13 Replies Latest reply on Oct 17, 2012 7:02 AM by xiang yingbing

    Remoting over SSL on AS 7.1.3

    renz13 Newbie

      Hello,

       

      I'm trying to call SLSB using remoting with SSL, and I have exception thrown in the log (in red), but the remote call (sayHello) seems to complete correctly (in green).

       

      Here are my log (with -Djavax.net.debug=ssl in blue) :

       

      16 oct. 2012 18:05:24 org.xnio.Xnio <clinit>

      INFO: XNIO Version 3.0.6.GA

      16 oct. 2012 18:05:24 org.xnio.nio.NioXnio <clinit>

      INFO: XNIO NIO Implementation Version 3.0.6.GA

      16 oct. 2012 18:05:24 org.jboss.remoting3.EndpointImpl <clinit>

      INFO: JBoss Remoting version 3.2.8.SP1

      16 oct. 2012 18:05:24 org.jboss.remoting3.remote.RemoteConnection handleException

      ERROR: JBREM000200: Remote connection failed: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL

      16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers

      WARN: Could not register a EJB receiver for connection to 127.0.0.1:4447

      java.lang.RuntimeException: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL

          at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)

          at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:77)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:68)

          at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.remplaceProperties(TestSansProperties_HardCoded_SSL.java:83)

          at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:41)

      Caused by: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:501)

          at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:440)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

          at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

          at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

          at org.xnio.nio.NioHandle.run(NioHandle.java:90)

          at org.xnio.nio.WorkerThread.run(WorkerThread.java:187)

          at ...asynchronous invocation...(Unknown Source)

          at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

          at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)

          at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)

          at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)

          at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)

          ... 5 more

      keyStore is : resources/jbossClient.keystore

      keyStore type is : jks

      keyStore provider is :

      init keystore

      init keymanager of type SunX509

      ***

      found key for : clientalias

      chain [0] = [

      [

        Version: V3

        Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

       

        Key:  Sun RSA public key, 1024 bits

        modulus: 128038211344699500976741729824154447620256405266811708513639786099468380339246530850683082209465586238714436139226775425199137851291126409903734486517617478416640000716063613243468179422306411671349877462549907180284053701012568948316807810932677830477271247357253713707531173080841044302803580665414904518119

        public exponent: 65537

        Validity: [From: Tue Sep 25 16:08:09 CEST 2012,

                     To: Fri Sep 23 16:08:09 CEST 2022]

        Issuer: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        SerialNumber: [    5061bac9]

       

      ]

        Algorithm: [SHA1withRSA]

        Signature:

      0000: 9C F7 06 24 06 3F 4B 3B   D1 DC 28 4E 11 8A B4 A3  ...$.?K;..(N....

      0010: 4A 33 E2 C9 F2 4D 4D AE   03 CB 8A B0 70 0F 5D E6  J3...MM.....p.].

      0020: AB E0 A6 68 6D CA A6 08   EC 0F 41 BF 2D 04 17 A6  ...hm.....A.-...

      0030: B6 98 B6 D8 CC 7E F2 13   4C 2B 59 A8 92 18 F2 23  ........L+Y....#

      0040: FD EF 7E 9C 5D 0D 7D 5C   19 A3 72 BB D1 52 09 84  ....]..\..r..R..

      0050: 78 AA 7F 5F E2 D3 14 44   96 1B 39 7C 1C ED EE 4B  x.._...D..9....K

      0060: 96 54 EF CA F7 67 C9 43   CC E9 9E C5 67 AC 67 CD  .T...g.C....g.g.

      0070: 1E 23 66 A7 C0 10 54 3A   39 5B 6E E8 95 E6 DB 95  .#f...T:9[n.....

       

      ]

      ***

      trustStore is: resources\jbossClient.keystore

      trustStore type is : jks

      trustStore provider is :

      init truststore

      adding as trusted cert:

        Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        Issuer:  CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        Algorithm: RSA; Serial number: 0x5061ba8f

        Valid from Tue Sep 25 16:07:11 CEST 2012 until Fri Sep 23 16:07:11 CEST 2022

       

      adding as trusted cert:

        Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        Issuer:  CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        Algorithm: RSA; Serial number: 0x5061bac9

        Valid from Tue Sep 25 16:08:09 CEST 2012 until Fri Sep 23 16:08:09 CEST 2022

       

      trigger seeding of SecureRandom

      done seeding SecureRandom

      Using SSLEngineImpl.

      Allow unsafe renegotiation: false

      Allow legacy hello messages: true

      Is initial handshake: true

      Is secure renegotiation: false

      %% No cached client session

      *** ClientHello, TLSv1

      RandomCookie:  GMT: 1350337732 bytes = { 230, 110, 201, 210, 209, 236, 86, 26, 42, 8, 254, 58, 217, 127, 122, 126, 44, 16, 147, 222, 183, 114, 206, 196, 83, 3, 31, 241 }

      Session ID:  {}

      Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

      Compression Methods:  { 0 }

      ***

      Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 75

      Remoting "client-endpoint" read-1, WRITE: SSLv2 client hello message, length = 101

      Remoting "client-endpoint" read-1, READ: TLSv1 Handshake, length = 668

      *** ServerHello, TLSv1

      RandomCookie:  GMT: 1350337732 bytes = { 18, 118, 227, 51, 107, 31, 167, 218, 1, 238, 48, 185, 108, 43, 187, 137, 106, 104, 90, 215, 89, 105, 165, 226, 135, 55, 175, 81 }

