thjanssen/EJBClient.java

## createKeys.sh
keytool -genkey -alias jboss -keyalg RSA -keysize 1024 -keystore server.keystore -validity 365 -keypass 123456 -storepass 123456 -dname "CN=localhost, O=thoughts-on-java.org"

## EJBClient.java
// define EJB client properties
final Properties props = new Properties();
// define SSL encryption
props.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED",
  "true");
props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS",
  "true");
// connection properties
props.put("remote.connections", "default");
props.put("remote.connection.default.host", "localhost");
props.put("remote.connection.default.port", "4447");
// user credentials
props.put("remote.connection.default.username", "test");
props.put("remote.connection.default.password", "1234");

props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS",
  "JBOSS-LOCAL-USER");
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
  "false");
props.put("remote.connection.default.connect.options.org.jboss.remoting3.RemotingOptions.HEARTBEAT_INTERVAL",
  "600000");

// create EJB client configuration
final EJBClientConfiguration clientConfiguration = new PropertiesBasedEJBClientConfiguration(
  props);

// create and set a context selector
final ContextSelector<EJBClientContext> contextSelector = new ConfigBasedEJBClientContextSelector(
  clientConfiguration);
EJBClientContext.setSelector(contextSelector);

// create InitialContext
final Hashtable<Object, Object> contextProperties = new Hashtable<>();
ejbURLContextFactory.class.getName();
contextProperties.put(Context.URL_PKG_PREFIXES,
  "org.jboss.ejb.client.naming");
InitialContext initialContext = new InitialContext(contextProperties);

// lookup SLSB
GreeterRemote greeter = (GreeterRemote) initialContext
  .lookup("ejb:/test/Greeter!blog.thoughts.on.java.ssl.remote.GreeterRemote");
Assert.assertEquals("Hello World!", greeter.greet("World"));

## exportKey.sh
keytool -export -keystore server.keystore -alias jboss -file server.cer -keypass 123456 -storepass 123456

## importKey.sh
keytool -import -trustcacerts -alias jboss -file server.cer -keystore client.keystore -keypass 123456 -storepass 123456

## jvmArguments.sh
-Djavax.net.ssl.trustStore=src\test\resources\client.keystore -Djavax.net.ssl.trustStorePassword=123456

## serverconfig.xml
<management>
   <security-realms>
      <security-realm name="ManagementRealm">
         <authentication>
            <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
         </authentication>
      </security-realm>
      <security-realm name="ApplicationRealm">
         <server-identities>
            <ssl>
               <keystore path="server.keystore" relative-to="jboss.server.config.dir" password="123456"/>
            </ssl>
         </server-identities>
         <authentication>
            <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
         </authentication>
      </security-realm>
   </security-realms>

   ...
	// define EJB client properties
	final Properties props = new Properties();
	// define SSL encryption
	props.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED",
	"true");
	props.put("remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS",
	"true");
	// connection properties
	props.put("remote.connections", "default");
	props.put("remote.connection.default.host", "localhost");
	props.put("remote.connection.default.port", "4447");
	// user credentials
	props.put("remote.connection.default.username", "test");
	props.put("remote.connection.default.password", "1234");

	props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS",
	"JBOSS-LOCAL-USER");
	props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT",
	"false");
	props.put("remote.connection.default.connect.options.org.jboss.remoting3.RemotingOptions.HEARTBEAT_INTERVAL",
	"600000");

	// create EJB client configuration
	final EJBClientConfiguration clientConfiguration = new PropertiesBasedEJBClientConfiguration(
	props);

	// create and set a context selector
	final ContextSelector<EJBClientContext> contextSelector = new ConfigBasedEJBClientContextSelector(
	clientConfiguration);
	EJBClientContext.setSelector(contextSelector);

	// create InitialContext
	final Hashtable<Object, Object> contextProperties = new Hashtable<>();
	ejbURLContextFactory.class.getName();
	contextProperties.put(Context.URL_PKG_PREFIXES,
	"org.jboss.ejb.client.naming");
	InitialContext initialContext = new InitialContext(contextProperties);

	// lookup SLSB
	GreeterRemote greeter = (GreeterRemote) initialContext
	.lookup("ejb:/test/Greeter!blog.thoughts.on.java.ssl.remote.GreeterRemote");
	Assert.assertEquals("Hello World!", greeter.greet("World"));
	<management>
	<security-realms>
	<security-realm name="ManagementRealm">
	<authentication>
	<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
	</authentication>
	</security-realm>
	<security-realm name="ApplicationRealm">
	<server-identities>
	<ssl>
	<keystore path="server.keystore" relative-to="jboss.server.config.dir" password="123456"/>
	</ssl>
	</server-identities>
	<authentication>
	<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
	</authentication>
	</security-realm>
	</security-realms>

	...