                 

                   The following is my conclusion during my "struggle" to run ejb3+ssl, please see if it helps.

                 

                   There are 4  "sslsocket://" urls in the configuration.

                 

                   1) ejb3-connectors-jboss-beans.xml 

                 

                   2) jboss.xml in EJB jar META-INF fodler

                 

                   3) the ejb source code; @RemoteBinding(clientBindUrl="sslsocket://147.141.95.125:3843")

                 

                   4) the url of the start up parameter "-b", I think it is also has some thing to do

                 

                   After my test, I found that , of all the four places, only 2 is the key: the address in  "jboss.xml" and after "-b". This two should be match. If they are the same, then the ejb works. The other two are replaced by the "jboss.xml" url, I think.

                 

                   Let's talk about "-b" then.

                 

                   As you know ,"-b" means "jboss.bind.address", or the binding address of ALL the jboss service. Of all the services, I think the one connect to EJB is RMI. So what we should focus is only the binding address of RMI. The configuration file of rmi binding address is :

                 

                   %JBOSS_HOME%/server/default/deploy/naming-jboss-beans.xml

                 

                See the property "bindingAdress" and "rmiBindAddress" :

                 

                <property name="bindAddress">${jboss.bind.address:localhost}</property> 
                <property name="rmiBindAddress">${jboss.bind.address:localhost}</property>
                
                

                 

                In another word, I said "the adress in  "jboss.xml" and after "-b". This two should match", it really means :

                 

                the address in  "jboss.xml" and the address in "naming-jboss-beans.xml". they two should be match.

                 

                If they are the same, then the ejb "channel" is opened. What's more, I found that the address "0.0.0.0" is not the right value. You can use the real IP address, or the real hostname. Or you can use the variables like "${jboss.host.name}", or "${java.rmi.server.hostname}". But remember, if you use some variable, you must tell jboss the real value of  it when you start jboss.

                 

                So, try to set your exact IP address "147.141.95.125" in jboss.xml and naming-jboss-beans.xml, and restart you jboss with:

                 

                -c default -b 0.0.0.0 -Djavax.net.ssl.keyStore=C:/jboss-5.1.0.GA/server/default/conf/archserver.keystore -Djavax.net.ssl.keyStorePassword=testing