10 Replies Latest reply on Apr 27, 2004 12:51 PM by Joachim Van der Auwera

    JBoss-Tomcat 4.0 Bundle and SSL

    HunterHillegas Newbie

      With the current JBoss/Tomcat 4 (Catalina) bundle, is it possible to use SSL?

        • 1. Re: JBoss-Tomcat 4.0 Bundle and SSL
          Geoffrey Wiseman Newbie

          If there's a way to use SSL with JBoss/Tomcat4 (catalina), I'd like to know it as well. I'm given to understand that there is not, at the current time.

          • 2. Re: JBoss-Tomcat 4.0 Bundle and SSL
            Brill Pappin Newbie

            I've been told to *buy* the documentation, that its only listed there. I'm not going to, so if anyone finds out how, please post it.

            • 3. Re: JBoss-Tomcat 4.0 Bundle and SSL
              Colin Boatwright Newbie

              Well, you can do it. Buying the documentation doesn't help much, however, in this area (it's good and you should buy it, it's only $10!). But since the documentation doesn't seem to be right I don't feel too bad about sharing with everyone how it works for me. I feel that there is still something missing. I'm going to e-mail the authors of the documentation to either get clarification or to show them a bug in their examples. I'm fairly certain there are a few typos that account for the documentation not quite getting it right.

              This works for me running JBoss 2.4.3 with Tomcat 4.0.1 on a Solaris 8 box.

              First off, this works with the EmbeddedCatalinaServiceSX MBean only. There is another mbean that does catalina embedded (ConfigCatalinaService or something like that) but I haven't messed with that one much.

              So, in your jboss.jcml file (and I'm going to assume you already have the embedded Tomcat working) you should have a listed already. So to do SSL you really seem to have one option (the documentation talks about 3 but I have gotten only one to work).

              With this one option, you can do two things:
              1) Do you want to run SSL only?
              2) Do you want to run SSL and non-SSL?

              Either is fine. This is what works for me. If someone gets what is in the documentation working, please let me know.

              First, set up a security domain.





              /.keystore
              [[your pw]]
              JKS


              The value of the tag is the alias in your keystore.

              The "KeyStoreFile" (NOT KeyStoreURL) is the filesystem location of your java keystore (I'm assumig you know about these too, look at the 'keytool' that comes with Java). The "KeyStoreType" is JKS by default and I include it only to show that it is an option. "KeyStorePass" is the plain text password for the keystore and the key itself.

              OK, now you have a security domain. This domain can be used for other things, but for this topic I'm going to use it for the EmbeddedCatalinaServiceSX mbean.

              Modify your EmbeddedCatalinaServiceSX mbean to be:

              8443
              java:/jaas/tomcat


              That will set your default caralina connector to be SSL (and only SSL).

              Now, to have both SSL and non-SSL, the only way I've gotten that to work is to add a SECOND EmbeddedCatalinaServiceSX.


              8080
              </mbean<

              (NOTE: port 8080 is the default)

              Notice that in the SSL mbeam I used "DefaultDomain:service=EmbeddedTomcatSSL" and in the non-SSL I used "DefaultDomain:service=EmbeddedTomcat". You need a different name for each. Be careful that you have a name that matches your WarDeployerName value in your J2eeDeployer mbean. If you use just SSL can name it EmbeddedTomcatSSL like I did in my example, change your J2eeDeployer mbean's WarDeployerName value to match.

              In theory (and I'm still trying to get this to work) you can put a tag within a tag within the EmbeddedCatalinaServiceSX tag to add a second Connector (like in server.xml with Tomcat in standalone mode), but have not gotten that to work at all and am beginning to wonder if it's actually implemented ...

              I hope this is clean and helps everyone out,
              Colin Boatwright

              • 4. Re: JBoss-Tomcat 4.0 Bundle and SSL
                Richard Stollar Newbie

                I am struggeling to get the JBoss 2.4.4/Tomcat 4.0.1 build working with SSL and non-SSL connections. I have ollowed your suggestions but I still have a problem.

                I get an exception (below) when the EmbeddedCatalinaSX service is being started for SSL connections. jnet.jar is being loaded earlier at startup.

                Any ideas?