      Session ID:  {80, 125, 133, 196, 80, 185, 7, 27, 71, 182, 172, 15, 163, 9, 156, 188, 207, 74, 231, 90, 8, 116, 88, 42, 140, 194, 137, 237, 206, 38, 198, 182}

      Cipher Suite: SSL_RSA_WITH_RC4_128_MD5

      Compression Method: 0

      Extension renegotiation_info, renegotiated_connection: <empty>

      ***

      %% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]

      ** SSL_RSA_WITH_RC4_128_MD5

      *** Certificate chain

      chain [0] = [

      [

        Version: V3

        Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

       

        Key:  Sun RSA public key, 1024 bits

        modulus: 101028752172251961940192240051749202004191747004321614332606078813531926336145572350082220551431187494669494141003006410640812308095259244238128267330371599077621855381834702517193087322864917471691135389505576643291381618903065408986625656831478917633582898977714214043203922239179795871475084980942771015429

        public exponent: 65537

        Validity: [From: Tue Sep 25 16:07:11 CEST 2012,

                     To: Fri Sep 23 16:07:11 CEST 2022]

        Issuer: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        SerialNumber: [    5061ba8f]

       

      ]

        Algorithm: [SHA1withRSA]

        Signature:

      0000: 75 25 39 31 37 CF F9 AF   EB B2 18 9F 77 67 4E FE  u%917.......wgN.

      0010: 18 CA B2 D2 7A B7 AF 1F   E6 47 4D 8E 88 9B 5C CD  ....z....GM...\.

      0020: 96 8F D5 A4 E8 3D FC 97   B8 20 FD C2 7F 43 B6 C0  .....=... ...C..

      0030: 55 B4 9E 06 D0 B4 7C AC   1B 96 DD 32 26 7E 81 E3  U..........2&...

      0040: B5 6B EC 09 60 B5 94 0B   10 53 20 61 18 26 80 94  .k..`....S a.&..

      0050: 19 6D 39 9E 16 5F 89 F2   50 9C 69 61 63 07 48 EC  .m9.._..P.iac.H.

      0060: BF 63 FE DC 0A 06 E9 40   33 BC 08 D7 48 1F 69 72  .c.....@3...H.ir

      0070: F2 72 D9 6A 02 F8 6A EB   85 D9 8D B3 BF ED ED 47  .r.j..j........G

       

      ]

      ***

      Found trusted certificate:

      [

      [

        Version: V3

        Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

       

        Key:  Sun RSA public key, 1024 bits

        modulus: 101028752172251961940192240051749202004191747004321614332606078813531926336145572350082220551431187494669494141003006410640812308095259244238128267330371599077621855381834702517193087322864917471691135389505576643291381618903065408986625656831478917633582898977714214043203922239179795871475084980942771015429

        public exponent: 65537

        Validity: [From: Tue Sep 25 16:07:11 CEST 2012,

                     To: Fri Sep 23 16:07:11 CEST 2022]

        Issuer: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

        SerialNumber: [    5061ba8f]

       

      ]

        Algorithm: [SHA1withRSA]

        Signature:

      0000: 75 25 39 31 37 CF F9 AF   EB B2 18 9F 77 67 4E FE  u%917.......wgN.

      0010: 18 CA B2 D2 7A B7 AF 1F   E6 47 4D 8E 88 9B 5C CD  ....z....GM...\.

      0020: 96 8F D5 A4 E8 3D FC 97   B8 20 FD C2 7F 43 B6 C0  .....=... ...C..

      0030: 55 B4 9E 06 D0 B4 7C AC   1B 96 DD 32 26 7E 81 E3  U..........2&...

      0040: B5 6B EC 09 60 B5 94 0B   10 53 20 61 18 26 80 94  .k..`....S a.&..

      0050: 19 6D 39 9E 16 5F 89 F2   50 9C 69 61 63 07 48 EC  .m9.._..P.iac.H.

      0060: BF 63 FE DC 0A 06 E9 40   33 BC 08 D7 48 1F 69 72  .c.....@3...H.ir

      0070: F2 72 D9 6A 02 F8 6A EB   85 D9 8D B3 BF ED ED 47  .r.j..j........G

       

      ]

      *** ServerHelloDone

      *** ClientKeyExchange, RSA PreMasterSecret, TLSv1

      Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 134

      SESSION KEYGEN:

      PreMaster Secret:

      0000: 03 01 06 C4 3F A4 B7 78   80 1A 71 D1 D3 F2 D8 FC  ....?..x..q.....

      0010: C0 49 A8 EC F0 F3 0D E6   0D 9C 3D 4E 0D 3C 44 3A  .I........=N.<D:

      0020: D5 E2 FE CC 40 3C 0D 76   E5 1A 41 99 AE 62 23 A4  ....@<.v..A..b#.

      CONNECTION KEYGEN:

      Client Nonce:

      0000: 50 7D 85 C4 E6 6E C9 D2   D1 EC 56 1A 2A 08 FE 3A  P....n....V.*..:

      0010: D9 7F 7A 7E 2C 10 93 DE   B7 72 CE C4 53 03 1F F1  ..z.,....r..S...

      Server Nonce:

      0000: 50 7D 85 C4 12 76 E3 33   6B 1F A7 DA 01 EE 30 B9  P....v.3k.....0.

