JBoss-Tomcat 4.0 Bundle and SSL| JBoss.org Content Archive (Read Only)

1. Re: JBoss-Tomcat 4.0 Bundle and SSL

diathesis Dec 13, 2001 11:05 AM (in response to hunterhillegas)

If there's a way to use SSL with JBoss/Tomcat4 (catalina), I'd like to know it as well. I'm given to understand that there is not, at the current time.

2. Re: JBoss-Tomcat 4.0 Bundle and SSL

brillpappin Dec 13, 2001 7:53 PM (in response to hunterhillegas)

I've been told to *buy* the documentation, that its only listed there. I'm not going to, so if anyone finds out how, please post it.

3. Re: JBoss-Tomcat 4.0 Bundle and SSL

cbboatwr Dec 14, 2001 3:48 PM (in response to hunterhillegas)

Well, you can do it. Buying the documentation doesn't help much, however, in this area (it's good and you should buy it, it's only $10!). But since the documentation doesn't seem to be right I don't feel too bad about sharing with everyone how it works for me. I feel that there is still something missing. I'm going to e-mail the authors of the documentation to either get clarification or to show them a bug in their examples. I'm fairly certain there are a few typos that account for the documentation not quite getting it right.

This works for me running JBoss 2.4.3 with Tomcat 4.0.1 on a Solaris 8 box.

First off, this works with the EmbeddedCatalinaServiceSX MBean only. There is another mbean that does catalina embedded (ConfigCatalinaService or something like that) but I haven't messed with that one much.

So, in your jboss.jcml file (and I'm going to assume you already have the embedded Tomcat working) you should have a listed already. So to do SSL you really seem to have one option (the documentation talks about 3 but I have gotten only one to work).

With this one option, you can do two things:
1) Do you want to run SSL only?
2) Do you want to run SSL and non-SSL?

Either is fine. This is what works for me. If someone gets what is in the documentation working, please let me know.

First, set up a security domain.

/.keystore
[[your pw]]
JKS

The value of the tag is the alias in your keystore.

The "KeyStoreFile" (NOT KeyStoreURL) is the filesystem location of your java keystore (I'm assumig you know about these too, look at the 'keytool' that comes with Java). The "KeyStoreType" is JKS by default and I include it only to show that it is an option. "KeyStorePass" is the plain text password for the keystore and the key itself.

OK, now you have a security domain. This domain can be used for other things, but for this topic I'm going to use it for the EmbeddedCatalinaServiceSX mbean.

Modify your EmbeddedCatalinaServiceSX mbean to be:

8443
java:/jaas/tomcat

That will set your default caralina connector to be SSL (and only SSL).

Now, to have both SSL and non-SSL, the only way I've gotten that to work is to add a SECOND EmbeddedCatalinaServiceSX.

8080
</mbean<

(NOTE: port 8080 is the default)

Notice that in the SSL mbeam I used "DefaultDomain:service=EmbeddedTomcatSSL" and in the non-SSL I used "DefaultDomain:service=EmbeddedTomcat". You need a different name for each. Be careful that you have a name that matches your WarDeployerName value in your J2eeDeployer mbean. If you use just SSL can name it EmbeddedTomcatSSL like I did in my example, change your J2eeDeployer mbean's WarDeployerName value to match.

In theory (and I'm still trying to get this to work) you can put a tag within a tag within the EmbeddedCatalinaServiceSX tag to add a second Connector (like in server.xml with Tomcat in standalone mode), but have not gotten that to work at all and am beginning to wonder if it's actually implemented ...

I hope this is clean and helps everyone out,
Colin Boatwright

4. Re: JBoss-Tomcat 4.0 Bundle and SSL

stollar Feb 26, 2002 7:23 AM (in response to hunterhillegas)

I am struggeling to get the JBoss 2.4.4/Tomcat 4.0.1 build working with SSL and non-SSL connections. I have ollowed your suggestions but I still have a problem.

I get an exception (below) when the EmbeddedCatalinaSX service is being started for SSL connections. jnet.jar is being loaded earlier at startup.

