18.2. Enable Serialization on the Server
Procedure 18.1. Task
- Navigate to the SOA_ROOT directory:
cd SOA_ROOT
. - Run the
keytool
command and follow the prompts on screen:keytool -genkey -alias droolsKey -keyalg RSA -keystore MyDroolsPrivateKeyStore.keystore Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Test User What is the name of your organizational unit? [Unknown]: HR What is the name of your organization? [Unknown]: Test Org What is the name of your City or Locality? [Unknown]: Brisbane What is the name of your State or Province? [Unknown]: QLD What is the two-letter country code for this unit? [Unknown]: AU Is CN=Test User, OU=HR, O=Test Org, L=Brisbane, ST=QLD, C=AU correct? [no]: yes Enter key password for droolsKey (RETURN if same as keystore password): Re-enter new password:
After answering all of the questions, a password-protected file namedMyDroolsPrivateKeyStore.keystore
is created. This keystore file has a private key called droolsKey with the password "drools". Store this file in a safe location in your environment, which will hereafter be referred to as thekeystoredir
.Important
The passwords above are examples only and should not be used in production. - Open the configuration file:
vi jboss-as/server/default/deploy/properties-service.xml
- Configure the JBoss Enterprise SOA Platform to use the JBoss Rules serialization feature by adding this snippet to
properties-service.xml
:<mbean code="org.jboss.varia.property.SystemPropertiesService" name="jboss:type=Service,name=SystemProperties"> <attribute name="Properties"> # Drools Security Serialization specific properties drools.serialization.sign=true drools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsPrivateKeyStore.keystore drools.serialization.private.keyStorePwd=drools drools.serialization.private.keyAlias=droolsKey drools.serialization.private.keyPwd=drools </attribute> </mbean>
- Set the drools.serialization.sign property to "true":
drools.serialization.sign=true
- drools.serialization.private.keyStoreURL=<RL> is the URL of the private keystore location.
- In the example above, replace
keystoredir
andMyDroolsKeyStore.keystore
with your keystore directory and the name of the keystore you created with the keytool - drools.serialization.private.keyStorePwd=<password> is the password to access the private keystore.
- drools.serialization.private.keyAlias=<key> is the key alias (identifier) of the private key.
- drools.serialization.private.keyPwd=<password> is the private key password.
- Save the file and exit.
- Restart the server instance.
Warning
If the system properties were not configured properly, you will see this error when you try to build a rules package:An error occurred building the package. Error signing object store: Key store with private key not configured. Please configure it properly before using signed serialization