2 Replies Latest reply on Oct 15, 2013 8:20 AM by WarnerJan Veldhuis

    SSL for http-remoting

    WarnerJan Veldhuis Newbie

      I need some help configuring SSL for http-remoting. I got my remote client working with plain http-remoting (via port 8080), but I want it to use SSL (via 8443). I got Undertow running with HTTPS and a self-signed certificate, like the documentation said. All I need now is to connect the http-remote client to the server using SSL. I have no clue how to set that up. I couldn't find any client examples in the documentation. Here's some of my configuration.

       

      In standalone-full.xml:

      <management>

      <security-realm name="UndertowRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="xxx.keystore" relative-to="jboss.server.config.dir" keystore-password="mypassword"/>

                          </ssl>

                      </server-identities>

                  </security-realm>

              </security-realms>

      </management>

      ...

      <subsystem xmlns="urn:jboss:domain:undertow:1.0">

                  <buffer-caches>

                      <buffer-cache name="default" buffer-size="1024" buffers-per-region="1024" max-regions="10"/>

                  </buffer-caches>

                  <server name="default-server">

                      <http-listener name="default" max-post-size="10485760" socket-binding="http"/>

                      <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>

                      <host name="default-host" alias="localhost">

                          <location name="/" handler="welcome-content"/>

                      </host>

                  </server>

                  <servlet-container name="default" default-buffer-cache="default" stack-trace-on-error="local-only">

                      <jsp-config/>

                      <persistent-sessions path="persistent-web-sessions" relative-to="jboss.server.data.dir"/>

                  </servlet-container>

                  <handlers>

                      <file name="welcome-content" path="${jboss.home.dir}/welcome-content" directory-listing="true"/>

                  </handlers>

              </subsystem>

       

      I know it works, because I can access my webapplication via https://10.0.0.100:8443/MyWebApp.

       

      This is the client code, which still uses non-SSL. How do I modify this code to use SSL?

       

      String serverName = "10.0.0.100";

      String serverPort = "8080";

      Properties props = new Properties();

      props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

      props.put(Context.PROVIDER_URL, "http-remoting://" + serverName + ":" + serverPort);

      props.put("jboss.naming.client.ejb.context", true);

      InitialContext context = new InitialContext(props);

        • 1. Re: SSL for http-remoting
          jaikiran pai Master

          There's https-remoting for HTTPS support. So change the following:

          WarnerJan Veldhuis wrote:

           


          String serverName = "10.0.0.100";

          String serverPort = "8080";

          ....

          props.put(Context.PROVIDER_URL, "http-remoting://" + serverName + ":" + serverPort);

          props.put("jboss.naming.client.ejb.context", true);

          InitialContext context = new InitialContext(props);

          to:

           

          serverPort = 8443;

          ...

          props.put(Context.PROVIDER_URL, "https-remoting://" + serverName + ":" + serverPort);

          • 2. Re: SSL for http-remoting
            WarnerJan Veldhuis Newbie

            Thanks for your reply. It looks ridiculously simple, and I kinda hoped it was, but my remote client doesn't connect to the server. This is the stacktrace:

            javax.naming.NamingException: Failed to connect to any server. Servers tried: [https-remoting://10.0.0.100:8443]

                at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:213)

                at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:144)

                at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:125)

                at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:241)

                at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:79)

                at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:83)

                at javax.naming.InitialContext.lookup(InitialContext.java:411)

                at com.initech.factory.ClientBusinessDelegateImpl.getEJBObject(ClientBusinessDelegateImpl.java:84)

             

            Am I missing a line in standalone-full.xml? In subsystem jboss:domain:ejb there is this line:

            <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>

            Should there be a "https-remoting-connector" of some sort?

             

            My current configuration works for jsp and servlets, since the webcomponent is visible using https, so the (self-signed) certificate works.