                java.lang.NoClassDefFoundError: javax/net/ServerSocketFactory
                at java.lang.ClassLoader.defineClass0(Native Method)
                at java.lang.ClassLoader.defineClass(ClassLoader.java:496)
                at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:117)
                at java.net.URLClassLoader.defineClass(URLClassLoader.java:251)
                at java.net.URLClassLoader.access$300(URLClassLoader.java:69)
                at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java(Compiled Code))
                at java.security.AccessController.doPrivileged(Native Method)
                at java.net.URLClassLoader.findClass(URLClassLoader.java(Compiled Code))
                at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
                at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
                at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:381)
                at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
                at java.lang.ClassLoader.loadClass(ClassLoader.java:257)
                at org.jboss.web.catalina.security.SSLServerSocketFactory.(SSLServerSocketFactory.java:39)
                at org.jboss.web.catalina.EmbeddedCatalinaServiceSX.initHttpConnector(EmbeddedCatalinaServiceSX.java:361)
                at org.jboss.web.catalina.EmbeddedCatalinaServiceSX.initCatalina(EmbeddedCatalinaServiceSX.java:319)
                at org.jboss.web.catalina.EmbeddedCatalinaServiceSX.startService(EmbeddedCatalinaServiceSX.java:244)
                at org.jboss.util.ServiceMBeanSupport.start(ServiceMBeanSupport.java:103)
                at java.lang.reflect.Method.invoke(Native Method)
                at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
                at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
                at org.jboss.configuration.ConfigurationService$ServiceProxy.invoke(ConfigurationService.java:967)
                at $Proxy0.start(Unknown Source)
                at org.jboss.util.ServiceControl.start(ServiceControl.java:79)
                at java.lang.reflect.Method.invoke(Native Method)
                at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1628)
                at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
                at org.jboss.Main.(Main.java:208)
                at org.jboss.Main$1.run(Main.java:110)
                at java.security.AccessController.doPrivileged(Native Method)
                at org.jboss.Main.main(Main.java:106)



                • 6. Re: JBoss-Tomcat 4.0 Bundle and SSL
                  syzygy Newbie

                  IT SUCKS ! I AM STRUGGLING FOR PAST ONE WEEK WITH SSL CONF FOR TOMCAT + JBOSS IT JUST sucks i wonder how crappy a product could be. Is there any sane head here who has just right steps to tell how to configure ssl for tomcat + jboss conf.

                  I am getting following error , anyone any ideas any pointers ? GOd BLESS JBOOOOS,

                  IS I USE NONSSL connection it works, when i use ssl connection i get following error

                  VERY ANGRY GUY !

                  :05:38,035 ERROR [STDERR] java.net.SocketTimeoutException: Read timed out
                  02:05:38,036 ERROR [STDERR] at java.net.SocketInputStream.socketRead0(Native Method)
                  02:05:38,036 ERROR [STDERR] at java.net.SocketInputStream.read(SocketInputStream.java:129)
                  02:05:38,036 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
                  02:05:38,036 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
                  02:05:38,037 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
                  02:05:38,037 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
                  02:05:38,037 ERROR [STDERR] at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
                  02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.SocketInputStream.fill(SocketInputStream.java:594)
                  02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.SocketInputStream.read(SocketInputStream.java:531)
                  02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.RequestStream.read(RequestStream.java:189)
                  02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.HttpRequestStream.read(HttpRequestStream.java:214)
                  02:05:38,037 ERROR [STDERR] at java.io.InputStream.read(InputStream.java:164)
                  02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.RequestStream.read(RequestStream.java:238)
                  02:05:38,037 ERROR [STDERR] at org.apache.catalina.connector.http.HttpRequestStream.read(HttpRequestStream.java:254)
                  02:05:38,037 ERROR [STDERR] at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:408)
                  02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:450)
                  02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:182)
                  02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder.read0(StreamDecoder.java:131)
                  02:05:38,038 ERROR [STDERR] at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:117)
                  02:05:38,038 ERROR [STDERR] at java.io.InputStreamReader.read(InputStreamReader.java:151)
                  02:05:38,038 ERROR [STDERR] at CdrServlet.doGet(CdrServlet.java:50)
                  02:05:38,038 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
                  02:05:38,038 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
                  02:05:38,038 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
                  02:05:38,038 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
                  02:05:38,038 ERROR [STDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
                  02:05:38,039 ERROR [STDERR] at org.jboss.web.catalina.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:227)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
                  02:05:38,039 ERROR [STDERR] at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
                  02:05:38,063 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
                  02:05:38,064 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
                  02:05:38,065 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
                  02:05:38,065 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
                  02:05:38,065 ERROR [STDERR] at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040)
                  02:05:38,065 ERROR [STDERR] at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151)
                  02:05:38,065 ERROR [STDERR] at java.lang.

                  • 7. Re: JBoss-Tomcat 4.0 Bundle and SSL
                    Joachim Van der Auwera Expert

                    Are you by any chance running this on a Linux box?

                    I currently have a similar problem where I am running my tests on my development box (WinXP, jsdk 1.4.2) and everything works fine, but on my deployment system (Debian Linux, jsdk 1.4.2) I can not connect to other sites using https.

                    Sounds a lot like your problem.

                    1. This is probably not a JBoss problem, more likely jvm related

                    2. Unfortunately, I haven't got a fix just. Will report when I find something.

                    Joachim

                    • 8. Re: JBoss-Tomcat 4.0 Bundle and SSL
                      Joachim Van der Auwera Expert

                      The problems I had are finally solved by upgrading to J2SDK 1.4.2

                      Joachim

                      • 9. Re: JBoss-Tomcat 4.0 Bundle and SSL
                        syzygy Newbie

                        Yes I am using linux + j2sdk1.4.02, and it doesn't work.

                        • 10. Re: JBoss-Tomcat 4.0 Bundle and SSL
                          Joachim Van der Auwera Expert

                           


                          Yes I am using linux + j2sdk1.4.02, and it doesn't work.


                          So try upgrading to the current 1.4.2_04 release. That is what I did and it helped for me.

                          Joachim