0 Replies Latest reply on May 26, 2009 10:37 AM by Andrzej Smolinski

    ssl connection to ejb in cluster using @RemoteBinding

    Andrzej Smolinski Newbie

      Hello there,
      could anybody help or point the right direction?
      JBoss 5.1.0CR1, JDK 1.6, XP (development env)
      cluster (configuration: all)

      I try to use ssl connection to reach ejb component.

      1. added ssl-service.xml to META-INF of ejb jar

      <?xml version="1.0" encoding="UTF-8"?>
       <!-- The server socket factory mbean to be used as attribute to socket invoker -->
       <!-- which uses the JaasSecurityDomain -->
       <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
       display-name="SecurityDomain Server Socket Factory">
       <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
       <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
       <!-- This must correlate with the java:/jaas/SSL above -->
       <arg type="java.lang.String" value="SSLAdvanced"/>
       <!-- The location of the keystore
       resource: loads from the classloaders conf/ is the first classloader -->
       <attribute name="KeyStoreURL">traffic.keystore</attribute>
       <attribute name="KeyStorePass">trafficssl</attribute>
       <!-- The Connector is the core component of the remoting server service. -->
       <!-- It binds the remoting invoker (transport protocol, callback configuration, -->
       <!-- data marshalling, etc.) with the invocation handlers. -->
       <mbean code="org.jboss.remoting.transport.Connector"
       display-name="Socket transport Connector">
       <attribute name="Configuration">
       <invoker transport="sslsocket">
       <attribute name="dataType" isParam="true">invocation</attribute>
       <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
       <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
       <!-- The following is for setting the server socket factory. If want ssl support -->
       <!-- use a server socket factory that supports ssl. The only requirement is that -->
       <!-- the server socket factory value must be an ObjectName, meaning the -->
       <!-- server socket factory implementation must be a MBean and also -->
       <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
       <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute>
       <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
       <attribute name="serverBindPort">3843</attribute>
       <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>

      2. generated all keystore/certificate etc.

      3. added annotation to ejb (many different trials):
      @RemoteBinding(jndiBinding="someEjb/remote", clientBindUrl = "sslsocket://${jboss.bind.address}:3843")
      @RemoteBinding(jndiBinding="someEjb/remote", clientBindUrl = "sslsocket://")

      If I put real target ip of ejb container then it works fine, but only with one machines from cluster (obvious, you can't put two ip addresses in clientBindUrl), whenever I try to use mask or ${jboss.bind.address} it doesn't work.

      I couldn't find any working solution and of course many examples that use mask works fine (but only for local communication: client and server on the same machine). Could not find any working solution for ssl in cluster setup.

      Any help would be really appreciated!