Any ideas?

java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:496)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:117)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:251)
at java.net.URLClassLoader.access$300(URLClassLoader.java:69)
at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java(Compiled Code))
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java(Compiled Code))
at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
at java.lang.ClassLoader.loadClass(ClassLoader.java:257)
at org.jboss.web.catalina.security.SSLServerSocketFactory.(SSLServerSocketFactory.java:39)
at org.jboss.web.catalina.EmbeddedCatalinaServiceSX.initHttpConnector(EmbeddedCatalinaServiceSX.java:361)
at org.jboss.web.catalina.EmbeddedCatalinaServiceSX.initCatalina(EmbeddedCatalinaServiceSX.java:319)
at org.jboss.web.catalina.EmbeddedCatalinaServiceSX.startService(EmbeddedCatalinaServiceSX.java:244)
at org.jboss.util.ServiceMBeanSupport.start(ServiceMBeanSupport.java:103)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at org.jboss.configuration.ConfigurationService$ServiceProxy.invoke(ConfigurationService.java:967)
at $Proxy0.start(Unknown Source)
at org.jboss.util.ServiceControl.start(ServiceControl.java:79)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at org.jboss.Main.(Main.java:208)
at org.jboss.Main$1.run(Main.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.Main.main(Main.java:106)

5. Re: JBoss-Tomcat 4.0 Bundle and SSL

johnnycannuk Feb 27, 2002 3:40 PM (in response to hunterhillegas)

Look here

http://jboss.org/forums/thread.jsp?forum=61&thread=6234

and here

http://main.jboss.org/thread.jsp?forum=49&thread=6128&message=370050&q=jboss+ssl#370050

Keep on trying guys...it does work

Mike

6. Re: JBoss-Tomcat 4.0 Bundle and SSL

syzygy Apr 27, 2004 1:23 AM (in response to hunterhillegas)

IT SUCKS ! I AM STRUGGLING FOR PAST ONE WEEK WITH SSL CONF FOR TOMCAT + JBOSS IT JUST sucks i wonder how crappy a product could be. Is there any sane head here who has just right steps to tell how to configure ssl for tomcat + jboss conf.

I am getting following error , anyone any ideas any pointers ? GOd BLESS JBOOOOS,

IS I USE NONSSL connection it works, when i use ssl connection i get following error

VERY ANGRY GUY !

:05:38,035 ERROR [STDERR] java.net.SocketTimeoutException: Read timed out
02:05:38,036 ERROR [STDERR] at java.net.SocketInputStream.socketRead0(Native Method)
02:05:38,036 ERROR [STDERR] at java.net.SocketInputStream.read(SocketInputStream.java:129)
02:05:38,036 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
02:05:38,036 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
02:05:38,037 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
02:05:38,037 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
02:05:38,037 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.SocketInputStream.fill(SocketInputStream.java:594)
02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.SocketInputStream.read(SocketInputStream.java:531)
02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.RequestStream.read(RequestStream.java:189)
02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.HttpRequestStream.read(HttpRequestStream.java:214)
02:05:38,037 ERROR [STDERR] at java.io.InputStream.read(InputStream.java:164)
02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.RequestStream.read(RequestStream.java:238)
02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.HttpRequestStream.read(HttpRequestStream.java:254)
02:05:38,037 ERROR [STDERR] at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:408)
02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:450)
02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:182)
02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder.read0(StreamDecoder.java:131)
02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:117)
02:05:38,038 ERROR [STDERR] at java.io.InputStreamReader.read(InputStreamReader.java:151)
02:05:38,038 ERROR [STDERR] at CdrServlet.doGet(CdrServlet.java:50)
02:05:38,038 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
02:05:38,038 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
02:05:38,038 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
02:05:38,038 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
02:05:38,038 ERROR [STDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
02:05:38,039 ERROR [STDERR] at org.jboss.web.catalina.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:227)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
02:05:38,063 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
02:05:38,065 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
02:05:38,065 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
02:05:38,065 ERROR [STDERR] at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040)
02:05:38,065 ERROR [STDERR] at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151)
02:05:38,065 ERROR [STDERR] at java.lang.

7. Re: JBoss-Tomcat 4.0 Bundle and SSL

triathlon98 Apr 27, 2004 2:58 AM (in response to hunterhillegas)

Are you by any chance running this on a Linux box?

I currently have a similar problem where I am running my tests on my development box (WinXP, jsdk 1.4.2) and everything works fine, but on my deployment system (Debian Linux, jsdk 1.4.2) I can not connect to other sites using https.

Sounds a lot like your problem.

1. This is probably not a JBoss problem, more likely jvm related

2. Unfortunately, I haven't got a fix just. Will report when I find something.

Joachim

Yes I am using linux + j2sdk1.4.02, and it doesn't work.

So try upgrading to the current 1.4.2_04 release. That is what I did and it helped for me.

Joachim

JBossDeveloper

JBoss-Tomcat 4.0 Bundle and SSL