Wednesday, June 29, 2011

jBoss : SSL configuration

<?xml version="1.0" encoding="UTF-8"?>

<server>
    <!-- The server socket factory mbean to be used as attribute to socket invoker -->
    <!-- which uses the JaasSecurityDomain -->
    <mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
           name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced"
           display-name="SecurityDomain Server Socket Factory">
        <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
        <depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends>
    </mbean>

    <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
           name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced">
        <!-- This must correlate with the java:/jaas/SSL above -->
        <constructor>
            <arg type="java.lang.String" value="SSLAdvanced"/>
        </constructor>
        <!-- The location of the keystore resource: loads from the classloaders conf/ is the first classloader -->
        <attribute name="KeyStoreURL">localhost.keystore</attribute>
        <attribute name="KeyStorePass">opensource</attribute>
    </mbean>

    <!-- The Connector is the core component of the remoting server service. -->
    <!-- It binds the remoting invoker (transport protocol, callback configuration, -->
    <!-- data marshalling, etc.) with the invocation handlers.  -->
    <mbean code="org.jboss.remoting.transport.Connector"
           name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3"
           display-name="Socket transport Connector">

        <attribute name="Configuration">
            <config>
                <invoker transport="sslsocket">
                    <attribute name="dataType" isParam="true">invocation</attribute>
                    <attribute name="marshaller" isParam="true">
                        org.jboss.invocation.unified.marshall.InvocationMarshaller
                    </attribute>
                    <attribute name="unmarshaller" isParam="true">
                        org.jboss.invocation.unified.marshall.InvocationUnMarshaller
                    </attribute>
                    <!-- The following is for setting the server socket factory.  If want ssl support -->
                    <!-- use a server socket factory that supports ssl.  The only requirement is that -->
                    <!-- the server socket factory value must be an ObjectName, meaning the -->
                    <!-- server socket factory implementation must be a MBean and also -->
                    <!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
                    <attribute name="serverSocketFactory">
                        jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced
                    </attribute>
                    <attribute name="serverBindAddress">${jboss.bind.address}</attribute>
                    <attribute name="serverBindPort">3843</attribute>
                </invoker>
                <handlers>
                    <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
                </handlers>
            </config>
        </attribute>
        <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends>

    </mbean>

</server>

No comments:

Post a Comment