0 Replies Latest reply on May 25, 2015 10:23 AM by b1gs b1gs

    Secure client EJB request jboss 6.1.1 final

    b1gs b1gs Newbie

      I am using Jboss EAP 6.1.1. and i need to add supporting of SSL to our client-server application.
      And i figure out that it need to set some configuration for server and client to do that. I setup server config as well.
      But i drive to issue how to set up client for requesting secured RMI via (remote://) protocol.

       

      This is the text snippet from "JBoss Enterprise Application Platform 6.1 Security Guide":


      Secure Transport Configuration

      Remoting transports use StartTLS to use a secure (HTTPS, Secure Servlet, etc) connection if the client requests it.The same socket binding (network port) is used for secured and unsecured connections, so no additional server-side configuration is necessary. The client requests the secure or unsecured transport, as its needs dictate. JBoss Enterprise Application Platform components which use Remoting, such as EJBs, the ORB, and the JMS provider, request secured interfaces by default.

       

       

      Warning: StartTLS Security Considerations

      StartTLS works by activating a secure connection if the client requests it, and otherwise defaulting to an unsecured connection. It is inherently susceptible to a Man in the Middlestyle exploit, wherein an attacker intercepts the client's request and modifies it to request an unsecured connection. Clients must be written to fail appropriately if they do not receive a secure connection, unless an unsecured connection actually is an appropriate fall-back.

       

       

       

      As I understood client need some properties or configuration for "requesting secure connection". What props do I need to setup or what I need to do for using RMI securely.

       

      Thanks for advice.