Unable to shutdown JBoss when SSL is enabled...
mdessure Nov 17, 2005 3:17 PMI set up JBoss to be SSL using my own generated self-signed key pair and the server and my application work fine except for the shutdown script.
So I modified the $JBOSS_HOME/server/conf/jboss-service.xml to add the following mbean definition:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=my-domain"> <constructor> <arg type="java.lang.String" value="my-domain"/> </constructor> <attribute name="KeyStoreURL">${jboss.server.home.dir}/conf/my.keystore</attribute> <attribute name="KeyStorePass">password</attribute> </mbean>
Where my.keystore is the keystore the server uses.
I also modified the entry for the JRMPInvoker to look like this:
<!-- RMI/JRMP invoker --> <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp"> <attribute name="RMIObjectPort">4444</attribute> <attribute name="ServerAddress">${jboss.bind.address}</attribute> <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute> <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute> <attribute name="SecurityDomain">java:/jaas/my-domain</attribute> <depends>jboss:service=TransactionManager</depends> <depends>jboss.security:service=JaasSecurityDomain,domain=my-domain</depends> </mbean>
I also modified the shutdown.bat to have these 2 new JAVA_OPTS:
-Djavax.net.ssl.trustStore=%DIRNAME%/../server/default/conf/my.truststore
-Djavax.net.ssl.trustStorePassword=password
I call the shutdown script like this:
shutdown.bat -s localhost:11029 -u admin -p admin -S
I get the following exception:
Exception in thread "main" java.lang.reflect.UndeclaredThrowableException at $Proxy1.shutdown(Unknown Source) at org.jboss.Shutdown.main(Shutdown.java:205) Caused by: java.rmi.ServerException: IOE; nested exception is: java.io.IOException: HTTPS hostname wrong: should be <my_host_name> at org.jboss.invocation.http.interfaces.HttpInvokerProxy.invoke(HttpInvokerProxy.java:118) at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:163) at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:103) at org.jboss.jmx.connector.invoker.client.InvokerAdaptorClientInterceptor.invoke(InvokerAdaptorClientInterceptor.java:51) at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55) at org.jboss.proxy.ClientMethodInterceptor.invoke(ClientMethodInterceptor.java:59) at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:91) at $Proxy0.invoke(Unknown Source) at org.jboss.Shutdown$ServerProxyHandler.invoke(Shutdown.java:234) ... 2 more Caused by: java.io.IOException: HTTPS hostname wrong: should be <my_host_name> at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at org.jboss.invocation.http.interfaces.Util.invoke(Util.java:126) at org.jboss.invocation.http.interfaces.HttpInvokerProxy.invoke(HttpInvokerProxy.java:103) ... 10 more
I remembered that there's another jboss option to disable hostname checking:
-Dorg.jboss.security.ignoreHttpsHost=true
I added that to the list of JAVA_OPTS in shutdown script and now I get the following exception:
shutdown.bat -s localhost:11029 -u admin -p admin -S Exception in thread "main" java.lang.StackOverflowError at java.util.TreeMap.firstEntry(TreeMap.java:1186) at java.util.TreeMap.access$300(TreeMap.java:81) at java.util.TreeMap$PrivateEntryIterator.<init>(TreeMap.java:1015) at java.util.TreeMap$KeyIterator.<init>(TreeMap.java:1056) at java.util.TreeMap$KeyIterator.<init>(TreeMap.java:1056) at java.util.TreeMap$1.iterator(TreeMap.java:580) at java.util.TreeSet.iterator(TreeSet.java:165) at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:216) at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:464) at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:374) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:150) at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642) at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139) at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642) at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139) at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642) at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139) at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642) at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139) at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
How to shutdown an SSL JBoss? Any input is greatly appreciated.
Environment:
Windows XP /Linux
JBoss 4.0.1 SP1