Thread: [Jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: SSL support has been added

Brought to you by: newtonm, nihility, patriot1burke, starksm

jboss-dev-forums

[Jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: SSL support has been added

From: <sco...@jb...> - 2005-05-06 06:23:12

We need a variation of the SSLSocketBuilder that works with the JaasSecurityDomain or a refactoring of it so that we have a central service that has a mechanism for not requiring clear text passwords.

Do you have a test that shows using this for a secure ejb invocation?


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876720#3876720

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876720

[Jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: SSL support has been added

From: <tom...@jb...> - 2005-05-06 20:08:52

We need a variation of the SSLSocketBuilder that works with the JaasSecurityDomain or a refactoring of it so that we have a central service that has a mechanism for not requiring clear text passwords.

I can build an mbean service that will implement the ServerSocketFactoryMBean and uses the DomainServerSocketFactory (which gets it's SecurityDomain set by an attribute for the preferred JaasSecuirtyDomain).  Where should I put this code (since remoting and security don't need to know about one another otherwise)?

"sco...@jb..." wrote : 
  | Do you have a test that shows using this for a secure ejb invocation?
  | 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876843#3876843

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876843

[Jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: SSL support has been added

From: <tom...@jb...> - 2005-05-06 20:09:32

"sco...@jb..." wrote : 
  | We need a variation of the SSLSocketBuilder that works with the JaasSecurityDomain or a refactoring of it so that we have a central service that has a mechanism for not requiring clear text passwords.

I can build an mbean service that will implement the ServerSocketFactoryMBean and uses the DomainServerSocketFactory (which gets it's SecurityDomain set by an attribute for the preferred JaasSecuirtyDomain).  Where should I put this code (since remoting and security don't need to know about one another otherwise)?

"sco...@jb..." wrote : 
  | Do you have a test that shows using this for a secure ejb invocation?
  | 

I have run a test using the sslsocket transport for unified invoker, with a home grown ejb and client and it worked, but do not have anything automated or part of the testsuite.  How/where should I add something like this to the testsuite?


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876844#3876844

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876844

[Jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: SSL support has been added

From: <sco...@jb...> - 2005-05-07 01:09:02

It needs to be in a remoting module of the jbossas project since its integration code that bridges services in the server.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876855#3876855

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876855

[Jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: SSL support has been added

From: <tom...@jb...> - 2005-05-09 05:12:14

Have code finished and is working against local ejb test I run.  The configuration I used is as follows.  Still need to get this into jboss-head's version of remoting, but is going to be part of me changing jboss-head so uses binary of JBossRemoting build and then making remoting directory under jboss-head for stuff like this (which is the integration code between JBossRemoting and jboss-head).

   
  | <!-- The server socket factory mbean to be used as attribute to socket invoker -->
  |    <!-- which uses the JaasSecurityDomain -->
  |    <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
  |       name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomain"
  |       display-name="SecurityDomain Server Socket Factory">
  |        <attribute name="SecurityDomain">java:/jaas/SSL</attribute>
  |       <depends>jboss.security:service=JaasSecurityDomain,domain=SSL</depends>
  |    </mbean>
  |    
  |      <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  |          name="jboss.security:service=JaasSecurityDomain,domain=SSL">
  |      <!-- This must correlate with the java:/jaas/SSL above -->
  |      <constructor>
  |         <arg type="java.lang.String" value="SSL"/>
  |      </constructor>
  |      <!-- The location of the keystore
  |           resource: loads from the classloaders conf/ is the first classloader -->
  |      <attribute name="KeyStoreURL">.keystore</attribute>
  |      <attribute name="KeyStorePass">opensource</attribute>
  |   </mbean>
  | 
  |    <!-- The Connector is the core component of the remoting server service. -->
  |    <!-- It binds the remoting invoker (transport protocol, callback configuration, -->
  |    <!-- data marshalling, etc.) with the invocation handlers.  -->
  |    <mbean code="org.jboss.remoting.transport.Connector"
  |           xmbean-dd="org/jboss/remoting/transport/Connector.xml"
  |           name="jboss.remoting:service=Connector,transport=socket"
  |           display-name="Socket transport Connector">
  | 
  |       <attribute name="Configuration">
  |          <config>
  |              <invoker transport="sslsocket">
  |                <attribute name="dataType" isParam="true">invocation</attribute>
  |                <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
  |                <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
  |                <!-- The following is for setting the server socket factory.  If want ssl support -->
  |                <!-- use a server socket factory that supports ssl.  The only requirement is that -->
  |                <!-- the server socket factory value must be an ObjectName, meaning the -->
  |                <!-- server socket factory implementation must be a MBean and also -->
  |                <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
  |                <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomain</attribute>
  |                <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
  |                <attribute name="serverBindPort">6667</attribute>
  |             </invoker>
  |             <handlers>
  |                <handler subsystem="invoker">jboss:service=invoker,type=unified</handler>
  |             </handlers>
  |          </config>
  |       </attribute>
  |       <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomain</depends>
  |       <depends>jboss.remoting:service=NetworkRegistry</depends>
  |       <!-- <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends> -->
  |    </mbean>
  | 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876953#3876953

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876953

[Jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: SSL support has been added

From: <tom...@jb...> - 2005-05-12 19:52:10

This is now in jboss-head.  It is under jbossas/remoting directory and is found in jbossas-remoting.jar (which is also part of jboss server distro under all/lib and default/lib).

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3877532#3877532

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3877532