You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by bitz <th...@canada.com> on 2009/10/24 01:26:23 UTC
OpenEJB over SSL
I'm using a snapshot of geronimo 2.2 which uses OpenEJB 3.1.2. I'm writing a
test application to try out ejbds, which provides support for OpenEJB
client-server communications over SSL. According to these,
http://www.nabble.com/EJBd-protocol-over-SSL-td22188312.html
http://issues.apache.org/jira/browse/OPENEJB-785
it should work. I'm running the client and Geronimo on the same machine.
Here's my client code,
final URI serverURI = new URI( "ejbds", null, "127.0.0.1", 4201, null, null,
null );
final Properties contextProperties = new Properties( );
contextProperties.put( Context.INITIAL_CONTEXT_FACTORY,
"org.apache.openejb.client.RemoteInitialContextFactory" );
contextProperties.put( Context.PROVIDER_URL, serverURI.toString( ) );
contextProperties.put("ejbd.secure", "true");
final InitialContext ctx = new InitialContext( contextProperties );
final MyEjbService remote = (MyEjbService)ctx.lookup("MyEjbRemote");
final String serverTime = remote.getServerTime();
System.out.println("server time: " + serverTime);
The OpenEJB client code is detecting "ejbds" as the protocol and creating an
SSLSocket, but the client fails on the ctx.lookup() call.
java.lang.RuntimeException: Invalid response from server: -1
at org.apache.openejb.client.JNDIContext.lookup(JNDIContext.java:277)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
...
The geronimo.log server-side shows,
java.io.IOException: Unexpected byte 128
at
org.apache.openejb.server.ejbd.KeepAliveServer$Session.service(KeepAliveServer.java:221)
at
org.apache.openejb.server.ejbd.KeepAliveServer.service(KeepAliveServer.java:233)
at org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:66)
...
When I dig into the OpenEjb server code, ServerDaemon.java, it appears to
need a "secure" property to be set to true. When I debug the code,
ServerDaemon.java configures the socket listener when the GBean starts, then
never again, so I'm not sure how this is supposed to work. Using
contextProperties.put("ejbd.secure", "true") on the client side has no
effect. And I can't find a way to set the 'secure' attribute in Geronimo's
config.xml. Geronimo fails to start, complaining that 'secure' is
unrecognized when I add it as an attribute to EJBNetworkService.
One of the links above mentions doing properties.setProperty("ejbd.secure",
"true") on the server side, but where/how would I do that?
What am I missing?
Any help would be appreciated.
--
View this message in context: http://www.nabble.com/OpenEJB-over-SSL-tp26034601p26034601.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: OpenEJB over SSL
Posted by bitz <th...@canada.com>.
I think I figured it out. I had to add another server side ejbd
configuration. If I pass -Dejbd.discovery="ejb:ejbds://{bind}:{port}" to
the JVM on the server side (in addition to -Dejbd.secure=true), then the
server properly replies back to the client with a ClusterResponse containing
ejbds. Subsequent EJB calls, etc, work fine.
bitz wrote:
>
> The server side of OpenEJB is responding with a different protocol than
> the client is using. The OpenEJB client side class Client, in it's
> processRequest() method, as part of the handshake with the server, is
> sending a ClusterRequest object to the server. The CluserRequest object
> contains the correct URI, "ejbds://127.0.0.1:4201", but when the server
> responds with a ClusterResponse object later in the processRequest()
> method, the URI is "ejbd:0.0.0.0:4201". This URI's protocol, ejbd, is
> then used for all future connections to the server, which fails, as noted
> in the last post.
>
> Is OpenEJB's support of SSL incomplete?
>
> Thanks in advance.
>
>
> bitz wrote:
>>
>> I figured out a way to set the server side 'secure' boolean on
>> ServerDaemon. I can pass -Dejbd.secure=true to the JVM. Not sure if
>> this is the correct way to do it, but it gets me a little further. The
>> client ctx.lookup() is successful, so the client connects to the server
>> ok, at least once. On the subsequent call to my remote method,
>> remote.getServerTime(), the OpenEJB client code no longer knows that the
>> connection should be ejbds. It's reverting to ejbd, and creates a
>> standard Socket instead of SSLSocket. The remote method call fails.
>> I'll keep debugging, but it looks like there might be a defect somewhere,
>> unless I'm doing something wrong.
