0 Replies Latest reply on Nov 17, 2005 3:17 PM by Martin Dessureault

    Unable to shutdown JBoss when SSL is enabled...

    Martin Dessureault Newbie

      I set up JBoss to be SSL using my own generated self-signed key pair and the server and my application work fine except for the shutdown script.

      So I modified the $JBOSS_HOME/server/conf/jboss-service.xml to add the following mbean definition:

      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
       name="jboss.security:service=JaasSecurityDomain,domain=my-domain">
       <constructor>
       <arg type="java.lang.String" value="my-domain"/>
       </constructor>
       <attribute name="KeyStoreURL">${jboss.server.home.dir}/conf/my.keystore</attribute>
       <attribute name="KeyStorePass">password</attribute>
       </mbean>

      Where my.keystore is the keystore the server uses.

      I also modified the entry for the JRMPInvoker to look like this:

      <!-- RMI/JRMP invoker -->
       <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
       name="jboss:service=invoker,type=jrmp">
       <attribute name="RMIObjectPort">4444</attribute>
       <attribute name="ServerAddress">${jboss.bind.address}</attribute>
       <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
       <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute>
       <attribute name="SecurityDomain">java:/jaas/my-domain</attribute>
       <depends>jboss:service=TransactionManager</depends>
       <depends>jboss.security:service=JaasSecurityDomain,domain=my-domain</depends>
       </mbean>


      I also modified the shutdown.bat to have these 2 new JAVA_OPTS:
      -Djavax.net.ssl.trustStore=%DIRNAME%/../server/default/conf/my.truststore
      -Djavax.net.ssl.trustStorePassword=password

      I call the shutdown script like this:
      shutdown.bat -s localhost:11029 -u admin -p admin -S

      I get the following exception:
      Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
       at $Proxy1.shutdown(Unknown Source)
       at org.jboss.Shutdown.main(Shutdown.java:205)
      Caused by: java.rmi.ServerException: IOE; nested exception is:
       java.io.IOException: HTTPS hostname wrong: should be <my_host_name>
       at org.jboss.invocation.http.interfaces.HttpInvokerProxy.invoke(HttpInvokerProxy.java:118)
       at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:163)
       at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:103)
       at org.jboss.jmx.connector.invoker.client.InvokerAdaptorClientInterceptor.invoke(InvokerAdaptorClientInterceptor.java:51)
       at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
       at org.jboss.proxy.ClientMethodInterceptor.invoke(ClientMethodInterceptor.java:59)
       at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:91)
       at $Proxy0.invoke(Unknown Source)
       at org.jboss.Shutdown$ServerProxyHandler.invoke(Shutdown.java:234)
       ... 2 more
      Caused by: java.io.IOException: HTTPS hostname wrong: should be <my_host_name>
       at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:836)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
       at org.jboss.invocation.http.interfaces.Util.invoke(Util.java:126)
       at org.jboss.invocation.http.interfaces.HttpInvokerProxy.invoke(HttpInvokerProxy.java:103)
       ... 10 more


      I remembered that there's another jboss option to disable hostname checking:
      -Dorg.jboss.security.ignoreHttpsHost=true
      I added that to the list of JAVA_OPTS in shutdown script and now I get the following exception:
      shutdown.bat -s localhost:11029 -u admin -p admin -S
      Exception in thread "main" java.lang.StackOverflowError
       at java.util.TreeMap.firstEntry(TreeMap.java:1186)
       at java.util.TreeMap.access$300(TreeMap.java:81)
       at java.util.TreeMap$PrivateEntryIterator.<init>(TreeMap.java:1015)
       at java.util.TreeMap$KeyIterator.<init>(TreeMap.java:1056)
       at java.util.TreeMap$KeyIterator.<init>(TreeMap.java:1056)
       at java.util.TreeMap$1.iterator(TreeMap.java:580)
       at java.util.TreeSet.iterator(TreeSet.java:165)
       at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:216)
       at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:464)
       at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:374)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
       at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
       at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:150)
       at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
       at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139)
       at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
       at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139)
       at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
       at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139)
       at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:144)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
       at org.jboss.invocation.http.server.HttpInvoker.invoke(HttpInvoker.java:139)
       at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)


      How to shutdown an SSL JBoss? Any input is greatly appreciated.

      Environment:
      Windows XP /Linux
      JBoss 4.0.1 SP1