如何使用JBoss 6在RMIIO流上启用加密
如何使用JBoss 6在RMIIO流上启用加密
提问于 2016-02-24 19:47:57
我想加密JBoss 6.1.0. client服务器和我的客户机之间的通信。为此,我通过RMI激活了SSL,并且运行良好。但是,我也使用RMIIO,当我在RMI上激活SSL加密时,它并不是自动加密的。在最好的情况下,我想使用相同的加密技术来加密RMI通信。
这是我的配置:
server/myThing/deploy/remoting-jboss-beans.xml
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<bean name="UnifiedInvokerConnector" class="org.jboss.remoting.transport.Connector">
<annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.remoting:service=Connector,transport=socket",exposedInterface=org.jboss.remoting.transport.ConnectorMBean.class,registerDirectly=true)</annotation>
<property name="serverConfiguration"><inject bean="UnifiedInvokerConfiguration"/></property>
<!-- add this to configure the SSL socket for the UnifiedInvoker -->
<property name="serverSocketFactory"><inject bean="SSLServerSocketFactoryEJB2"/></property>
</bean>
<!-- Remoting server configuration -->
<bean name="UnifiedInvokerConfiguration" class="org.jboss.remoting.ServerConfiguration">
<constructor>
<!-- Changed from socket to sslsocket -->
<parameter>sslsocket</parameter>
</constructor>
<!-- some other stuff, kept as the default config -->
</bean>
<!-- Some stuff removed to simplify the explanation -->
<!-- Added for SSL security -->
<bean name="SSLServerSocketFactoryEJB2" class="org.jboss.security.ssl.DomainServerSocketFactory">
<constructor>
<parameter><inject bean="EJB2SSLDomain"/></parameter>
</constructor>
</bean>
<!-- Added for SSL security -->
<bean name="EJB2SSLDomain" class="org.jboss.security.plugins.JaasSecurityDomain">
<constructor>
<parameter>EJB2SSLDomain</parameter>
</constructor>
<property name="keyStoreURL">C:\MyData\Security\ssl.keystore</property>
<property name="keyStorePass">MyPassword</property>
<property name="keyStoreAlias">MyAlias</property>
<property name="trustStorePass">MyPassword</property>
</bean>
</deployment>server/myThing/deploy/properties-service.xml
<server>
<!-- some stuff removed -->
<mbean code="org.jboss.varia.property.SystemPropertiesService"
name="jboss:type=Service,name=SystemProperties">
<attribute name="Properties">
com.healthmarketscience.rmiio.exporter.port=11099
</attribute>
</mbean>
</server>回答 2
Stack Overflow用户
回答已采纳
发布于 2016-03-04 02:04:44
我已经有一段时间没有访问RMI和SSL了。但是,RMIIO有一个特定的接口,它允许您自定义底层的“远程处理”实现,即RemoteStreamExporter。如果您查看DefaultRemoteStreamExporter实现,您可以看到默认情况下如何导出RMI对象。我的猜测是,您希望使用类似的实现,它使用适当的RMI套接字工厂调用四参数导出法。
Stack Overflow用户
发布于 2016-03-09 17:05:23
这是我如何让它工作的,这是从jtahlborn的答案中推断出来的。
我在RMI上获得了JBoss配置,该配置在远程-JBoss-beans.xml中配置,并使用它初始化SSLContext.setDefault。当JBoss启动时,将调用代码。下面是一个简化的例子。
KeyStore lKeyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
InputStream lISKeyStore = new FileInputStream( new File( "C:/Security/ssl.keystore" ) );
try
{
lKeyStore.load( lISKeyStore, "MyPassword".toCharArray() );
}
finally
{
lISKeyStore.close();
}
KeyManagerFactory lKeyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
lKeyManagerFactory.init(lKeyStore, "MyPassword".toCharArray() );
KeyStore lTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream lIStrustStore = new FileInputStream( new File( "C:/Security/ssl.truststore" ) );
try
{
lTrustStore.load(lIStrustStore, "MyPassword".toCharArray() );
}
finally
{
lIStrustStore.close();
}
TrustManagerFactory lTrustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
lTrustManagerFactory.init(lTrustStore);
SSLContext lSSLContext = SSLContext.getInstance( "SSL" ); // Don't use SSLContext.getDefault() here it seems it's immutable.
lSSLContext.init( lKeyManagerFactory.getKeyManagers(), lTrustManagerFactory.getTrustManagers(), null );
SSLContext.setDefault( lSSLContext );我还创建了自己的RemoteStreamExporter
public class SSLRemoteStreamExporter extends DefaultRemoteStreamExporter
{
@Override
protected Object exportImpl(RemoteStreamServer<?,?> server)
throws RemoteException
{
// The SslRMIServerSocketFactory uses SSLContext.getDefault() to retrieve the configuration. The default must be initialized with right values.
return UnicastRemoteObject.exportObject(server, getPort(), new SslRMIClientSocketFactory(), new SslRMIServerSocketFactory() );
}
}之后,我将RMIIO配置为使用我自己的RemoteStreamExporter RemoteStreamExporter。
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server>
<!-- $Id: properties-service.xml 16662 2003-08-27 04:38:22Z patriot1burke $ -->
<server>
<!-- some stuff removed -->
<mbean code="org.jboss.varia.property.SystemPropertiesService"
name="jboss:type=Service,name=SystemProperties">
<attribute name="Properties">
com.healthmarketscience.rmiio.exporter.port=11099
com.healthmarketscience.rmiio.exporter=SSLRemoteStreamExporter
</attribute>
</mbean>
</server>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/35611631
复制相关文章
相似问题
腾讯云开发者