>>
>>
>>
>> bitz wrote:
>>>
>>> I'm using a snapshot of geronimo 2.2 which uses OpenEJB 3.1.2. I'm
>>> writing a test application to try out ejbds, which provides support for
>>> OpenEJB client-server communications over SSL. According to these,
>>>
>>> http://www.nabble.com/EJBd-protocol-over-SSL-td22188312.html
>>> http://issues.apache.org/jira/browse/OPENEJB-785
>>>
>>> it should work. I'm running the client and Geronimo on the same
>>> machine. Here's my client code,
>>>
>>> final URI serverURI = new URI( "ejbds", null, "127.0.0.1", 4201, null,
>>> null, null );
>>> final Properties contextProperties = new Properties( );
>>> contextProperties.put( Context.INITIAL_CONTEXT_FACTORY,
>>> "org.apache.openejb.client.RemoteInitialContextFactory" );
>>> contextProperties.put( Context.PROVIDER_URL, serverURI.toString( ) );
>>> contextProperties.put("ejbd.secure", "true");
>>>
>>> final InitialContext ctx = new InitialContext( contextProperties );
>>> final MyEjbService remote = (MyEjbService)ctx.lookup("MyEjbRemote");
>>> final String serverTime = remote.getServerTime();
>>> System.out.println("server time: " + serverTime);
>>>
>>> The OpenEJB client code is detecting "ejbds" as the protocol and
>>> creating an SSLSocket, but the client fails on the ctx.lookup() call.
>>>
>>> java.lang.RuntimeException: Invalid response from server: -1
>>> at org.apache.openejb.client.JNDIContext.lookup(JNDIContext.java:277)
>>> at javax.naming.InitialContext.lookup(InitialContext.java:392)
>>> ...
>>>
>>> The geronimo.log server-side shows,
>>>
>>> java.io.IOException: Unexpected byte 128
>>> at
>>> org.apache.openejb.server.ejbd.KeepAliveServer$Session.service(KeepAliveServer.java:221)
>>> at
>>> org.apache.openejb.server.ejbd.KeepAliveServer.service(KeepAliveServer.java:233)
>>> at org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:66)
>>> ...
>>>
>>> When I dig into the OpenEjb server code, ServerDaemon.java, it appears
>>> to need a "secure" property to be set to true. When I debug the code,
>>> ServerDaemon.java configures the socket listener when the GBean starts,
>>> then never again, so I'm not sure how this is supposed to work. Using
>>> contextProperties.put("ejbd.secure", "true") on the client side has no
>>> effect. And I can't find a way to set the 'secure' attribute in
>>> Geronimo's config.xml. Geronimo fails to start, complaining that
>>> 'secure' is unrecognized when I add it as an attribute to
>>> EJBNetworkService.
>>>
>>> One of the links above mentions doing
>>> properties.setProperty("ejbd.secure", "true") on the server side, but
>>> where/how would I do that?
>>>
>>> What am I missing?
>>>
>>> Any help would be appreciated.
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/OpenEJB-over-SSL-tp26034601p26083500.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: OpenEJB over SSL
Posted by bitz <th...@canada.com>.
The server side of OpenEJB is responding with a different protocol than the
client is using. The OpenEJB client side class Client, in it's
processRequest() method, as part of the handshake with the server, is
sending a ClusterRequest object to the server. The CluserRequest object
contains the correct URI, "ejbds://127.0.0.1:4201", but when the server
responds with a ClusterResponse object later in the processRequest() method,
the URI is "ejbd:0.0.0.0:4201". This URI's protocol, ejbd, is then used for
all future connections to the server, which fails, as noted in the last
post.
Is OpenEJB's support of SSL incomplete?
Thanks in advance.
bitz wrote:
>
> I figured out a way to set the server side 'secure' boolean on
> ServerDaemon. I can pass -Dejbd.secure=true to the JVM. Not sure if this
> is the correct way to do it, but it gets me a little further. The client
> ctx.lookup() is successful, so the client connects to the server ok, at
> least once. On the subsequent call to my remote method,
> remote.getServerTime(), the OpenEJB client code no longer knows that the
> connection should be ejbds. It's reverting to ejbd, and creates a
> standard Socket instead of SSLSocket. The remote method call fails. I'll
> keep debugging, but it looks like there might be a defect somewhere,
> unless I'm doing something wrong.
>
>
>
> bitz wrote:
>>
>> I'm using a snapshot of geronimo 2.2 which uses OpenEJB 3.1.2. I'm
>> writing a test application to try out ejbds, which provides support for
>> OpenEJB client-server communications over SSL. According to these,
>>
>> http://www.nabble.com/EJBd-protocol-over-SSL-td22188312.html
>> http://issues.apache.org/jira/browse/OPENEJB-785
>>
>> it should work. I'm running the client and Geronimo on the same machine.
>> Here's my client code,
>>
>> final URI serverURI = new URI( "ejbds", null, "127.0.0.1", 4201, null,
>> null, null );
>> final Properties contextProperties = new Properties( );
>> contextProperties.put( Context.INITIAL_CONTEXT_FACTORY,
>> "org.apache.openejb.client.RemoteInitialContextFactory" );
>> contextProperties.put( Context.PROVIDER_URL, serverURI.toString( ) );
>> contextProperties.put("ejbd.secure", "true");
>>
>> final InitialContext ctx = new InitialContext( contextProperties );
>> final MyEjbService remote = (MyEjbService)ctx.lookup("MyEjbRemote");
>> final String serverTime = remote.getServerTime();
>> System.out.println("server time: " + serverTime);
>>
>> The OpenEJB client code is detecting "ejbds" as the protocol and creating
>> an SSLSocket, but the client fails on the ctx.lookup() call.
