There is an OIL2 server that takes a SecurityDomain. Anyone have any luck with OIL2. I haven't seen it mentioned. Silence can only mean 1 of 2 things: its perfect, or its not-to-be used?
Never mind. After much effort, and assistance, I find a solution.
I think all the ILs take socket factories in
there MBean configurations.
You will find it more efficient
to secure the message body rather
the transport layer.
This has the added advantage that the
person operating the server cannot read the
Problem is, message-level encryption does not provide for mutual authentication with certs as SSL does. Here's what I did:
- Downloaded JSSE
- Used keytool to create a keystores for both the server and the client. Then I exported the certs from these stores and imported them into their peer as a trusted cert (imported the client’s cert into the server’s truststore and vice-versa)
- Configure jbossmq to use JSSE SSL server and client socket factories instead of the default socket factories. This can be done in jbossmq-service.xml (thanks Ivan!). No change needed for the client side, since it gets it the settings from the same file when it gets the QueueConnection from JNDI.
- Added the JSSE jars to both the client and server.
- Add JSSE as a provider in the java.security properties file. I did it by modifying java.security directly in the JRE, but JBoss is also doing it for JAAS, so this step may not be necessary.
- Added system properties to define the location of the respective keystore and truststore for both the client and server.
You can do JMS over HTTPS if you want...
1.) Download JBoss 3.2 which ships with the HTTP IL. 2.) Specify a HTTPS URL on the HTTP IL Service MBean
3.) Make sure you've got the SSL code in your classpath on the client.