There is a known issue with the remoting component that impacts the use of SSL
with EJB3. http://jira.jboss.com/jira/browse/JBREM-464
The workaround is to configure ejb3 with a security domain and socket factory.
Example below:
| <!-- The server socket factory mbean to be used as attribute to socket
invoker -->
| <!-- which uses the JaasSecurityDomain -->
| <mbean
code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
|
name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced"
| display-name="SecurityDomain Server Socket Factory">
| <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
|
<depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends>
| </mbean>
|
| <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
|
name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced">
| <!-- This must correlate with the java:/jaas/SSL above -->
| <constructor>
| <arg type="java.lang.String" value="SSLAdvanced"/>
| </constructor>
| <!-- The location of the keystore
| resource: loads from the classloaders conf/ is the first
classloader -->
| <attribute name="KeyStoreURL">localhost.keystore</attribute>
| <attribute name="KeyStorePass">opensource</attribute>
| </mbean>
|
| <!-- The Connector is the core component of the remoting server service.
-->
| <!-- It binds the remoting invoker (transport protocol, callback
configuration, -->
| <!-- data marshalling, etc.) with the invocation handlers. -->
| <mbean code="org.jboss.remoting.transport.Connector"
| xmbean-dd="org/jboss/remoting/transport/Connector.xml"
|
name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
| display-name="Socket transport Connector">
|
| <attribute name="Configuration">
| <config>
| <invoker transport="sslsocket">
| <attribute name="dataType"
isParam="true">invocation</attribute>
| <attribute name="marshaller"
isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
| <attribute name="unmarshaller"
isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
| <!-- The following is for setting the server socket factory.
If want ssl support -->
| <!-- use a server socket factory that supports ssl. The
only requirement is that -->
| <!-- the server socket factory value must be an ObjectName,
meaning the -->
| <!-- server socket factory implementation must be a MBean
and also -->
| <!-- MUST implement the
org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
| <attribute
name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute>
| <attribute
name="serverBindAddress">${jboss.bind.address}</attribute>
| <attribute name="serverBindPort">3843</attribute>
| </invoker>
| <handlers>
| <handler
subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
| </handlers>
| </config>
| </attribute>
|
<depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends>
| <depends>jboss.aop:service=AspectDeployer</depends>
| </mbean>
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3943619#3943619
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3943619
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
