-
1. Re: JMS over SSL
stephanenicoll Sep 13, 2003 1:53 AM (in response to colinmadere)update log4j to run JMS in trace mode, This might help you figuring out what's happening
-
2. Re: JMS over SSL
colinmadere Sep 16, 2003 4:19 PM (in response to colinmadere)Well, as you can see in my original message the exception is not in a jboss class, but rather a class that the jboss mq classes use.
I added this to my /conf/log4j.xml but it did not change the output at all (as expected due to where the error occurs). -
3. Re: JMS over SSL
colinmadere Sep 16, 2003 4:23 PM (in response to colinmadere)(would edit the previous message, but don't see the option)
Any idea why the entry log4j.xml would not take? I don't see any trace output at all even though I've defined it for "org.jboss.mq". -
4. Re: JMS over SSL
colinmadere Sep 16, 2003 5:18 PM (in response to colinmadere)Yes I "fixed" the above and added the correct class attribute for "TRACE" like in the dox and still don't get the extra output to the console...
-
5. Re: JMS over SSL
adrian.brock Sep 16, 2003 6:12 PM (in response to colinmadere)It appears in log/server.log
I suspect your problem is in the ssl config,
there are some system properties in the jsse docs
for debugging.
Regards,
Adrian -
6. Re: JMS over SSL
colinmadere Sep 16, 2003 7:27 PM (in response to colinmadere)But I've followed the JBoss dox on configuring SSL. Are you saying they are incomplete with respect to configuring SSL for use with JBoss?
-
7. Re: JMS over SSL
adrian.brock Sep 17, 2003 10:39 AM (in response to colinmadere)No, I'm saying you've probably gone wrong somewhere.
The error you are receiving is from the ssl layer
so you will need to enable debug at that level
to see the problem.
The most obvious problems will be with your truststore.
Regards,
Adrian -
8. Re: JMS over SSL
colinmadere Sep 17, 2003 12:25 PM (in response to colinmadere)Hmm. If the embedded Tomcat SSL works, and access to the JMX-console works via SSL and EJB SSL access works, would that rule out that possibility?
Trying to avoid wild goose chases :)
This is a clean install and the _only_ settings I've changed from 'default' are what is suggested in the documentation for SSL enabling and what I have mentioned above. -
9. Re: JMS over SSL
colinmadere Sep 24, 2003 4:42 PM (in response to colinmadere)So I have no resolution on this. Going to wait for the trainer to show up and hope he can fix this (or help us find the issue).
Adrian, if you could explain how it is that I followed the docs, set the right factories for the JMS service for use via SSL (and that the super-simple JMS test client works in non-SSL mode) and made no other config changes from the default settings and it is still I that "went wrong somewhere", I'm all ears. -
10. Re: JMS over SSL
adrian.brock Sep 24, 2003 4:50 PM (in response to colinmadere)I have no idea why it doesn't work.
I've never tried this configuration myself.
All you've posted is some configuration on the server.
I suggested you add some debugging so you can
see what the ssl connection initiated by the client
is trying (and failing) to do.
I can't help you if you only provide sarcastic comments
rather than information.
Regards,
Adrian -
11. Re: JMS over SSL
adrian.brock Sep 24, 2003 5:48 PM (in response to colinmadere)OK, I just tried it, here is what I did.