      0010: 6C 2B BB 89 6A 68 5A D7   59 69 A5 E2 87 37 AF 51  l+..jhZ.Yi...7.Q

      Master Secret:

      0000: 46 D3 15 E3 A6 52 B7 E6   BC 5F E4 EC 4F 19 74 C3  F....R..._..O.t.

      0010: 09 EE B3 D5 19 87 07 C4   EC 74 A4 89 6A E8 4C F4  .........t..j.L.

      0020: 1F 7F 56 90 06 AA E7 56   1B 19 9A 4B 5D 14 A6 5A  ..V....V...K]..Z

      Client MAC write Secret:

      0000: 83 31 62 12 42 E2 70 B4   30 D2 AC 23 90 54 FC 6C  .1b.B.p.0..#.T.l

      Server MAC write Secret:

      0000: 66 79 22 50 3B 30 6E 96   F0 D9 45 03 2A 36 D1 66  fy"P;0n...E.*6.f

      Client write key:

      0000: EB 8C 0F 4A 8A 0E 0C 2A   67 D8 E2 1D 3C 98 FD B5  ...J...*g...<...

      Server write key:

      0000: E7 B0 C6 87 5D 6E 4C E2   03 FF 51 78 09 DE 09 95  ....]nL...Qx....

      ... no IV used for this cipher

      Remoting "client-endpoint" read-1, WRITE: TLSv1 Change Cipher Spec, length = 1

      *** Finished

      verify_data:  { 160, 175, 14, 110, 244, 85, 161, 158, 235, 244, 107, 89 }

      ***

      Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 32

      Remoting "client-endpoint" read-1, READ: TLSv1 Change Cipher Spec, length = 1

      Remoting "client-endpoint" read-1, READ: TLSv1 Handshake, length = 32

      *** Finished

      verify_data:  { 1, 220, 238, 125, 190, 65, 114, 251, 110, 54, 243, 75 }

      ***

      %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]

      Remoting "client-endpoint" write-1, WRITE: TLSv1 Application Data, length = 25

      Remoting "client-endpoint" task-1, WRITE: TLSv1 Application Data, length = 26

      main, WRITE: TLSv1 Application Data, length = 41

      Remoting "client-endpoint" task-4, WRITE: TLSv1 Application Data, length = 15

      16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.VersionReceiver handleMessage

      INFO: EJBCLIENT000017: Received server version 1 and marshalling strategies [river]

      Remoting "client-endpoint" task-4, WRITE: TLSv1 Application Data, length = 20

      Remoting "client-endpoint" task-4, WRITE: TLSv1 Application Data, length = 12

      16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate

      INFO: EJBCLIENT000013: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@12c7568, receiver=Remoting connection EJB receiver [connection=Remoting connection <13ad085>,channel=jboss.ejb,nodename=renz-precision]} on channel Channel ID b04700ad (outbound) of Remoting connection 0076e369 to localhost/127.0.0.1:4447

      Remoting "client-endpoint" task-1, WRITE: TLSv1 Application Data, length = 15

      16 oct. 2012 18:05:24 org.jboss.ejb.client.EJBClient <clinit>

      INFO: JBoss EJB Client version 1.0.11.Final

      main, WRITE: TLSv1 Application Data, length = 136

      main, WRITE: TLSv1 Application Data, length = 15

      [sayHello()] Helloworld!!!

      Thread-1, WRITE: TLSv1 Application Data, length = 5

      Thread-1, called closeOutbound()

      Thread-1, closeOutboundInternal()

      Thread-1, SEND TLSv1 ALERT:  warning, description = close_notify

      Thread-1, WRITE: TLSv1 Alert, length = 18

      Thread-1, READ: TLSv1 Alert, length = 18

      Thread-1, RECV TLSv1 ALERT:  warning, close_notify

      Thread-1, closeInboundInternal()

      Thread-1, closeOutboundInternal()

       

      Now my client code :

       

      public static void main(String[] args) {
               
              HelloworldRemote remote = null ;
          
              try {
             
                  System.setProperty("javax.net.ssl.trustStore", "resources/jbossClient.keystore") ;
                  System.setProperty("javax.net.ssl.trustStorePassword", "clientPassword") ;
                  
                  setProperties() ;
                  
                  remote = lookupRemoteStatelessBean();
                  
                  System.err.println("[sayHello()] "+remote.sayHello()) ;            
                  
              } catch (Exception e) {
                  e.printStackTrace();
              }
              
              
      
          }
          
          private static void setProperties() throws FileNotFoundException, IOException {
              final Properties clientConfigProps = new Properties() ;
              
              clientConfigProps.put("endpoint.name","client-endpoint") ;
              clientConfigProps.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED","true") ;
               
              clientConfigProps.put("remote.connections","default") ;
               
              clientConfigProps.put("remote.connection.default.host","localhost") ;
              clientConfigProps.put("remote.connection.default.port","4447") ;
              clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS","false") ;
              clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false") ;
              clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS","JBOSS-LOCAL-USER") ;
              
              clientConfigProps.put("remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS", "true") ;
              
              clientConfigProps.put("remote.connection.default.username","992600056") ;
              clientConfigProps.put("remote.connection.default.password","pass") ;    
                              
              final EJBClientConfiguration ejbClientConfiguration = new PropertiesBasedEJBClientConfiguration(clientConfigProps);
              final ContextSelector<EJBClientContext> ejbClientContextSelector = new ConfigBasedEJBClientContextSelector(ejbClientConfiguration);
              
              EJBClientContext.setSelector(ejbClientContextSelector);
          }
      
          
          private static HelloworldRemote lookupRemoteStatelessBean() throws NamingException {
              final Properties jndiProperties = new Properties();
              jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
              final Context context = new InitialContext(jndiProperties);
              final String appName = "Helloworld";
              final String moduleName = "HelloworldEJB";
              final String distinctName = "";
              final String beanName = "HelloworldBean";
              final String viewClassName = HelloworldRemote.class.getName();
              return (HelloworldRemote) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
          }
      
        • 1. Re: Remoting over SSL on AS 7.1.3
          Tomaz Cerar Master

          Hi,

           

          you have problems with TLS not SSL.

