0 Replies Latest reply on Mar 18, 2008 1:24 PM by Andy Peel

    Problem configuring JRMPInvoker with SSL

    Andy Peel Newbie

      I've spent most of the last 2 days trying to get SSL working for EJB3 clients, with no luck.

      The problem I'm seeing is a NullPointerException when starting JBoss:

      2008-03-18 16:48:19,820 ERROR [main] JRMPInvoker | Failed to setSecurityDomain=java:/jaas/gds on socket factory
      java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
      at org.jboss.invocation.jrmp.server.JRMPInvoker.loadCustomSocketFactories(JRMPInvoker.java:546)


      This seems to be the same problem as at:
      http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137357#4137357

      and also the same as the following issue raised in JBoss JIRA at:
      http://jira.jboss.com/jira/browse/JBAS-5269


      The nitty gritty:

      We have a custom JAAS LoginModule setup in login-config.xml. This is working when authenticating from the web container.

      For direct EJB-client access I have a jboss.xml file in the ejb jar which points to the application policy setup in login-conf.xml:

      <security-domain>java:/jaas/gds</security-domain>


      I then have the following in my jboss-service.xml:



       <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
       name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
       <constructor>
       <arg type="java.lang.String" value="java:/jaas/gds"/>
       </constructor>
       <attribute name="KeyStoreURL">${jboss.server.home.dir}/mykeystore</attribute>
       <attribute name="KeyStorePass">blah</attribute>
       </mbean>
      
       <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
       name="jboss:service=invoker,type=jrmp,socketType=SSL">
       <attribute name="RMIObjectPort">4444</attribute>
       <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
       <attribute name="RMIServerSocketFactoryBean" attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory" serialDataType="javaBean">
       <property name="bindAddress">${jboss.bind.address}</property>
       <property name="securityDomain">java:/jaas/gds</property>
       <property name="wantsClientAuth">true</property>
       <property name="needsClientAuth">true</property>
       <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_128_CBC_SHA</property>
       <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
       </attribute>
      
       <depends>jboss.security:service=JaasSecurityManager</depends>
       <depends>jboss:service=TransactionManager</depends>
       <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
       </mbean>


      And when I start JBoss I get the NPE shown above.

      Running in debug, when Context.forDomain() is called, it's pass a null SecurityDomain.

      I'm running JBoss 4.2.0GA.

      What am I doing wrong?