5 Replies Latest reply on May 12, 2005 3:51 PM by Tom Elrod

    SSL support has been added

    Tom Elrod Master

      Two new transports, sslsocket and https have been added to the remoting code base. See http://wiki.jboss.org/wiki/Wiki.jsp?page=Remoting_SSL_Support for details.

      This will also allow for ssl support via the UnifiedInvoker as well.

      The code is currently checked into JBossRemoting and will not be visible via the remoting directory under jboss-head. I still need to change the module reference in CVSROOT/modules.

      Please let me know if you have any questions. I'll buy a beer for anyone that actually reads the doc link above and provides feedback (but you'll have to come to Atlanta to get it). :)

        • 1. Re: SSL support has been added
          Scott Stark Master

          We need a variation of the SSLSocketBuilder that works with the JaasSecurityDomain or a refactoring of it so that we have a central service that has a mechanism for not requiring clear text passwords.

          Do you have a test that shows using this for a secure ejb invocation?

          • 2. Re: SSL support has been added
            Tom Elrod Master

             

            "scott.stark@jboss.org" wrote:

            We need a variation of the SSLSocketBuilder that works with the JaasSecurityDomain or a refactoring of it so that we have a central service that has a mechanism for not requiring clear text passwords.


            I can build an mbean service that will implement the ServerSocketFactoryMBean and uses the DomainServerSocketFactory (which gets it's SecurityDomain set by an attribute for the preferred JaasSecuirtyDomain). Where should I put this code (since remoting and security don't need to know about one another otherwise)?

            "scott.stark@jboss.org" wrote:

            Do you have a test that shows using this for a secure ejb invocation?


            I have run a test using the sslsocket transport for unified invoker, with a home grown ejb and client and it worked, but do not have anything automated or part of the testsuite. How/where should I add something like this to the testsuite?


            • 3. Re: SSL support has been added
              Scott Stark Master

              It needs to be in a remoting module of the jbossas project since its integration code that bridges services in the server.

              • 4. Re: SSL support has been added
                Tom Elrod Master

                Have code finished and is working against local ejb test I run. The configuration I used is as follows. Still need to get this into jboss-head's version of remoting, but is going to be part of me changing jboss-head so uses binary of JBossRemoting build and then making remoting directory under jboss-head for stuff like this (which is the integration code between JBossRemoting and jboss-head).

                <!-- The server socket factory mbean to be used as attribute to socket invoker -->
                 <!-- which uses the JaasSecurityDomain -->
                 <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
                 name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomain"
                 display-name="SecurityDomain Server Socket Factory">
                 <attribute name="SecurityDomain">java:/jaas/SSL</attribute>
                 <depends>jboss.security:service=JaasSecurityDomain,domain=SSL</depends>
                 </mbean>
                
                 <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
                 name="jboss.security:service=JaasSecurityDomain,domain=SSL">
                 <!-- This must correlate with the java:/jaas/SSL above -->
                 <constructor>
                 <arg type="java.lang.String" value="SSL"/>
                 </constructor>
                 <!-- The location of the keystore
                 resource: loads from the classloaders conf/ is the first classloader -->
                 <attribute name="KeyStoreURL">.keystore</attribute>
                 <attribute name="KeyStorePass">opensource</attribute>
                 </mbean>
                
                 <!-- The Connector is the core component of the remoting server service. -->
                 <!-- It binds the remoting invoker (transport protocol, callback configuration, -->
                 <!-- data marshalling, etc.) with the invocation handlers. -->
                 <mbean code="org.jboss.remoting.transport.Connector"
                 xmbean-dd="org/jboss/remoting/transport/Connector.xml"
                 name="jboss.remoting:service=Connector,transport=socket"
                 display-name="Socket transport Connector">
                
                 <attribute name="Configuration">
                 <config>
                 <invoker transport="sslsocket">
                 <attribute name="dataType" isParam="true">invocation</attribute>
                 <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
                 <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
                 <!-- The following is for setting the server socket factory. If want ssl support -->
                 <!-- use a server socket factory that supports ssl. The only requirement is that -->
                 <!-- the server socket factory value must be an ObjectName, meaning the -->
                 <!-- server socket factory implementation must be a MBean and also -->
                 <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
                 <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomain</attribute>
                 <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
                 <attribute name="serverBindPort">6667</attribute>
                 </invoker>
                 <handlers>
                 <handler subsystem="invoker">jboss:service=invoker,type=unified</handler>
                 </handlers>
                 </config>
                 </attribute>
                 <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomain</depends>
                 <depends>jboss.remoting:service=NetworkRegistry</depends>
                 <!-- <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends> -->
                 </mbean>
                


                • 5. Re: SSL support has been added
                  Tom Elrod Master

                  This is now in jboss-head. It is under jbossas/remoting directory and is found in jbossas-remoting.jar (which is also part of jboss server distro under all/lib and default/lib).