[JBoss-user] [Security & JAAS/JBoss] - Restricting Cipher suites

Tue, 09 May 2006 10:06:04 -0700 

Hi, 
I am trying to retrict the enabled cipher suites to just 
TLS_RSA_WITH_AES_128_CBC_SHA on the JBOSS server side, i.e. any clients connect 
using my stateless beans MUST use this suite. I was using JBOSS 4.0.2, but it 
appears there was no way to restrict the suites, 
so I switched to 4.0.3SP1 (http://jira.jboss.com/jira/browse/JBAS-1983) 
which is supposed to solve this problem. However when I use the xml 
configuration described in the bug fix:- 

<mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" 
  |       
name="jboss:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true">
 
  |       <attribute name="RMIObjectPort">0</attribute> 
  |       <attribute 
name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory 
  |       </attribute> 
  |       <attribute name="RMIServerSocketFactoryBean" 
  |          attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory" 
  |          serialDataType="javaBean"> 
  |         <property name="bindAddress">${jboss.bind.address}</property> 
  |         <property name="securityDomain">java:/jaas/rmi+ssl</property> 
  |         <property name="wantsClientAuth">true</property> 
  |         <property name="needsClientAuth">true</property> 
  |          <property 
name="CiperSuites">TLS_RSA_WITH_AES_128_CBC_SHA</property> 
  |          <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property> 
  |       </attribute> 
  |       <depends>jboss:service=TransactionManager</depends>
  |       
<depends>jboss.security:service=JaasSecurityDomain,domain=rmi+ssl</depends>
  |    </mbean>  

I get the following error at startup:- 

java.lang.NullPointerException 
at org.jboss.security.ssl.Context.forDomain(Context.java:51) 
at 
org.jboss.security.ssl.DomainServerSocketFactory.initSSLContext(DomainServerSocketFactory.java:220)
 
at 
org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:143)
 
at 
org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:121)
 
at 
org.jboss.security.ssl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:105)
 
at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:615) 
at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:231) 
at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:178) 
at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:382) 
at sun.rmi.transport.LiveRef.exportObject(LiveRef.java:116) 
at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:145) 
at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:129) 
at 
java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:275) 
at 
java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:206) 
at org.jboss.invocation.jrmp.server.JRMPInvoker.exportCI(JRMPInvoker.java:437) 
at 
org.jboss.invocation.jrmp.server.JRMPInvoker.startService(JRMPInvoker.java:359) 
at 
org.jboss.invocation.jrmp.server.JRMPInvoker$1.startService(JRMPInvoker.java:136)
 
at 
org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:274)
 
at 
org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:230)
 
at 
org.jboss.invocation.jrmp.server.JRMPInvoker.jbossInternalLifecycle(JRMPInvoker.java:631)
 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 
at java.lang.reflect.Method.invoke(Method.java:324) 
at 
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) 
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) 
at 
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) 
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) 
at 
org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:943)
 
at $Proxy0.start(Unknown Source) 
at org.jboss.system.ServiceController.start(ServiceController.java:428) 
at org.jboss.system.ServiceController.start(ServiceController.java:446) 
at org.jboss.system.ServiceController.start(ServiceController.java:446) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 
at java.lang.reflect.Method.invoke(Method.java:324) 
at 
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) 
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) 
at 
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) 
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) 
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:176) 
at $Proxy4.start(Unknown Source) 
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:285) 
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:989) 
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:790) 
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:753) 
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:737) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 
at java.lang.reflect.Method.invoke(Method.java:324) 
at 
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) 
at 
org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:118)
 
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74) 
at 
org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
 
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74) 
at 
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) 
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) 
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:176) 
at $Proxy5.deploy(Unknown Source) 
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:453) 
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:330) 
at org.jboss.Main.boot(Main.java:187) 
at org.jboss.Main$1.run(Main.java:438) 
at java.lang.Thread.run(Thread.java:534) 

Anyone got any idea what is worng with this xml configuration?
Note: I have SSL working when I use the configuration as descibed in the admin 
guide(chapter 8), however this section has not been updated to include these 
new property values to restrict the suites and it differs in format also ... 

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3942270#3942270

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3942270


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to