[jboss-user] [Security & JAAS/JBoss] - Re: SSL Certificates Dynamic Loading

Mon, 17 Nov 2008 01:48:22 -0800 

Hello.
I found some information, but it still not work.

Anyway...

I use JBoss Portal 2.7.0 (with JBoss AS 4.2.3)
I have configured my security to use jboss implementation. 

This is my ssl connector from 
[path-to-jboss-default]/deploy/jboss-web.deployer/server.xml

  |     <Connector port="443" address="${jboss.bind.address}" 
  |             protocol="HTTP/1.1" SSLEnabled="true"
  |                     maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
  |                     emptySessionPath="true"
  |                     scheme="https" secure="true" clientAuth="true" 
  |                     securityDomain="java:/jaas/portal-ssl"
  |             SSLImplementation="org.jboss.net.ssl.JBossImplementation"
  |             sslProtocol="TLS">
  | 
  |             <Factory 
className="org.apache.catalina.net.SSLServerSocketFactory" />
  | 
  |     </Connector>
  | 

this is my new JbossSecurityDomain from 
[path-to-jboss-default]/conf/jboss-service.xml

  |    <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
  |     name="jboss.security:service=JaasSecurityDomain,domain=portal-ssl">
  |     <depends>jboss.security:service=JaasSecurityManager</depends>
  |     <constructor>
  |         <arg type="java.lang.String" value="portal-ssl" />
  |     </constructor>
  | 
  |     <attribute 
name="ManagerServiceName">jboss.security:service=JaasSecurityManager</attribute>
  |     <attribute name="KeyStoreURL">D:/server.keystore</attribute>
  |     <attribute name="KeyStorePass">server</attribute>
  |     <attribute name="TrustStoreURL">D:/trusted.keystore</attribute>
  |     <attribute name="TrustStorePass">trusted</attribute>
  |    </mbean> 
  | 
So, my security uses keystores from this mbean.

after that I inserted in my code, that updates keystores

  |     ObjectName jaasMgr = new 
ObjectName("jboss.security:service=JaasSecurityDomain,domain=portal-ssl");
  |     Object[] params = {};
  |     String[] signature = {};
  | 
  |     MBeanServer server = (MBeanServer) 
MBeanServerFactory.findMBeanServer(null).get(0);
  |     server.invoke(jaasMgr, "reloadKeyAndTrustStore", params, signature);
  | 

I don't know, what reloadKeyAndTrustStore mbean method do, but I suppose, that 
it reloads cached keystores.

Well, result is - keystores does not reload if I invoke reloadKeyAndTrustStore 
either from my code or from jmx-console. Changes does not apply until restart 
jboss.


Can anybody help me with my configuration?

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189733#4189733

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4189733
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to