6 Replies Latest reply: Jan 13, 2010 12:04 PM by Stefan Guilhen RSS

client authentication on a JRMP SSL connection; multiple key

Ovidiu Feodorov Master

JBoss Security team,

I would like to start a discussion concerning several possible improvements in jbosssx; they came up while working with JBoss in an environment that has complex security requirements. While all functionality I am suggesting was implemented with custom code, outside jbosssx, I believe it makes sense to generalize it, so other people can take advantage of it.

The changes are related to supporting keystores containing multiple client and server key aliases at JBoss security domain configuration level, and also a way to declaratively enable client authentication at JBoss security domain configuration level, similarly to how client authentication is enabled for a Tomcat connector - I needed this in order to enable client authentication on a secure JRMP connection.

Please let me know if this is a good place to start the discussion.

For simplicity, I could split the thread in several sub-threads, one per each suggested functionality. In the end, if it is decided that the improvements are worth the trouble, I will create the JIRA issues and provide patches and tests. However, I would like to start the discussion here, first, because it is possible that the suggested functionality already exists, and I just simply missed it.

The discussion applies to 4.x series, but I will be more than happy to adapt the patches for 5.x and 6.x, if deemed appropriate.

Thanks,
Ovidiu