0 Replies Latest reply on Jan 8, 2013 9:07 AM by pfennig

    JNDI over SSL Naming problem

    pfennig

      Hi everyone and thanks to anyone reading this post.

       

      I've been struggling a few days, trying to change the communication of my client-server JNDI lookup from http to https.

      I'm using JBoss 4.2.0 and upgrading it is currently not an option.

       

      What I did in the client is to change the url as advised in the jboss manual.

       

      System.setProperty("javax.net.ssl.trustStore", "C:/Program Files (x86)/localhost.truststore");

      System.setProperty("javax.net.ssl.trustStoreType", "JKS");

      System.setProperty("javax.net.ssl.trustStorePassword", "opensource");

      System.setProperty(HTTPSClientInvoker.IGNORE_HTTPS_HOST,"true");

       

      jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");

      jndiProperties.put(Context.PROVIDER_URL, "https://"+serverIp+":8443/invoker/JNDIFactory");

      final Context context = new InitialContext(jndiProperties);

      return facade;

       

       

      previously the url was:

      jndiProperties.put(Context.PROVIDER_URL, "jnp://"+serverIp+":1099");

      and the contextfactory was

      jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");

       

      the serverIp is the real server the user enters. I don't want to use a network host name since I don't have a dns server in my server.

       

      I didn't have any problem with the jnp url and the jnp naming factory, but when I try the access over SSL, the Jboss code in

      HTTPNamingContextFactory.getNamingServer(URL providerURL) overrides my ip with a host name the client doesn't recognize.

      It does some marshalling from the server and takes the first host entry which is defined in my linux server hosts file.

      The HttpInvokerProxy does that eventually by writing the externalURLValue from the server, which is:

      https://myhost:8443/invoker/JMXInvokerServlet.

       

      My client doesn't know what to do with this "myhost", it needs the real ip of the server, which I initially provide in the JNDI properties in the client.

      The only thing I was able to do is edit the hosts file in the client windows system hosts file, and add an entry myhosts with the real ip, but this is of course

      not a solution for a production environment, since I can't ask my user to make such modifications.

       

      So I get this exception in the client:

      javax.naming.CommunicationException: Operation failed [Root exception is java.rmi.ServerException: IOE; nested exception is:

          java.net.UnknownHostException: myhost

       

      My server's deploy/http-invoker.sar/META-INF/jboss-service.xml is below, if I try to set useHostName to false, then the localhost ip would be used

      127.0.0.1 instead of myhost, which isn't any helpful, since I just need to keep my initially provided ip.

       

      I'm a newbee to JBoss so I will appreciate any answer as to what am I doing wrong, and how can I resolve this without upgrade of JBOSS.

       

      Thank You

       

      <?xml version="1.0" encoding="UTF-8"?>

      <!DOCTYPE server>

      <!-- $Id: jboss-service.xml 26202 2004-11-29 16:54:36Z starksm $ -->

       

      <server>

       

        <!-- The HTTP invoker service configration

        -->

        <mbean code="org.jboss.invocation.http.server.HttpInvoker"

          name="jboss:service=invoker,type=https">

           <!-- Use a URL of the form http://<hostname>:8080/invoker/EJBInvokerServlet

            where <hostname> is InetAddress.getHostname value on which the server

            is running.

            -->

           <attribute name="InvokerURLPrefix">https://</attribute>

           <attribute name="InvokerURLSuffix">:${https.port}/invoker/EJBInvokerServlet</attribute>

           <attribute name="UseHostName">true</attribute>

        </mbean>

       

         <!-- Expose the Naming service interface via HTTP -->

         <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"

            name="jboss:service=invoker,type=http,target=Naming">

            <!-- The Naming service we are proxying -->

            <attribute name="InvokerName">jboss:service=Naming</attribute>

            <!-- Compose the invoker URL from the cluster node address -->

            <attribute name="InvokerURLPrefix">https://</attribute>

            <attribute name="InvokerURLSuffix">:${https.port}/invoker/JMXInvokerServlet</attribute>

            <attribute name="UseHostName">true</attribute>

            <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>

            <attribute name="JndiName"></attribute>

            <attribute name="ClientInterceptors">

                <interceptors>

                   <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>

                   <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>

                   <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>

                   <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>

                </interceptors>

            </attribute>

         </mbean>

       

         <!-- Expose the Naming service interface via clustered HTTP. This maps

         to the ReadOnlyJNDIFactory servlet URL

         -->

         <mbean code="org.jboss.invocation.http.server.HttpProxyFactory"

            name="jboss:service=invoker,type=http,target=Naming,readonly=true">

            <attribute name="InvokerName">jboss:service=Naming</attribute>

            <attribute name="InvokerURLPrefix">http://</attribute>

            <attribute name="InvokerURLSuffix">:8080/invoker/readonly/JMXInvokerServlet</attribute>

            <attribute name="UseHostName">true</attribute>

            <attribute name="ExportedInterface">org.jnp.interfaces.Naming</attribute>

            <attribute name="JndiName"></attribute>

            <attribute name="ClientInterceptors">

                <interceptors>

                   <interceptor>org.jboss.proxy.ClientMethodInterceptor</interceptor>

                   <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>

                   <interceptor>org.jboss.naming.interceptors.ExceptionInterceptor</interceptor>

                   <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>

                </interceptors>

            </attribute>

         </mbean>

      </server>