0 Replies Latest reply on Aug 7, 2012 5:57 PM by hlkandrew

    How do I setup JAAS using X509Certificate

    hlkandrew Newbie

      Currently I am using JBoss 7.1.1.Final server and a Jboss's EJBclient to call remoting. I have setup the server JAAS's with the use of RealmUserRoles and the EJB client manage to make a remote call with the principal recognised by the server.

      The following setting shows the EJBClient settings;

       

      endpoint.name=client-endpoint

      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

      remote.connections=command

      remote.connection.command.host=localhost

      remote.connection.command.port = 4447

      remote.connection.command.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

      remote.connection.command.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

      remote.connection.command.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false

      remote.connection.command.username=appuser

      remote.connection.command.password=apppassword

       

      The following is the server

       

      <security-realm name="MyRealm">

                      <authentication>

                          <jaas name="my-security-domain"/>

                      </authentication>

      </security-realm>

       

      <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                  <connector name="remoting-connector" socket-binding="remoting" security-realm="MyRealm"/>

        </subsystem>

       

      <security-domain name="my-security-domain" cache-type="default">

                          <authentication>

                              <login-module code="RealmUsersRoles" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>

                                  <module-option name="realm" value="ApplicationRealm"/>

                              </login-module>

                          </authentication>

      </security-domain>

       

       

      What are the changes I need to make on the EJBClient and the server to use JAAS X509Certificate and the Security subsystem; "CertfiicateRoles" or "CertificateUsers"? Do I need to setup SSL to utilise the Security subsystem?

       

      Thanks