           

          remove STARTTLS from config and SSL will probably work.

           

           

          --

          tomaz

          • 2. Re: Remoting over SSL on AS 7.1.3
            renz13 Newbie

            Oops, actually I want to use TLS not SSL.


            But if I remove STARTTLS, I still have the exception "Client starting STARTTLS but channel doesn't support SSL" and the remote call fails.

             

            The client log :

             

            16 oct. 2012 18:38:38 org.xnio.Xnio <clinit>

            INFO: XNIO Version 3.0.6.GA

            16 oct. 2012 18:38:38 org.xnio.nio.NioXnio <clinit>

            INFO: XNIO NIO Implementation Version 3.0.6.GA

            16 oct. 2012 18:38:38 org.jboss.remoting3.EndpointImpl <clinit>

            INFO: JBoss Remoting version 3.2.8.SP1

            16 oct. 2012 18:38:38 org.jboss.remoting3.remote.RemoteConnection handleException

            ERROR: JBREM000200: Remote connection failed: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL

            16 oct. 2012 18:38:38 org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers

            WARN: Could not register a EJB receiver for connection to 127.0.0.1:4447

            java.lang.RuntimeException: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL

                at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)

                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)

                at org.jboss.ejb.client.EJBClientContext.<clinit>(EJBClientContext.java:77)

                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:68)

                at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.remplaceProperties(TestSansProperties_HardCoded_SSL.java:83)

                at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:41)

            Caused by: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL

                at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:501)

                at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:440)

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

                at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                at org.xnio.nio.NioHandle.run(NioHandle.java:90)

                at org.xnio.nio.WorkerThread.run(WorkerThread.java:187)

                at ...asynchronous invocation...(Unknown Source)

                at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

                at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)

                at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)

                at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)

                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)

                ... 5 more

            keyStore is : resources/jbossClient.keystore

            keyStore type is : jks

            keyStore provider is :

            init keystore

            init keymanager of type SunX509

            ***

            found key for : clientalias

            chain [0] = [

            [

              Version: V3

              Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

              Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

             

              Key:  Sun RSA public key, 1024 bits

              modulus: 128038211344699500976741729824154447620256405266811708513639786099468380339246530850683082209465586238714436139226775425199137851291126409903734486517617478416640000716063613243468179422306411671349877462549907180284053701012568948316807810932677830477271247357253713707531173080841044302803580665414904518119

              public exponent: 65537

              Validity: [From: Tue Sep 25 16:08:09 CEST 2012,

                           To: Fri Sep 23 16:08:09 CEST 2022]

              Issuer: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

              SerialNumber: [    5061bac9]

             

            ]

              Algorithm: [SHA1withRSA]

              Signature:

            0000: 9C F7 06 24 06 3F 4B 3B   D1 DC 28 4E 11 8A B4 A3  ...$.?K;..(N....

            0010: 4A 33 E2 C9 F2 4D 4D AE   03 CB 8A B0 70 0F 5D E6  J3...MM.....p.].

            0020: AB E0 A6 68 6D CA A6 08   EC 0F 41 BF 2D 04 17 A6  ...hm.....A.-...

            0030: B6 98 B6 D8 CC 7E F2 13   4C 2B 59 A8 92 18 F2 23  ........L+Y....#

            0040: FD EF 7E 9C 5D 0D 7D 5C   19 A3 72 BB D1 52 09 84  ....]..\..r..R..

            0050: 78 AA 7F 5F E2 D3 14 44   96 1B 39 7C 1C ED EE 4B  x.._...D..9....K

            0060: 96 54 EF CA F7 67 C9 43   CC E9 9E C5 67 AC 67 CD  .T...g.C....g.g.

            0070: 1E 23 66 A7 C0 10 54 3A   39 5B 6E E8 95 E6 DB 95  .#f...T:9[n.....

             

            ]

            ***

            trustStore is: resources\jbossClient.keystore

            trustStore type is : jks

            trustStore provider is :

            init truststore

            adding as trusted cert:

              Subject: CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

              Issuer:  CN=localhost, OU=TEST, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

              Algorithm: RSA; Serial number: 0x5061ba8f

              Valid from Tue Sep 25 16:07:11 CEST 2012 until Fri Sep 23 16:07:11 CEST 2022

             

            adding as trusted cert:

              Subject: CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

              Issuer:  CN=localhost, OU=CLIENT, O=AS CDG, L=GEMENOS, ST=BDR, C=FR

              Algorithm: RSA; Serial number: 0x5061bac9

              Valid from Tue Sep 25 16:08:09 CEST 2012 until Fri Sep 23 16:08:09 CEST 2022

             

            trigger seeding of SecureRandom

            done seeding SecureRandom

            Using SSLEngineImpl.

