On Mar 20, 2008, at 1:48 PM, Vamsavardhana Reddy wrote:
I am working on providing configuration of JMX over SSL. Here is a
situation I have run into and I want others inputs.
I want to use Keystore GBean to configure the keystore and
truststore required by the connector. Here is the part that I am
sure of.
org.apache.geronimo.jmxremoting.JMXConnector GBean needs the
following additional attributes and references to specify the SSL
configuration:
1. sslEnabled : true/false
2. algorithm : Default/SunX509/IBMX509
3. secureProtocol: SSL/TLS
4. keyStore
5. keyAlias
6. trustStore
7. clientAuth : true/false
8. keystoreManager : A reference to keystore manager.
Here are some of the approaches and the problems I have run into.
Approach-A) The JMXConnector GBean is right now in "j2ee-security"
configuration. Unless the keystore GBeans are started before the
JMXConnector GBean, it will not work as expected. The order in
which keystore GBeans appear in the plan also seems to matter.
Currently Keystore GBean(s) are in server-security-config. Either
the keystore GBeans should be moved to j2ee-security or the
JMXConnector needs to be moved to server-security-config.
IMO moving the keystore gbeans to j2ee-security is a bad idea, the
whole point of server-security-config was to put all the stuff you'd
want to change in a real installation in server-security-config while
leaving the stuff you probably don't want to change in j2ee-
security. Moving the jmx gbean to server-security-config would be ok
but make setting up a new server-security-config more error-prone (if
you left out the jmx gbean)
Approach-B) Have a reference collection listener listen to the
Keystore GBeans being added. In this case, the JMX Server will
have to be started in the listener class. The problem with this
approach is that the JMXConnector.doStart() can not wait for the
listener class to start the JMX server. So, the JMX server will be
started only after the JMXConnector.doStart() has completed. If
the JMX server startup fails in the collection listener, there is
no way to make JMXConnector GBean to fail at startup (as it has
already started successfully!!). Another problem is that if the
configured keystore does not exist, the collection listener will
never know about it and JMX server will not start.
Both the patches are attached in the JIRA. Please comment on these
two approaches and suggest any improvements that I may have missed
out.
Approach-C) Use the gbean impl from (A) and introduce a third
security plugin depending on server-security-config that has the
gbean config in it. That way when you replace server-security-config
with an actually usable security setup for your server you don't need
to remember to include a jmx gbean. This also makes it easier to
hide geronimo from jmx by not including or starting this plugin.
I personally don't have a strong preference between these 3 options.
