2 Replies Latest reply on Aug 15, 2006 3:34 AM by Sam Lam

    JBoss SSL problem

    Sebastian Rzytki Newbie

      Hello
      I try to apply ssl to rmi communication for stateless session beans. So using documentation I made steps like below:

      1) Generating file test.keystore using jboss tool (like example in documentation)

      2) Adding to jboss-service.xml lines like below

      <!-- ===============================================================================================================
       SSL
       =================================================================================================================== -->
      
      
       <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL">
       <constructor>
       <arg type="java.lang.String" value="RMI+SSL"/>
       </constructor>
       <attribute name="KeyStoreURL">test.keystore</attribute>
       <attribute name="KeyStorePass">testPassword</attribute>
       </mbean>
       <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp,socketType=SSL">
       <attribute name="RMIObjectPort">14445</attribute>
       <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
       <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute>
       <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute>
       <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
       </mbean>


      Next step:
      3) Adding to standardjboss.xml lines like below:

      <!-- ===================================================================== -->
      <!-- SSL START -->
      <!-- ===================================================================== -->
      
       <invoker-proxy-binding>
       <name>stateless-ssl-rmi-invoker</name>
       <invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-mbean>
       <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
       <proxy-factory-config>
       <client-interceptors>
       <home>
       <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
       <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
       <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
       <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
       <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
       </home>
       <bean>
       <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
       <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
       <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
       <interceptor call-by-value="false">org.jboss.invocation.InvokerInterceptor</interceptor>
       <interceptor call-by-value="true">org.jboss.invocation.MarshallingInvokerInterceptor</interceptor>
       </bean>
       </client-interceptors>
       </proxy-factory-config>
       </invoker-proxy-binding>
      
      <!-- ===================================================================== -->
      <!-- SSL END -->
      <!-- ===================================================================== -->

      4) Next in this file I've changed a line


      <invoker-proxy-binding-name>stateless-rmi-invoker</invoker-proxy-binding-name>
      for Standard Stateless SessionBean
      on
      <invoker-proxy-binding-name>stateless-ssl-rmi-invoker</invoker-proxy-binding-name>


      like below
      <container-configuration>
       <container-name>Standard Stateless SessionBean</container-name>
       <call-logging>false</call-logging>
       <invoker-proxy-binding-name>stateless-ssl-rmi-invoker</invoker-proxy-binding-name>
       <container-interceptors>
       <interceptor>org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor</interceptor>
       <interceptor>org.jboss.ejb.plugins.LogInterceptor</interceptor>
       <interceptor>org.jboss.ejb.plugins.SecurityInterceptor</interceptor>
       <!-- CMT -->
       <interceptor transaction="Container">org.jboss.ejb.plugins.TxInterceptorCMT</interceptor>
       <interceptor transaction="Container">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor>
       <interceptor transaction="Container">org.jboss.ws.server.ServiceEndpointInterceptor</interceptor>
       <interceptor transaction="Container">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor>
       <!-- BMT -->
       <interceptor transaction="Bean">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor>
       <interceptor transaction="Bean">org.jboss.ejb.plugins.TxInterceptorBMT</interceptor>
       <interceptor transaction="Bean">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor>
       <interceptor transaction="Bean">org.jboss.ws.server.ServiceEndpointInterceptor</interceptor>
       <interceptor>org.jboss.resource.connectionmanager.CachedConnectionInterceptor</interceptor>
       </container-interceptors>
       <instance-pool>org.jboss.ejb.plugins.StatelessSessionInstancePool</instance-pool>
       <instance-cache></instance-cache>
       <persistence-manager></persistence-manager>
       <container-pool-conf>
       <MaximumSize>100</MaximumSize>
       </container-pool-conf>
       </container-configuration>
      


      After that I stared jboss I've received an exception like below:

      13:31:03,024 WARN [ServiceController] Problem starting service jboss.j2ee:jndiN
      ame=oe3/SessionController,service=EJB
      java.lang.RuntimeException: invoker is null: jboss:service=invoker,type=jrmp,soc
      ketType=SSL
       at org.jboss.proxy.ejb.ProxyFactory.setupInvokers(ProxyFactory.java:258)
      
       at org.jboss.proxy.ejb.ProxyFactory.start(ProxyFactory.java:242)
       at org.jboss.ejb.SessionContainer.startInvokers(SessionContainer.java:44
      0)
       at org.jboss.ejb.SessionContainer.startService(SessionContainer.java:399
      )
       at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanS
      upport.java:289)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMB
      eanSupport.java:245)
       at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatch
      er.java:155)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.
      java:260)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceControl
      ler.java:974)
       at $Proxy0.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:417)
       at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatch
      er.java:155)
      


      Problem is when I remove my ear application and start again jboss, everything will start appropriate without any exception. Next when I deploy my ear application, deploy will finish without any exception too, and all application works fine without any problems.

      Tested on jboss 4.0.4 RC1 and jboss 4.0.4 GA

      Thanks for any suggestions.

      Best regards Sebastian.


        • 1. Re: JBoss SSL problem
          Sam Lam Newbie

          I do same settings as you do. Then, of-course, get same problem like you. could anyone help us?

          • 2. Re: JBoss SSL problem
            Sam Lam Newbie

            I seems solve the problem with follow change.
            in jboss-service.xml

            <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
             name="jboss:service=invoker,type=jrmp,socketType=SSL">
             <attribute name="RMIObjectPort">14445</attribute>
             <attribute name="ServerAddress">${jboss.bind.address}</attribute>
             <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute>
             <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute>
             <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute>
             <depends>jboss:service=TransactionManager</depends>
             <depends>jboss.security:service=JaasSecurityDomain,domain=RMI+SSL</depends>
             </mbean>


            add jboss:service=TransactionManager .

            Try it out. but is there any way to test whether the ejb is really go through ssl?