Hi Thomas. I tried your suggestion but I'm still having some problems. I got it to work using the following setup, but I'm not completely sure it's the proper solution.
1) It seems that you HAVE to have a security domain set up in the jboss-service.xml file to use the jrmp invoker using SSL. If I try to run the jrmp invoker without having defined a security domain it blows up. So, I have this in jboss-service.xml: | <!-- Secure RMI/JRMP invoker --> | <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp,socketType=SSL"> | <attribute name="RMIObjectPort">14445</attribute> | <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory</attribute> | <attribute name="RMIServerSocketFactory">org.jboss.security.ssl.RMISSLServerSocketFactory</attribute> | <attribute name="SecurityDomain">java:/jaas/simpleSecureSB</attribute> | <depends>jboss:service=TransactionManager</depends> | <depends>jboss.security:service=JaasSecurityDomain,domain=simpleSecureSB</depends> | </mbean> | 2) Given that you have to have a security domain defined in jboss-service.xml, you also have to then configure how the authentication works in login-config.xml (otherwise the 'other' domain kicks in). So, I have a simple security domain with the unauthenticatedIdentity attribute set to 'everyone'. Now at least when the client doesn't send any credentials at all, the 'everyone' user is assigned instead. So, I have this in login-config.xml: | <application-policy name="simpleSecureSB"> | <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | <module-option name="unauthenticatedIdentity">everyone</module-option> | </login-module> | </authentication> | </application-policy> | 3) In the ejb-jar.xml descriptor I have: | <assembly-descriptor> | <method-permission> | <unchecked/> | <method> | <ejb-name>simpleSecureSB</ejb-name> | <method-name>*</method-name> | </method> | </method-permission> | </assembly-descriptor> | 4) In the jboss.xml file I have assigned the session bean to the appropriate security domain and told it to use the jrmp invoker over SSL: | <security-domain>java:/jaas/simpleSecureSB</security-domain> | <enterprise-beans> | <session> | <ejb-name>simpleSecureSB</ejb-name> | <jndi-name>ejb/simpleSecureSB</jndi-name> | <configuration-name>Standard Stateless SessionBean</configuration-name> | <invoker-bindings> | <invoker> | <invoker-proxy-binding-name>stateless-ssl-invoker</invoker-proxy-binding-name> | </invoker> | </invoker-bindings> | </session> | </enterprise-beans> | Does the setup seem reasonable? It works, but I'm not sure if it can be streamlined any more ... Cheers, Dave View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3862260#3862260 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3862260 ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
