6 Replies Latest reply on Sep 1, 2004 6:10 AM by cijijoseph

Secure the Invokers

cijijoseph Aug 26, 2004 1:40 AM

Hi All,

I am using an RMIAdaptor to get hold of the MBean Server and i am in the process of developiung an application that discovers JBoss 3.2.x. running in a network.Whether there is any way to secure the RMIAdaptor Service ? We want to restrict the access to those who knolw the proper Security Credentiols.
IN the Wiki there is a document http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheInvokers
Can anyone provide me more clue or alternate ideas for the issue i am facing.?
Thanks in Advance.

Regards
Ciji Joseph

Please feel free to mail to cijijoseph@rediffmail.com , for any clarifications reagrding this.

1. Re: Secure the Invokers

starksm64 Aug 26, 2004 1:57 AM (in response to cijijoseph)

So what is wrong with the referenced wiki page?
Actions
2. Re: Secure the Invokers

cijijoseph Aug 26, 2004 2:46 AM (in response to cijijoseph)

Thanks for the reply Scott.

The issue is that i would like to know whether we can apply the Security Credentials and secure the JBoss Server , if we are securing the invokers in the way suggested in the Wiki.

Please find attatced the code

Properties env = new Properties();
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
env.setProperty(Context.URL_PKG_PREFIXES,"org.jboss.naming:org.jnp.interfaces");
env.setProperty("jnp.sotimeout","10000");
String jmxConnectionURL="jnp://"+serverURL+":"+port;
env.setProperty(Context.PROVIDER_URL, jmxConnectionURL);
env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_CREDENTIALS, "passwd");
InitialContext ctx_ = new InitialContext(env);
Object obj = ctx_.lookup("jmx/invoker/RMIAdaptor");
RMIAdaptor rmiAdaptor_ = (RMIAdaptor)PortableRemoteObject.narrow(obj,RMIAdaptor.class);

Thanks in Advance.
Regards
Ciji
Actions
3. Re: Secure the Invokers

starksm64 Aug 27, 2004 9:52 AM (in response to cijijoseph)

We do not use the InitialContext as the means for obtaining the username and password. Read the JAAS Howto in this forum.
Actions
4. Re: Secure the Invokers

cijijoseph Aug 30, 2004 1:20 PM (in response to cijijoseph)

Thanks Scott.

It worked using the JAAS Login Context..

Please feel free to ping me if any one is intrerested in looking into the Code
Actions
5. Re: Secure the Invokers

vijaygrk Aug 31, 2004 12:56 PM (in response to cijijoseph)

Can you share the code
Actions
6. Re: Secure the Invokers

cijijoseph Sep 1, 2004 6:10 AM (in response to cijijoseph)

Properties properties = new Properties();
properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); properties.put(Context.URL_PKG_PREFIXES,"org.jboss.naming:org.jnp.interfaces");
properties.put(Context.PROVIDER_URL, serverURL);
Context ctx = new InitialContext(properties);
JBossCallBackHandler jb = new JBossCallBackHandler(); System.setProperty("java.security.auth.login.config","/usr/ciji/JBoss/CodeSamples/Security/auth.conf");
LoginContext lc = new LoginContext("other", jb);
lc.login();
Object obj = ctx.lookup("jmx/invoker/RMIAdaptor");
RMIAdaptor rmiAdaptor_ = (RMIAdaptor)PortableRemoteObject.narrow(obj,RMIAdaptor.class);

JBossCallBackHandler

public class JBossCallBackHandler implements CallbackHandler {

/* (non-Javadoc)
* @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
*/
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {

for (int i = 0; i < callbacks.length; i++) {
if (callbacks instanceof NameCallback) {
// prompt the user for a username
NameCallback nc = (NameCallback)callbacks;
// ignore the provided defaultName
nc.setName("admin");
} else if (callbacks instanceof PasswordCallback) {
// prompt the user for sensitive information
PasswordCallback pc = (PasswordCallback)callbacks;
System.err.print(pc.getPrompt());
System.err.flush();
char[] test ={'a','d','m','i','n'};
pc.setPassword(test);
}
}
// TODO Auto-generated method stub

}
}
Actions

Go to original post