Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

15.3. EJB3 RMI + SSL Configuration

Procedure 15.4. Configure RMI + SSL for EJB3 Overview

This procedure configures SSL encryption of Remote Method Invocation traffic between EJB3 beans on the server and a fat client running on another machine on the network.
  1. Generate encryption keys and certificate
  2. Configure a secure remote connector for RMI
  3. Annotate EJB3 beans to use the secure RMI connector
Generating encryption keys and certificates is covered in Section 15.2, “Generate encryption keys and certificate” .
Create a secure remoting connector for RMI

The file ejb3-connectors-jboss-beans.xml in a JBoss Application Server profile deploy directory contains JBoss Remoting connector definitions for EJB3 remote method invocation.

Example 15.2. Sample Secure EJB3 Connector

The beans described in the code sample are appended to the ejb3-connectors-jboss-beans.xml file. Both beans are required to configure a secure connector for EJB3 using the key pair created in Procedure 15.1, “Generate a new key pair and add it to the key store "localhost.keystore" in the conf directory.”.
The keyPassword property in the sample configuration is the key pair password specified when the key pair was created.
The sample configuration creates a connector that listens for SSL connections on port 3843. This port needs to be open on the server firewall for access by clients. 
<bean name="EJB3SSLRemotingConnector" class="org.jboss.remoting.transport.Connector">
	<property name="invokerLocator">sslsocket://${jboss.bind.address}:3843</property>
	<property name="serverConfiguration">
		<inject bean="ServerConfiguration" />
	</property>
	<property name="serverSocketFactory">
		<inject bean="sslServerSocketFactory" />
	</property>
</bean>

<bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory">
	 <constructor>
			<parameter><inject bean="EJB3SSLDomain"/></parameter>
	 </constructor>
</bean>

<bean name="EJB3SSLDomain" class="org.jboss.security.plugins.JaasSecurityDomain">
	 <constructor>
			<parameter>EJB3SSLDomain</parameter>
	 </constructor>
	 <property name="keyStoreURL">resource:localhost.keystore</property>
	 <property name="keyStorePass">KEYSTORE_PASSWORD</property>
</bean>
Copy to Clipboard Toggle word wrap

Note

The key store (localhost.keystore) may contain multiple key pairs. The EJB connector will use the key pair with the defined keyAlias (ejb-ssl).
Configure EJB3 Beans for SSL Transport

All EJB3 beans use the unsecured RMI connector by default. To enable remote invocation of a bean via SSL, annotate the bean with @org.jboss.annotation.ejb.RemoteBinding .

Example 15.3. EJB3 bean annotation to enable secure remote invocation

The annotation binds an EJB3 bean to the JNDI name StatefulSSL . The proxy implementing the remote interface, returned to a client when the bean is requested from JNDI, communicates with the server via SSL. 
@RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="StatefulSSL")
  @Remote(BusinessInterface.class)
  public class StatefulBean implements BusinessInterface
  {
     ...
  }
Copy to Clipboard Toggle word wrap

Note

In Example 15.3, “EJB3 bean annotation to enable secure remote invocation” the IP address is specified as 0.0.0.0, meaning "all interfaces". Change this to the value of the ${jboss.bind.address} system property.
Enabling both secure and insecure invocation of an EJB3 bean

You can enable both secure and insecure remote method invocation of the same EJB3 bean. Example 15.4, “EJB3 Bean annotation for secure and unsecured invocation” demonstrates the annotations to do this.

Example 15.4. EJB3 Bean annotation for secure and unsecured invocation

 @RemoteBindings({
     @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="StatefulSSL")
     @RemoteBinding(jndiBinding="StatefulNormal")
  })
  @Remote(BusinessInterface.class)
  public class StatefulBean implements BusinessInterface
  {
     ...
  }
Copy to Clipboard Toggle word wrap

Note

In Example 15.4, “EJB3 Bean annotation for secure and unsecured invocation”, the IP address is specified as 0.0.0.0, meaning "all interfaces". Change this to the value of the ${jboss.bind.address} system property.
If a client requests StatefulNormal from JNDI, the returned proxy implementing the remote interface communicates with the server via the unencrypted socket protocol; and if StatefulSSL is requested, the returned proxy implementing the remote interface communicates with the server via SSL.
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat