2 Replies Latest reply on Jan 7, 2003 11:08 AM by Michael Saringer

    How can I use SSL with RMI in jboss3?

    rhinestonecn Newbie

      I want to deploy a simple EJB using SSL connection and I put following files in my jar file:

      keystore file,
      ejb-jar.xml,

      jboss.xml:

      <home-invoker>jboss:service=invoker,type=jrmp,socketType=SSL</home-invoker>
      <bean-invoker>jboss:service=invoker,type=jrmp,socketType=SSL</bean-invoker>

      jboss-service.xml:
      <?xml version="1.0" encoding="UTF-8"?>



      <!-- The SSL domain setup -->




      helloworld.keystore
      password



      127.0.0.1
      4447

      org.jdctc.security.ssl.RMISSLServerSocketFactory


      org.jdctc.security.ssl.RMISSLClientSocketFactory

      jdctc.security:service=JaasSecurityDomain,domain=RMI+SSL




      But when I ran jboss, it always showed me:

      java.lang.NullPointerException
      at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(U
      nknown Source)
      at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(U
      nknown Source)
      ...

      can anybody help me?

        • 1. Re: How can I use SSL with RMI in jboss3?
          Ben Alex Newbie

          We looked into using RMI over SSL but settled on http-invoker instead. It is firewall/proxy friendly and easy to troubleshoot. Scott Stark has done a great job explaining http-invoker in the paid-for docs, but I'll explain what we did to call remote EJBs over SSL using http-invoker.

          Get it working with HTTP first.

          Assume you're using an unchanged Jboss 3.0.4/Jetty distribution... The first step is to use http-invoker over HTTP, to make sure your beans are configured properly.

          1. Write a standard bean.

          2. In your application's EJB JAR file, edit the jboss.xml to reference a container-configuration like this:

          <enterprise-beans>

          <ejb-name>MyMiddle</ejb-name>
          <jndi-name>MyMiddle</jndi-name>
          <configuration-name>HTTP Stateless SessionBean</configuration-name>

          </enterprise-beans>

          <container-configurations>
          <container-configuration extends="Standard Stateless SessionBean">
          <container-name>HTTP Stateless SessionBean</container-name>
          <home-invoker>jboss:service=invoker,type=http</home-invoker>
          <bean-invoker>jboss:service=invoker,type=http</bean-invoker>
          </container-configuration>
          </container-configurations>

          The "type=http" comes from an Mbean from the http-invoker.sar directory (which is found under your server config's deploy directory). The Mbean is defined in META-INF/jboss-service.xml.

          3. Use client code like this:

          Properties contextEnvironment = new Properties();
          String contextFactory = new String("org.jboss.naming.HttpNamingContextFactory");
          contextEnvironment.setProperty(Context.INITIAL_CONTEXT_FACTORY, contextFactory);
          String providerUrl = new String("http://server.company.com:8080/invoker/JNDIFactory");
          contextEnvironment.setProperty(Context.PROVIDER_URL, providerUrl);
          String pkgPrefixes = new String("org.jboss.naming:org.jnp.interfaces");
          contextEnvironment.setProperty(Context.URL_PKG_PREFIXES, pkgPrefixes);

          InitialContext jndiContext = new InitialContext(contextEnvironment);
          MyMiddleHome myMiddleHome = (MyMiddleHome) jndiContext.lookup(MyMiddleHome.JNDI_NAME);
          MyMiddle myMiddle = myMiddleHome.create();
          System.out.println(myMiddle.testMessage(new String("Hello, world")));

          4. Test it works. This confirms you've deployed your bean properly.

          Now move onto HTTPS.

          1. Get HTTPS operational in your web container. To make things simple whilst testing, bind your listener to port 443, and then try visiting your server in a web browser. eg: https://server.company.com. If you've made a self-signed certificate (using keytool for example) you'll get an untrusted CA warning.

          2. All the changes happen on the client end. Assuming you use a self-signed certificate, you must add it to your client's keystore. This can be done by exporting and then importing via keytool.

          3. Add to your client launch code:

          import java.security.Security;

          System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
          System.setProperty("javax.net.ssl.trustStore", "/etc/clientkeys");
          Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

          4. Change the provider URL in your client code accordingly. eg: "https://server.company.com/invoker/JNDIFactory".

          5. Test it.

          Good luck.

          Ben

          • 2. Re: How can I use SSL with RMI in jboss3?
            Michael Saringer Newbie

            guys,

            I do not want to use the http invoker to have SSL with RMI, because it seems to me to be quite slow.
            do you no a working configuration wich uses the standard invoker?
            I didn't manage to get it run although I followed the how-to in the jboss documentation.

            (jboss 3.0.4)

            michael