>>
>> java.lang.RuntimeException: Invalid response from server: -1
>> at org.apache.openejb.client.JNDIContext.lookup(JNDIContext.java:277)
>> at javax.naming.InitialContext.lookup(InitialContext.java:392)
>> ...
>>
>> The geronimo.log server-side shows,
>>
>> java.io.IOException: Unexpected byte 128
>> at
>> org.apache.openejb.server.ejbd.KeepAliveServer$Session.service(KeepAliveServer.java:221)
>> at
>> org.apache.openejb.server.ejbd.KeepAliveServer.service(KeepAliveServer.java:233)
>> at org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:66)
>> ...
>>
>> When I dig into the OpenEjb server code, ServerDaemon.java, it appears to
>> need a "secure" property to be set to true. When I debug the code,
>> ServerDaemon.java configures the socket listener when the GBean starts,
>> then never again, so I'm not sure how this is supposed to work. Using
>> contextProperties.put("ejbd.secure", "true") on the client side has no
>> effect. And I can't find a way to set the 'secure' attribute in
>> Geronimo's config.xml. Geronimo fails to start, complaining that
>> 'secure' is unrecognized when I add it as an attribute to
>> EJBNetworkService.
>>
>> One of the links above mentions doing
>> properties.setProperty("ejbd.secure", "true") on the server side, but
>> where/how would I do that?
>>
>> What am I missing?
>>
>> Any help would be appreciated.
>>
>>
>
>
--
View this message in context: http://www.nabble.com/OpenEJB-over-SSL-tp26034601p26063931.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: OpenEJB over SSL
Posted by bitz <th...@canada.com>.
I figured out a way to set the server side 'secure' boolean on ServerDaemon.
I can pass -Dejbd.secure=true to the JVM. Not sure if this is the correct
way to do it, but it gets me a little further. The client ctx.lookup() is
successful, so the client connects to the server ok, at least once. On the
subsequent call to my remote method, remote.getServerTime(), the OpenEJB
client code no longer knows that the connection should be ejbds. It's
reverting to ejbd, and creates a standard Socket instead of SSLSocket. The
remote method call fails. I'll keep debugging, but it looks like there
might be a defect somewhere, unless I'm doing something wrong.
bitz wrote:
>
> I'm using a snapshot of geronimo 2.2 which uses OpenEJB 3.1.2. I'm
> writing a test application to try out ejbds, which provides support for
> OpenEJB client-server communications over SSL. According to these,
>
> http://www.nabble.com/EJBd-protocol-over-SSL-td22188312.html
> http://issues.apache.org/jira/browse/OPENEJB-785
>
> it should work. I'm running the client and Geronimo on the same machine.
> Here's my client code,
>
> final URI serverURI = new URI( "ejbds", null, "127.0.0.1", 4201, null,
> null, null );
> final Properties contextProperties = new Properties( );
> contextProperties.put( Context.INITIAL_CONTEXT_FACTORY,
> "org.apache.openejb.client.RemoteInitialContextFactory" );
> contextProperties.put( Context.PROVIDER_URL, serverURI.toString( ) );
> contextProperties.put("ejbd.secure", "true");
>
> final InitialContext ctx = new InitialContext( contextProperties );
> final MyEjbService remote = (MyEjbService)ctx.lookup("MyEjbRemote");
> final String serverTime = remote.getServerTime();
> System.out.println("server time: " + serverTime);
>
> The OpenEJB client code is detecting "ejbds" as the protocol and creating
> an SSLSocket, but the client fails on the ctx.lookup() call.
>
> java.lang.RuntimeException: Invalid response from server: -1
> at org.apache.openejb.client.JNDIContext.lookup(JNDIContext.java:277)
> at javax.naming.InitialContext.lookup(InitialContext.java:392)
> ...
>
> The geronimo.log server-side shows,
>
> java.io.IOException: Unexpected byte 128
> at
> org.apache.openejb.server.ejbd.KeepAliveServer$Session.service(KeepAliveServer.java:221)
> at
> org.apache.openejb.server.ejbd.KeepAliveServer.service(KeepAliveServer.java:233)
> at org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:66)
> ...
>
> When I dig into the OpenEjb server code, ServerDaemon.java, it appears to
> need a "secure" property to be set to true. When I debug the code,
> ServerDaemon.java configures the socket listener when the GBean starts,
> then never again, so I'm not sure how this is supposed to work. Using
> contextProperties.put("ejbd.secure", "true") on the client side has no
> effect. And I can't find a way to set the 'secure' attribute in
> Geronimo's config.xml. Geronimo fails to start, complaining that 'secure'
> is unrecognized when I add it as an attribute to EJBNetworkService.
>
> One of the links above mentions doing
> properties.setProperty("ejbd.secure", "true") on the server side, but
> where/how would I do that?
>
> What am I missing?
>
> Any help would be appreciated.
>
>
--
View this message in context: http://www.nabble.com/OpenEJB-over-SSL-tp26034601p26034909.html
Sent from the OpenEJB User mailing list archive at Nabble.com.