            Allow unsafe renegotiation: false

            Allow legacy hello messages: true

            Is initial handshake: true

            Is secure renegotiation: false

            %% No cached client session

            *** ClientHello, TLSv1

            RandomCookie:  GMT: 1350339726 bytes = { 214, 236, 121, 207, 18, 122, 0, 148, 64, 123, 155, 71, 142, 243, 33, 186, 179, 253, 148, 122, 232, 141, 236, 38, 83, 176, 194, 24 }

            Session ID:  {}

            Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

            Compression Methods:  { 0 }

            ***

            Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 75

            Remoting "client-endpoint" read-1, WRITE: SSLv2 client hello message, length = 101

            Remoting "client-endpoint" read-1, fatal error: 80: problem unwrapping net record

            javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

            Remoting "client-endpoint" read-1, SEND TLSv1 ALERT:  fatal, description = internal_error

            Remoting "client-endpoint" read-1, WRITE: TLSv1 Alert, length = 2

            16 oct. 2012 18:38:38 org.jboss.remoting3.remote.RemoteConnection handleException

            ERROR: JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

            Remoting "client-endpoint" read-1, called closeOutbound()

            Remoting "client-endpoint" read-1, closeOutboundInternal()

            16 oct. 2012 18:38:38 org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector setupEJBReceivers

            WARN: Could not register a EJB receiver for connection to localhost:4447

            java.lang.RuntimeException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

                at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:91)

                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:119)

                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.<init>(ConfigBasedEJBClientContextSelector.java:76)

                at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.remplaceProperties(TestSansProperties_HardCoded_SSL.java:83)

                at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:41)

            Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

                at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:152)

                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:806)

                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)

                at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)

                at org.xnio.ssl.JsseConnectedSslStreamChannel.unwrap(JsseConnectedSslStreamChannel.java:443)

                at org.xnio.ssl.JsseConnectedSslStreamChannel.read(JsseConnectedSslStreamChannel.java:484)

                at org.xnio.ssl.JsseConnectedSslStreamChannel.read(JsseConnectedSslStreamChannel.java:449)

                at org.xnio.channels.FramedMessageChannel.receive(FramedMessageChannel.java:87)

                at org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting.handleEvent(ClientConnectionOpenListener.java:150)

                at org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting.handleEvent(ClientConnectionOpenListener.java:142)

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

                at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)

                at org.xnio.ssl.JsseConnectedSslStreamChannel.handleReadable(JsseConnectedSslStreamChannel.java:180)

                at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)

                at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)

                at org.xnio.nio.NioHandle.run(NioHandle.java:90)

                at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:208)

                at org.xnio.nio.WorkerThread.run(WorkerThread.java:121)

                at ...asynchronous invocation...(Unknown Source)

                at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)

                at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:386)

                at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:151)

                at org.jboss.ejb.client.remoting.NetworkUtil.connect(NetworkUtil.java:132)

                at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:117)

                ... 3 more

            16 oct. 2012 18:38:38 org.jboss.ejb.client.EJBClient <clinit>

            INFO: JBoss EJB Client version 1.0.11.Final

            Using SSLEngineImpl.

            Allow unsafe renegotiation: false

            Allow legacy hello messages: true

            Is initial handshake: true

            Is secure renegotiation: false

            %% No cached client session

            *** ClientHello, TLSv1

            RandomCookie:  GMT: 1350339726 bytes = { 229, 48, 243, 30, 253, 148, 31, 10, 166, 24, 131, 150, 55, 97, 237, 3, 87, 81, 67, 4, 149, 171, 255, 41, 194, 134, 170, 81 }

            Session ID:  {}

            Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

            Compression Methods:  { 0 }

            ***

            Remoting "client-endpoint" read-1, WRITE: TLSv1 Handshake, length = 75

            Remoting "client-endpoint" read-1, WRITE: SSLv2 client hello message, length = 101

            Remoting "client-endpoint" read-1, fatal error: 80: problem unwrapping net record

            javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

            Remoting "client-endpoint" read-1, SEND TLSv1 ALERT:  fatal, description = internal_error

            Remoting "client-endpoint" read-1, WRITE: TLSv1 Alert, length = 2

            Remoting "client-endpoint" read-1, called closeOutbound()

            Remoting "client-endpoint" read-1, closeOutboundInternal()

            16 oct. 2012 18:38:38 org.jboss.remoting3.remote.RemoteConnection handleException

            ERROR: JBREM000200: Remote connection failed: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

            ******************** e.class class java.lang.IllegalStateException

            java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling [appName:Helloworld, moduleName:HelloworldEJB, distinctName:] combination for invocation context org.jboss.ejb.client.EJBClientInvocationContext@14da8f4

                at org.jboss.ejb.client.EJBClientContext.requireEJBReceiver(EJBClientContext.java:588)

                at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:116)

                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183)

                at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136)

                at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121)

                at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)

                at $Proxy0.sayHello(Unknown Source)

                at com.areasante.helloworld.client.TestSansProperties_HardCoded_SSL.main(TestSansProperties_HardCoded_SSL.java:45)

             

            The server log :

             

            18:39:37,453 ERROR [org.jboss.remoting.remote.connection] (Remoting "renz-precision" read-1) JBREM000200: Remote connection failed: java.io.IOException: Received an invalid message length of -2140864253

            18:39:37,484 ERROR [org.jboss.remoting.remote.connection] (Remoting "renz-precision" read-1) JBREM000200: Remote connection failed: java.io.IOException: Received an invalid message length of -2140864253

            • 3. Re: Remoting over SSL on AS 7.1.3
              Darran Lofthouse Master

              What does your server side configuration look like?

