Last active
August 29, 2015 14:19
-
-
Save thjanssen/b69434413207e439553b to your computer and use it in GitHub Desktop.
SSL encrypted EJB calls with JBoss AS 7 (http://www.thoughts-on-java.org/2014/03/ssl-encrypted-ejb-calls-with-jboss-as-7.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
keytool -genkey -alias jboss -keyalg RSA -keysize 1024 -keystore server.keystore -validity 365 -keypass 123456 -storepass 123456 -dname "CN=localhost, O=thoughts-on-java.org" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// define EJB client properties | |
final Properties props = new Properties(); | |
// define SSL encryption | |
props.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", | |
"true"); | |
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS", | |
"true"); | |
// connection properties | |
props.put("remote.connections", "default"); | |
props.put("remote.connection.default.host", "localhost"); | |
props.put("remote.connection.default.port", "4447"); | |
// user credentials | |
props.put("remote.connection.default.username", "test"); | |
props.put("remote.connection.default.password", "1234"); | |
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", | |
"JBOSS-LOCAL-USER"); | |
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", | |
"false"); | |
props.put("remote.connection.default.connect.options.org.jboss.remoting3.RemotingOptions.HEARTBEAT_INTERVAL", | |
"600000"); | |
// create EJB client configuration | |
final EJBClientConfiguration clientConfiguration = new PropertiesBasedEJBClientConfiguration( | |
props); | |
// create and set a context selector | |
final ContextSelector<EJBClientContext> contextSelector = new ConfigBasedEJBClientContextSelector( | |
clientConfiguration); | |
EJBClientContext.setSelector(contextSelector); | |
// create InitialContext | |
final Hashtable<Object, Object> contextProperties = new Hashtable<>(); | |
ejbURLContextFactory.class.getName(); | |
contextProperties.put(Context.URL_PKG_PREFIXES, | |
"org.jboss.ejb.client.naming"); | |
InitialContext initialContext = new InitialContext(contextProperties); | |
// lookup SLSB | |
GreeterRemote greeter = (GreeterRemote) initialContext | |
.lookup("ejb:/test/Greeter!blog.thoughts.on.java.ssl.remote.GreeterRemote"); | |
Assert.assertEquals("Hello World!", greeter.greet("World")); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
keytool -export -keystore server.keystore -alias jboss -file server.cer -keypass 123456 -storepass 123456 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
keytool -import -trustcacerts -alias jboss -file server.cer -keystore client.keystore -keypass 123456 -storepass 123456 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-Djavax.net.ssl.trustStore=src\test\resources\client.keystore -Djavax.net.ssl.trustStorePassword=123456 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<management> | |
<security-realms> | |
<security-realm name="ManagementRealm"> | |
<authentication> | |
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> | |
</authentication> | |
</security-realm> | |
<security-realm name="ApplicationRealm"> | |
<server-identities> | |
<ssl> | |
<keystore path="server.keystore" relative-to="jboss.server.config.dir" password="123456"/> | |
</ssl> | |
</server-identities> | |
<authentication> | |
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/> | |
</authentication> | |
</security-realm> | |
</security-realms> | |
... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment