Version 9

     

    How to talk to the JBoss JMS provider over HTTPS (including the jndi lookup operations)

     

     

     

     

     

     

     

     

     

    • HTTPs Tomcat connector

     

    An HTTPs Tomcat connector needs to be configured in order to make http requests over SSL

     

    Edit ${jboss.dist}/server/{server.conf}/deploy/jbossweb-tomcat55.sar/server.xml and add/enable the following connection descriptor.

     

     

          <Connector port="8443" address="${jboss.bind.address}"
               maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
               scheme="https" secure="true" clientAuth="false"
               keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
               keystorePass="rmi+ssl" 
               sslProtocol = "TLS" ></Connector>
    

                

                

                

     

     

    • Http(s)ProxyFactory

     

    Edit ${jboss.dist}/server/{server.conf}/deploy/http-invoker.sar/META-INF/jboss-service.xml and add the following ProxyFactory mbean

     

       <!-- Expose the Naming service interface via HTTPS -->
       <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"
              name="jboss:service=invoker,type=https,target=Naming">
           <!-- The Naming service we are proxying -->
           <attribute name="InvokerName">jboss:service=Naming</attribute>
           <!-- Compose the invoker URL from the cluster node address -->
           <attribute name="InvokerURLPrefix">https://</attribute>
           <attribute name="InvokerURLSuffix">:8443/invoker/JMXInvokerServlet</attribute>
           <attribute name="UseHostName">true</attribute>
           <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>
           <attribute name="JndiName"></attribute>
           <attribute name="ClientInterceptors">
               <interceptors>
                   <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>
                   <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>
                   <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>
                   <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
               </interceptors>
           </attribute>
       </mbean>
    

        

     

        

    • JNDIFactorySSL servlet

     

    Edit ${jboss.dist}/server/{server.conf}/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml and add the following servlet declaration

     

        <servlet>
            <servlet-name>JNDIFactorySSL</servlet-name>
            <description>A servlet that exposes the JBoss JNDI Naming
            service stub through http. The return content is a serialized
            MarshalledValue containg the org.jnp.interfaces.Naming
            stub. This configuration handles requests for the standard
            JNDI naming service.  </description>
            <servlet-class>org.jboss.invocation.http.servlet.NamingFactoryServlet</servlet-class>
            <init-param>
                <param-name>namingProxyMBean</param-name>
                <param-value>jboss:service=invoker,type=https,target=Naming</param-value>
            </init-param>
            <init-param>
                <param-name>proxyAttribute</param-name>
                <param-value>Proxy</param-value>
            </init-param>
            <load-on-startup>2</load-on-startup>
        </servlet>
        
        
       <servlet-mapping>
           <servlet-name>JNDIFactorySSL</servlet-name>
           <url-pattern>/JNDIFactorySSL/*</url-pattern>
       </servlet-mapping>
       
    

        

            

         

    • HTTPServerILService

       

    You need to configure now a connection factory to get connections which talk to the jms provider over https.

     

    The HTTPServerILService mbean is defined in ${jboss.dist}/server/{server.conf}/deploy/jms/jbossmq-httpil.sar/META-INF/jboss-service.xml

     

     

     

     

       ....
      <mbean code="org.jboss.mq.il.http.HTTPServerILService"
          name="jboss.mq:service=InvocationLayer,type=HTTPS">
        <depends optional-attribute-name="Invoker">jboss.mq:service=Invoker</depends>
        <depends>jboss.web:service=WebServer</depends>
        <attribute name="ConnectionFactoryJNDIRef">HTTPSConnectionFactory</attribute>
        <attribute name="XAConnectionFactoryJNDIRef">HTTPSXAConnectionFactory</attribute>
        <attribute name="PingPeriod">2000</attribute>
        <attribute name="TimeOut">5</attribute>
        <attribute name="RestInterval">2</attribute>
        <attribute name="URLPrefix">https://</attribute> 
        <attribute name="URLPort">8443</attribute>     
      </mbean>
       ....
    

        

     

     

    Using TimeOut and RestInternal, we configure the consumer to poll the jms server every 2 seconds and spend at most 5 seconds of waiting there, if no message was available. Those attributes may be adjusted as needed.

     

     

     

     

    The client will also be pinging the server every 2 seconds ("PingPeriod")

     

     

    Check out this wiki page for details http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfigHTTPIL

     

     

     

    • Client code

     

     

    
    package jmslab.client;
    
    import java.util.Properties;
    import javax.naming.Context;
    import javax.naming.InitialContext;
    import javax.jms.*;
    
    
    public class JMSClient
    {
    
        public static void main(String args[]) throws Exception
        {
            Properties env = new Properties();
            env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
            env.setProperty(Context.PROVIDER_URL, "https://localhost:8443/invoker/JNDIFactorySSL");
    
            Connection conn = null;
    
            try {
    
                Context ctx = new InitialContext(env);
                System.out.println("Created InitialContext, env= " + env);
    
                //looking up JMS connection factory over HTTPs
              ConnectionFactory connectionFactory = (ConnectionFactory)ctx.lookup("HTTPSConnectionFactory");
              System.out.println("connectionFactory= " + connectionFactory.toString());
    
              Destination queue = (Destination)ctx.lookup("queue/A");
    
              conn = connectionFactory.createConnection();
    
              Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
    
              MessageProducer producer = session.createProducer(queue);
    
              Message m = session.createTextMessage(new String("wazzaaa??!"));
    
              producer.send(m);
    
    
          }catch(Exception e){
                e.printStackTrace();
    
          }finally{
              if(conn != null)
                  conn.close();
            }
        }
    }
    
    

     

    • Installation

     

    Download the attached archive.

     

     

     

    Edit ant.properties file where you define the JBossAS root path

     

     jboss.dist=/tmp/jboss-4.0.4.GA
    

          

     

    then cd to src/build and execute:

     

     $ant config
    

          

     

    Start the server configuration being created called jmsssl

     

     $run.sh -c jmsssl 
    

          

     

    and execute the client code

     

     $ant run
    

          

     

     

     

     

    References:

     

    Original document from justkeys http://www.jboss.org/index.html?module=bb&op=viewtopic&t=60443