              • 4. Re: Remoting over SSL on AS 7.1.3
                renz13 Newbie

                My standalone.xml

                 

                <?xml version='1.0' encoding='UTF-8'?>
                
                <server xmlns="urn:jboss:domain:1.3">
                
                    <extensions>
                        <extension module="org.jboss.as.clustering.infinispan"/>
                        <extension module="org.jboss.as.configadmin"/>
                        <extension module="org.jboss.as.connector"/>
                        <extension module="org.jboss.as.deployment-scanner"/>
                        <extension module="org.jboss.as.ee"/>
                        <extension module="org.jboss.as.ejb3"/>
                        <extension module="org.jboss.as.jaxrs"/>
                        <extension module="org.jboss.as.jdr"/>
                        <extension module="org.jboss.as.jmx"/>
                        <extension module="org.jboss.as.jpa"/>
                        <extension module="org.jboss.as.logging"/>
                        <extension module="org.jboss.as.mail"/>
                        <extension module="org.jboss.as.naming"/>
                        <extension module="org.jboss.as.osgi"/>
                        <extension module="org.jboss.as.pojo"/>
                        <extension module="org.jboss.as.remoting"/>
                        <extension module="org.jboss.as.sar"/>
                        <extension module="org.jboss.as.security"/>
                        <extension module="org.jboss.as.threads"/>
                        <extension module="org.jboss.as.transactions"/>
                        <extension module="org.jboss.as.web"/>
                        <extension module="org.jboss.as.webservices"/>
                        <extension module="org.jboss.as.weld"/>
                    </extensions>
                
                
                    <management>
                        <security-realms>
                            <security-realm name="ManagementRealm">
                                <authentication>
                                    <local default-user="$local"/>
                                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                                </authentication>
                            </security-realm>
                            <security-realm name="ApplicationRealm">
                                <authentication>
                                    <local default-user="$local" allowed-users="*"/>
                                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                                </authentication>
                                <authorization>
                                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                                </authorization>
                            </security-realm>
                            <security-realm name="HelloRealm">
                                <server-identities>
                                    <ssl >
                                        <keystore alias="jbossalias" path="jbossServer.keystore" relative-to="jboss.server.config.dir" keystore-password="JBossPassword" key-password="JBossPassword"/>
                                    </ssl>
                                </server-identities>
                                <authentication>
                                    <jaas name="HelloDomain"/>
                                </authentication>
                            </security-realm>
                        </security-realms>
                        <management-interfaces>
                            <native-interface security-realm="ManagementRealm">
                                <socket-binding native="management-native"/>
                            </native-interface>
                            <http-interface security-realm="ManagementRealm">
                                <socket-binding http="management-http"/>
                            </http-interface>
                        </management-interfaces>
                    </management>
                
                    <profile>
                        <subsystem xmlns="urn:jboss:domain:logging:1.1">
                            <console-handler name="CONSOLE">
                                <level name="TRACE"/>
                                <formatter>
                                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                                </formatter>
                            </console-handler>
                            <periodic-rotating-file-handler name="FILE">
                                <formatter>
                                    <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
                                </formatter>
                                <file relative-to="jboss.server.log.dir" path="server.log"/>
                                <suffix value=".yyyy-MM-dd"/>
                                <append value="true"/>
                            </periodic-rotating-file-handler>
                            <logger category="org.jboss.security">
                                <level name="TRACE"/>
                            </logger>
                            <logger category="com.arjuna">
                                <level name="WARN"/>
                            </logger>
                            <logger category="org.apache.tomcat.util.modeler">
                                <level name="WARN"/>
                            </logger>
                            <logger category="sun.rmi">
                                <level name="WARN"/>
                            </logger>
                            <logger category="jacorb">
                                <level name="WARN"/>
                            </logger>
                            <logger category="jacorb.config">
                                <level name="ERROR"/>
                            </logger>
                            <root-logger>
                                <level name="INFO"/>
                                <handlers>
                                    <handler name="CONSOLE"/>
                                    <handler name="FILE"/>
                                </handlers>
                            </root-logger>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:configadmin:1.0"/>
                        <subsystem xmlns="urn:jboss:domain:datasources:1.1">
                            <datasources>
                                <datasource jndi-name="java:jboss/datasources/AnnuaireDS" pool-name="AnnuaireDS" enabled="true">
                                    <connection-url>jdbc:postgresql://192.168.1.123/annuaire</connection-url>
                                    <driver>postgresql</driver>
                                    <security>
                                        <user-name>postgres</user-name>
                                        <password>test</password>
                                    </security>
                                </datasource>
                                <drivers>
                                    <driver name="postgresql" module="org.postgresql">
                                        <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
                                    </driver>
                                </drivers>
                            </datasources>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
                            <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000"/>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:ee:1.1">
                            <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
                            <jboss-descriptor-property-replacement>true</jboss-descriptor-property-replacement>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:ejb3:1.3">
                            <session-bean>
                                <stateless>
                                    <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
                                </stateless>
                                <stateful default-access-timeout="5000" cache-ref="simple"/>
                                <singleton default-access-timeout="5000"/>
                            </session-bean>
                            <pools>
                                <bean-instance-pools>
                                    <strict-max-pool name="slsb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                                    <strict-max-pool name="mdb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                                </bean-instance-pools>
                            </pools>
                            <caches>
                                <cache name="simple" aliases="NoPassivationCache"/>
                                <cache name="passivating" passivation-store-ref="file" aliases="SimpleStatefulCache"/>
                            </caches>
                            <passivation-stores>
                                <file-passivation-store name="file"/>
                            </passivation-stores>
                            <async thread-pool-name="default"/>
                            <timer-service thread-pool-name="default">
                                <data-store path="timer-service-data" relative-to="jboss.server.data.dir"/>
                            </timer-service>
                            <remote connector-ref="remoting-connector" thread-pool-name="default"/>
                            <thread-pools>
                                <thread-pool name="default">
                                    <max-threads count="10"/>
                                    <keepalive-time time="100" unit="milliseconds"/>
                                </thread-pool>
                            </thread-pools>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:infinispan:1.3">
                            <cache-container name="hibernate" default-cache="local-query" module="org.jboss.as.jpa.hibernate:4">
                                <local-cache name="entity">
                                    <transaction mode="NON_XA"/>
                                    <eviction strategy="LRU" max-entries="10000"/>
                                    <expiration max-idle="100000"/>
                                </local-cache>
                                <local-cache name="local-query">
                                    <transaction mode="NONE"/>
                                    <eviction strategy="LRU" max-entries="10000"/>
                                    <expiration max-idle="100000"/>
                                </local-cache>
                                <local-cache name="timestamps">
                                    <transaction mode="NONE"/>
                                    <eviction strategy="NONE"/>
                                </local-cache>
                            </cache-container>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
                        <subsystem xmlns="urn:jboss:domain:jca:1.1">
                            <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
                            <bean-validation enabled="true"/>
                            <default-workmanager>
                                <short-running-threads>
                                    <core-threads count="50"/>
                                    <queue-length count="50"/>
                                    <max-threads count="50"/>
                                    <keepalive-time time="10" unit="seconds"/>
                                </short-running-threads>
                                <long-running-threads>
                                    <core-threads count="50"/>
                                    <queue-length count="50"/>
                                    <max-threads count="50"/>
                                    <keepalive-time time="10" unit="seconds"/>
                                </long-running-threads>
                            </default-workmanager>
                            <cached-connection-manager/>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
                        <subsystem xmlns="urn:jboss:domain:jmx:1.1">
                            <show-model value="true"/>
                            <remoting-connector/>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:jpa:1.0">
                            <jpa default-datasource=""/>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:mail:1.0">
                            <mail-session jndi-name="java:jboss/mail/Default">
                                <smtp-server outbound-socket-binding-ref="mail-smtp"/>
                            </mail-session>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:naming:1.2">
                            <remote-naming/>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:osgi:1.2" activation="lazy">
                            <properties>
                                <property name="org.osgi.framework.startlevel.beginning">
                                    1
                                </property>
                            </properties>
                            <capabilities>
                                <capability name="javax.servlet.api:v25"/>
                                <capability name="javax.transaction.api"/>
                                <capability name="org.apache.felix.log" startlevel="1"/>
                                <capability name="org.jboss.osgi.logging" startlevel="1"/>
                                <capability name="org.apache.felix.configadmin" startlevel="1"/>
                                <capability name="org.jboss.as.osgi.configadmin" startlevel="1"/>
                            </capabilities>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
                        <subsystem xmlns="urn:jboss:domain:remoting:1.1">
                            <connector name="remoting-connector" socket-binding="remoting" security-realm="HelloRealm"/>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:resource-adapters:1.0"/>
                        <subsystem xmlns="urn:jboss:domain:sar:1.0"/>
                        <subsystem xmlns="urn:jboss:domain:security:1.2">
                            <security-domains>
                                <security-domain name="other" cache-type="default">
                                    <authentication>
                                        <login-module code="Remoting" flag="optional">
                                            <module-option name="password-stacking" value="useFirstPass"/>
                                        </login-module>
                                        <login-module code="RealmDirect" flag="required">
                                            <module-option name="password-stacking" value="useFirstPass"/>
                                        </login-module>
                                    </authentication>
                                </security-domain>
                                <security-domain name="jboss-web-policy" cache-type="default">
                                    <authorization>
                                        <policy-module code="Delegating" flag="required"/>
                                    </authorization>
                                </security-domain>
                                <security-domain name="jboss-ejb-policy" cache-type="default">
                                    <authorization>
                                        <policy-module code="Delegating" flag="required"/>
                                    </authorization>
                                </security-domain>
                                <security-domain name="HelloDomain" cache-type="default">
                                    <authentication>
                                        <login-module code="Remoting" flag="optional">
                                            <module-option name="password-stacking" value="useFirstPass"/>
                                        </login-module>
                                        <login-module code="Database" flag="required">
                                            <module-option name="dsJndiName" value="java:jboss/datasources/AnnuaireDS"/>
                                            <module-option name="principalsQuery" value="SELECT mdp FROM utilisateur WHERE id_fact=?"/>
                                            <module-option name="rolesQuery" value="SELECT r.role, 'Roles' FROM role r INNER JOIN utilisateur u USING (cle_utilisateur) WHERE u.id_fact=?"/>
                                            <module-option name="password-stacking" value="useFirstPass"/>
                                            <module-option name="hashAlgorithm" value="SHA-256"/>
                                            <module-option name="hashEncoding" value="base64"/>
                                        </login-module>
                                    </authentication>
                                </security-domain>
                            </security-domains>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:threads:1.1"/>
                        <subsystem xmlns="urn:jboss:domain:transactions:1.2">
                            <core-environment>
                                <process-id>
                                    <uuid/>
                                </process-id>
                            </core-environment>
                            <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
                            <coordinator-environment default-timeout="300"/>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false">
                            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
                            <virtual-server name="default-host" enable-welcome-root="true">
                                <alias name="localhost"/>
                                <alias name="example.com"/>
                            </virtual-server>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:webservices:1.1">
                            <modify-wsdl-address>true</modify-wsdl-address>
                            <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
                            <endpoint-config name="Standard-Endpoint-Config"/>
                            <endpoint-config name="Recording-Endpoint-Config">
                                <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
                                    <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
                                </pre-handler-chain>
                            </endpoint-config>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
                    </profile>
                
