Hi folks.
Replying to my own question.
I've created a simple session bean and added to the sun-ejb-jar.xml
[code]
<enterprise-beans>
<ejb>
<ejb-name>BankAccountBean</ejb-name>
<jndi-name>BankAccountBean</jndi-name>
<ior-security-config>
<transport-config>
<integrity>required</integrity>
<confidentiality>required</confidentiality>
<establish-trust-in-target>supported</establish-trust-in-target>
<establish-trust-in-client>supported</establish-trust-in-client>
</transport-config>
<sas-context>
<caller-propagation>supported</caller-propagation>
</sas-context>
</ior-security-config>
</ejb>
</enterprise-beans>
[/code]
This should cause all communication to the session bean to be encrypted with SSL
Next a client app
[code]
System.setProperty("org.omg.CORBA.ORBInitialHost", "peter-laptop");
System.setProperty("org.omg.CORBA.ORBInitialPort", "3820");
//
System.setProperty("javax.net.ssl.keyStore", "/home/peter/downloads/java/glassfish/gf2_b35/domains/domain1/config/keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
// Trust store is the list of root certificates.
// From top level providers. (Thawrt, verisign etc)
System.setProperty("javax.net.ssl.trustStore", "/home/peter/downloads/java/glassfish/gf2_b35/domains/domain1/config/cacerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
// -Djavax.net.debug=all
System.setProperty("javax.net.debug", "all");
initial = new InitialContext();
bankRemote = (BankAccountRemote)initial.lookup(
"BankAccountBean");
[/code]
Which fails with
[code]
22-Mar-2007 09:24:31 testglassfishsecurity.client.RemoteInterfaces getBankRemote
INFO: Loading BankAccountRemote main
22-Mar-2007 09:24:31 com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl readFully
SEVERE: "IOP00410226: (COMM_FAILURE) Unexpected exception when reading with a temporary selector: bytes read = 7, bytes requested = 12, time spent waiting = 0 ms, max time to wait = {4}."
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 226 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3037)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3063)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:684)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:550)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:110)
at com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:153)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:334)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.handleEvent(SocketOrChannelConnectionImpl.java:1273)
at com.sun.corba.ee.impl.transport.SelectorImpl.run(SelectorImpl.java:280)
22-Mar-2007 09:24:31 testglassfishsecurity.client.RemoteInterfaces getBankRemote
SEVERE: failed to load remote interface
javax.naming.CommunicationException: Can't find SerialContextProvider [Root exception is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 208 completed: Maybe]
at com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:174)
at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:315)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at testglassfishsecurity.client.RemoteInterfaces.getBankRemote(RemoteInterfaces.java:48)
at testglassfishsecurity.client.Main.main(Main.java:58)
Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 208 completed: Maybe
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectionAbort(ORBUtilSystemException.java:2514)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.connectionAbort(ORBUtilSystemException.java:2532)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:380)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.handleEvent(SocketOrChannelConnectionImpl.java:1273)
at com.sun.corba.ee.impl.transport.SelectorImpl.run(SelectorImpl.java:280)
Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 226 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3037)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.exceptionWhenReadingWithTemporarySelector(ORBUtilSystemException.java:3063)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readFully(SocketOrChannelConnectionImpl.java:684)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:550)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.readGIOPHeader(MessageBase.java:110)
at com.sun.corba.ee.impl.transport.CorbaContactInfoBase.createMessageMediator(CorbaContactInfoBase.java:153)
at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.readBits(SocketOrChannelConnectionImpl.java:334)
... 2 more
Exception in thread "main" java.lang.NullPointerException
at testglassfishsecurity.client.Main.main(Main.java:58)
[/code]
Note I did test the client without SSL (before adding the above) and it successfully called the session bean.
So what am i missing?
I've checked the servers keystore.jks
[code]
peter_at_peter-laptop:~/work/hg/thwart/selfsigned$ keytool --list -keystore ~/downloads/java/glassfish/gf2_b35/domains/domain1/config/keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
s1as, 07-Mar-2007, PrivateKeyEntry,
Certificate fingerprint (MD5): 58:85:EB:1A:BC:6E:F1:79:5B:6B:FF:46:88:E3:07:A2
[/code]
And the server has this in its cacerts.jks
[code]
peter_at_peter-laptop:~/work/hg/thwart/selfsigned$ keytool --list -keystore ~/downloads/java/glassfish/gf2_b35/domains/domain1/config/cacerts.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 33 entries
equifaxsecureebusinessca1, 18-Jul-2003, trustedCertEntry,
Certificate fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
... snip ....
s1as, 07-Mar-2007, trustedCertEntry,
Certificate fingerprint (MD5): 58:85:EB:1A:BC:6E:F1:79:5B:6B:FF:46:88:E3:07:A2
... snip ...
equifaxsecureebusinessca2, 18-Jul-2003, trustedCertEntry,
Certificate fingerprint (MD5): AA:BF:BF:64:97:DA:98:1D:6F:C6:08:3A:95:70:33:CA
[/code]
I have also checked the SSL iiop listener in the admin gui. It is also using
s1as
So any suggestions? I must be missing something but at the moment I'm out of ideas.
Thanks
Peter Henderson
[Message sent by forum member 'phenderson' (phenderson)]
http://forums.java.net/jive/thread.jspa?messageID=209402