6 Replies Latest reply on Sep 1, 2004 6:10 AM by Ciji Karimattom

    Secure the Invokers

    Ciji Karimattom Newbie

      Hi All,

      I am using an RMIAdaptor to get hold of the MBean Server and i am in the process of developiung an application that discovers JBoss 3.2.x. running in a network.Whether there is any way to secure the RMIAdaptor Service ? We want to restrict the access to those who knolw the proper Security Credentiols.
      IN the Wiki there is a document http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheInvokers
      Can anyone provide me more clue or alternate ideas for the issue i am facing.?
      Thanks in Advance.

      Ciji Joseph

      Please feel free to mail to cijijoseph@rediffmail.com , for any clarifications reagrding this.

        • 1. Re: Secure the Invokers
          Scott Stark Master

          So what is wrong with the referenced wiki page?

          • 2. Re: Secure the Invokers
            Ciji Karimattom Newbie

            Thanks for the reply Scott.

            The issue is that i would like to know whether we can apply the Security Credentials and secure the JBoss Server , if we are securing the invokers in the way suggested in the Wiki.

            Please find attatced the code

            Properties env = new Properties();
            String jmxConnectionURL="jnp://"+serverURL+":"+port;
            env.setProperty(Context.PROVIDER_URL, jmxConnectionURL);
            env.put(Context.SECURITY_PRINCIPAL, "user");
            env.put(Context.SECURITY_CREDENTIALS, "passwd");
            InitialContext ctx_ = new InitialContext(env);
            Object obj = ctx_.lookup("jmx/invoker/RMIAdaptor");
            RMIAdaptor rmiAdaptor_ = (RMIAdaptor)PortableRemoteObject.narrow(obj,RMIAdaptor.class);

            Thanks in Advance.

            • 3. Re: Secure the Invokers
              Scott Stark Master

              We do not use the InitialContext as the means for obtaining the username and password. Read the JAAS Howto in this forum.

              • 4. Re: Secure the Invokers
                Ciji Karimattom Newbie

                Thanks Scott.

                It worked using the JAAS Login Context..

                Please feel free to ping me if any one is intrerested in looking into the Code

                • 5. Re: Secure the Invokers
                  Vijay G Newbie

                  Can you share the code

                  • 6. Re: Secure the Invokers
                    Ciji Karimattom Newbie

                    Properties properties = new Properties();
                    properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); properties.put(Context.URL_PKG_PREFIXES,"org.jboss.naming:org.jnp.interfaces");
                    properties.put(Context.PROVIDER_URL, serverURL);
                    Context ctx = new InitialContext(properties);
                    JBossCallBackHandler jb = new JBossCallBackHandler(); System.setProperty("java.security.auth.login.config","/usr/ciji/JBoss/CodeSamples/Security/auth.conf");
                    LoginContext lc = new LoginContext("other", jb);
                    Object obj = ctx.lookup("jmx/invoker/RMIAdaptor");
                    RMIAdaptor rmiAdaptor_ = (RMIAdaptor)PortableRemoteObject.narrow(obj,RMIAdaptor.class);


                    public class JBossCallBackHandler implements CallbackHandler {

                    /* (non-Javadoc)
                    * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
                    public void handle(Callback[] callbacks)
                    throws IOException, UnsupportedCallbackException {

                    for (int i = 0; i < callbacks.length; i++) {
                    if (callbacks instanceof NameCallback) {
                    // prompt the user for a username
                    NameCallback nc = (NameCallback)callbacks
                    // ignore the provided defaultName
                    } else if (callbacks instanceof PasswordCallback) {
                    // prompt the user for sensitive information
                    PasswordCallback pc = (PasswordCallback)callbacks
                    char[] test ={'a','d','m','i','n'};
                    // TODO Auto-generated method stub