                    <interfaces>
                        <interface name="management">
                            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
                        </interface>
                        <interface name="public">
                            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
                        </interface>
                        <interface name="unsecure">
                            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
                        </interface>
                    </interfaces>
                
                    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
                        <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
                        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
                        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
                        <socket-binding name="ajp" port="8009"/>
                        <socket-binding name="http" port="8080"/>
                        <socket-binding name="https" port="8443"/>
                        <socket-binding name="osgi-http" interface="management" port="8090"/>
                        <socket-binding name="remoting" port="4447"/>
                        <socket-binding name="txn-recovery-environment" port="4712"/>
                        <socket-binding name="txn-status-manager" port="4713"/>
                        <outbound-socket-binding name="mail-smtp">
                            <remote-destination host="localhost" port="25"/>
                        </outbound-socket-binding>
                    </socket-binding-group>
                
                </server>
                
                • 5. Re: Remoting over SSL on AS 7.1.3
                  xiang yingbing Master

                  Are you sure your application is configured with <security-realm name="HelloRealm">???


                  why NOT use <security-realm name="ApplicationRealm"> directly???

                   

                   

                  Like this:

                      <security-realms>
                          <security-realm name="ManagementRealm">
                              <authentication>
                                  <jaas name="nms-jaas-security-domain"/>
                              </authentication>
                          </security-realm>
                          <security-realm name="ApplicationRealm">
                              <server-identities>
                                  <ssl>
                                      <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="ybxiang_keystore_password"/>
                                  </ssl>
                              </server-identities>
                              <authentication>
                                  <jaas name="nms-jaas-security-domain"/>
                              </authentication>
                              <authorization>
                                  <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                              </authorization>
                          </security-realm>
                      </security-realms>
                  • 6. Re: Remoting over SSL on AS 7.1.3
                    xiang yingbing Master

                    If you want to use TLS, then both keystore and truststore should be configured. (I think it is NOT safe to distribute client application with keystore bacause private key is saved in this keystore.)

                    I think you had better make your application work with SSL at first, because SSL is easier.

                    Then try TLS.

                    • 7. Re: Remoting over SSL on AS 7.1.3
                      xiang yingbing Master

                      There are many topics about SSL configuration with jboss 7.

                      You can search the forum.

                      • 8. Re: Remoting over SSL on AS 7.1.3
                        renz13 Newbie

                        I use @SecurityDomain("HelloDomain") in my SLSB class.

                        What is weird, is that I have an exception in my log as a warning, but after it seems to do the job correctly according to the log and the return of the remote call :

                         

                        16 oct. 2012 18:05:24 org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate

                        INFO: EJBCLIENT000013: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@12c7568, receiver=Remoting connection EJB receiver [connection=Remoting connection <13ad085>,channel=jboss.ejb,nodename=renz-precision]} on channel Channel ID b04700ad (outbound) of Remoting connection 0076e369 to localhost/127.0.0.1:4447

                        • 9. Re: Remoting over SSL on AS 7.1.3
                          renz13 Newbie

                          I've found the problem.

                           

                          I configure programmatically the EJBClientContext, but I still have a jboss-ejb-client.properties in my path, with a different configuration where SSL_ENABLED was false.

                           

                          Thanks for your help guys!

                          • 10. Re: Remoting over SSL on AS 7.1.3
                            jaikiran pai Master

                            FWIW, you can set the jboss.ejb.client.properties.skip.classloader.scan system property to true to disable classpath scanning for jboss-ejb-client.properties, to avoid issues like these:

                             

                            -Djboss.ejb.client.properties.skip.classloader.scan=true

                             

                            [Edited by jaikiran pai: Fixed the previous post which incorrectly stated that this property has to be set to false]

                            1 of 1 people found this helpful
                            • 11. Re: Remoting over SSL on AS 7.1.3
                              renz13 Newbie

                              I think I should set it to TRUE to disable classpath scan :

                               

                              -Djboss.ejb.client.properties.skip.classloader.scan=true

                               

                               

                              Thanks

                              • 12. Re: Remoting over SSL on AS 7.1.3
                                jaikiran pai Master

                                renz13 wrote:

                                 

                                I think I should set it to TRUE to disable classpath scan :

                                 

                                -Djboss.ejb.client.properties.skip.classloader.scan=true

                                 

                                 

                                Thanks

                                Ah yes! You are right

                                 

                                P.S: I've fixed my previous post so that users don't pick up that incorrect usage.