1) Created a keystore in server/default/conf/test.keystore
2) Created a security domain that references it
(resource: is jboss specific protocol that loads from the
classloader, conf/ is the first classloader installed by jboss)<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=SSL"> <constructor> <arg type="java.lang.String" value="SSL"/> </constructor> <attribute name="KeyStoreURL">resource:test.keystore</attribute> <attribute name="KeyStorePass">ssltest</attribute> </mbean>
3) Deployed a HTTPSUIL2ConnectionFactory<mbean code="org.jboss.mq.il.uil2.UILServerILService" name="jboss.mq:service=InvocationLayer,type=HTTPSUIL2"> <depends optional-attribute-name="Invoker">jboss.mq:service=Invoker</depends> <attribute name="ConnectionFactoryJNDIRef">HTTPSUIL2ConnectionFactory</attribute> <attribute name="XAConnectionFactoryJNDIRef">HTTPSUIL2XAConnectionFactory</attribute> <attribute name="ServerBindPort">8193</attribute> <attribute name="PingPeriod">60000</attribute> <attribute name="EnableTcpNoDelay">true</attribute> <!-- Used to disconnect the client if there is no activity --> <!-- Ensure this is greater than the ping period --> <attribute name="ReadTimeout">70000</attribute> <!-- The size of the buffer (in bytes) wrapping the socket --> <!-- The buffer is flushed after each request --> <attribute name="BufferSize">2048</attribute> <!-- Large messages may block the ping/pong --> <!-- A pong is simulated after each chunk (in bytes) for both reading and writing --> <!-- It must be larger than the buffer size --> <attribute name="ChunkSize">1000000</attribute> <attribute name="ClientSocketFactory">org.jboss.security.ssl.ClientSocketFactory</attribute> <attribute name="ServerSocketFactory">org.jboss.security.ssl.DomainServerSocketFactory</attribute> <attribute name="SecurityDomain">java:/jaas/SSL</attribute> </mbean>
On the client set the system property to use the keystore
as the truststore.<java classname="test.client.Client" fork="true"> <sysproperty key="javax.net.ssl.trustStore" path="${jboss.home}/server/${jboss.config}/conf/test.keystore"/> <classpath refid="client.classpath"/> </java>
Job Done.
Regards,
Adrian -
12. Re: JMS over SSL
stephanenicoll Sep 25, 2003 1:27 AM (in response to colinmadere)Adrian, your last comment should be added in the FAQ, shouldn't be?
Might be usefull
Regards,
Stephane -
13. Re: JMS over SSL
urciolo Oct 10, 2003 2:31 PM (in response to colinmadere)I am attempting to have JMS over SSL. What am I doing incorrectly. I attempted to follow the directions. But I get the the error message below when the OIL2 service starts. My security domain configuration looks like this:
ssl1
test01
I added these attributes to the oil2 config:
ssl1
org.jboss.security.ssl.ClientSocketFactory
org.jboss.security.ssl.DomainServerSocketFactory
16:18:23,366 ERROR [OIL2ServerILService] Failed to setSecurityDomain=ssl1 on socket factory
16:18:23,366 ERROR [OIL2ServerILService] Starting failed
java.lang.NullPointerException
at org.jboss.security.ssl.DomainServerSocketFactory.initSSLContext(DomainServerSocketFactory.java:171)
at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:103)
at org.jboss.mq.il.oil2.OIL2ServerILService.startService(OIL2ServerILService.java:485)
at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
at $Proxy13.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:394)
at org.jboss.system.ServiceController.start(ServiceController.java:411)
at org.jboss.system.ServiceController.start(ServiceController.java:411)
at org.jboss.system.ServiceController.start(ServiceController.java:411)
at org.jboss.system.ServiceController.start(ServiceController.java:411)
at org.jboss.system.ServiceController.start(ServiceController.java:411)
at org.jboss.system.ServiceController.start(ServiceController.java:411)
at org.jboss.system.ServiceController.start(ServiceController.java:411)
at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy4.start(Unknown Source)
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:824)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:632)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy6.deploy(Unknown Source)
at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:302)
at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:476)
at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:201)
at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:274)
at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
at $Proxy0.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:394)
at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy4.start(Unknown Source)
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:226)
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:824)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:632)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:605)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:589)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy5.deploy(Unknown Source)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:384)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:291)
at org.jboss.Main.boot(Main.java:150)
at org.jboss.Main$1.run(Main.java:388)
at java.lang.Thread.run(Thread.java:534) -
14. Re: JMS over SSL
adrian.brock Oct 10, 2003 2:36 PM (in response to colinmadere)The security domain name is the constructor argument "SSL"
You should have:<attribute name="SecurityDomain">SSL</attribute> <attribute name="ClientSocketFactory">org.jboss.security.ssl.ClientSocketFactory</attribute> <attribute name="ServerSocketFactory">org.jboss.security.ssl.DomainServerSocketFactory</attribute>
Regards,
Adrian