Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

15.3. EJB3 RMI + SSL Configuration

Procedure 15.4. Configure RMI + SSL for EJB3 Overview

This procedure configures SSL encryption of Remote Method Invocation traffic between EJB3 beans on the server and a fat client running on another machine on the network.
  1. Generate encryption keys and certificate
  2. Configure a secure remote connector for RMI
  3. Annotate EJB3 beans to use the secure RMI connector
Generating encryption keys and certificates is covered in Section 15.2, “Generate encryption keys and certificate” .
Create a secure remoting connector for RMI

The file ejb3-connectors-jboss-beans.xml in a JBoss Application Server profile deploy directory contains JBoss Remoting connector definitions for EJB3 remote method invocation.

Example 15.2. Sample Secure EJB3 Connector

The beans described in the code sample are appended to the ejb3-connectors-jboss-beans.xml file. Both beans are required to configure a secure connector for EJB3 using the key pair created in Procedure 15.1, “Generate a new key pair and add it to the key store "localhost.keystore" in the conf directory.”.
The keyPassword property in the sample configuration is the key pair password specified when the key pair was created.
The sample configuration creates a connector that listens for SSL connections on port 3843. This port needs to be open on the server firewall for access by clients. 
<bean name="EJB3SSLRemotingConnector" class="org.jboss.remoting.transport.Connector">
	<property name="invokerLocator">sslsocket://${jboss.bind.address}:3843</property>
	<property name="serverConfiguration">
		<inject bean="ServerConfiguration" />
	</property>
	<property name="serverSocketFactory">
		<inject bean="sslServerSocketFactory" />
	</property>
</bean>

<bean name="sslServerSocketFactory" class="org.jboss.security.ssl.DomainServerSocketFactory">
	 <constructor>
			<parameter><inject bean="EJB3SSLDomain"/></parameter>
	 </constructor>
</bean>

<bean name="EJB3SSLDomain" class="org.jboss.security.plugins.JaasSecurityDomain">
	 <constructor>
			<parameter>EJB3SSLDomain</parameter>
	 </constructor>
	 <property name="keyStoreURL">resource:localhost.keystore</property>
	 <property name="keyStorePass">KEYSTORE_PASSWORD</property>
</bean>
Copy to Clipboard Toggle word wrap

Note

The key store (localhost.keystore) may contain multiple key pairs. The EJB connector will use the key pair with the defined keyAlias (ejb-ssl).
Configure EJB3 Beans for SSL Transport

All EJB3 beans use the unsecured RMI connector by default. To enable remote invocation of a bean via SSL, annotate the bean with @org.jboss.annotation.ejb.RemoteBinding .

Example 15.3. EJB3 bean annotation to enable secure remote invocation

The annotation binds an EJB3 bean to the JNDI name StatefulSSL . The proxy implementing the remote interface, returned to a client when the bean is requested from JNDI, communicates with the server via SSL. 
@RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="StatefulSSL")
  @Remote(BusinessInterface.class)
  public class StatefulBean implements BusinessInterface
  {
     ...
  }
Copy to Clipboard Toggle word wrap

Note

In Example 15.3, “EJB3 bean annotation to enable secure remote invocation” the IP address is specified as 0.0.0.0, meaning "all interfaces". Change this to the value of the ${jboss.bind.address} system property.
Enabling both secure and insecure invocation of an EJB3 bean

You can enable both secure and insecure remote method invocation of the same EJB3 bean. Example 15.4, “EJB3 Bean annotation for secure and unsecured invocation” demonstrates the annotations to do this.

Example 15.4. EJB3 Bean annotation for secure and unsecured invocation

 @RemoteBindings({
     @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="StatefulSSL")
     @RemoteBinding(jndiBinding="StatefulNormal")
  })
  @Remote(BusinessInterface.class)
  public class StatefulBean implements BusinessInterface
  {
     ...
  }
Copy to Clipboard Toggle word wrap

Note

In Example 15.4, “EJB3 Bean annotation for secure and unsecured invocation”, the IP address is specified as 0.0.0.0, meaning "all interfaces". Change this to the value of the ${jboss.bind.address} system property.
If a client requests StatefulNormal from JNDI, the returned proxy implementing the remote interface communicates with the server via the unencrypted socket protocol; and if StatefulSSL is requested, the returned proxy implementing the remote interface communicates with the server via SSL.
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat