ssl - 如何使用 JBoss 6 在 RMIIO 流上启用加密

Question

我想加密 JBoss 6.1.0.Final 服务器和我的客户端之间的通信。为此，我通过 RMI 激活了 SSL，它运行良好。但是，我也使用 RMIIO，当我通过 RMI 激活 SSL 加密时，它没有自动加密。在最佳情况下，我想使用与加密 RMI 通信相同的加密技术。

这是我的配置:

server/myThing/deploy/remoting-jboss-beans.xml

<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">

    <deployment xmlns="urn:jboss:bean-deployer:2.0">

       <bean name="UnifiedInvokerConnector" class="org.jboss.remoting.transport.Connector">
          <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.remoting:service=Connector,transport=socket",exposedInterface=org.jboss.remoting.transport.ConnectorMBean.class,registerDirectly=true)</annotation>
          <property name="serverConfiguration"><inject bean="UnifiedInvokerConfiguration"/></property>
          <!-- add this to configure the SSL socket for the UnifiedInvoker -->
          <property name="serverSocketFactory"><inject bean="SSLServerSocketFactoryEJB2"/></property>
       </bean>

       <!-- Remoting server configuration -->
       <bean name="UnifiedInvokerConfiguration" class="org.jboss.remoting.ServerConfiguration">
          <constructor>
             <!-- Changed from socket to sslsocket -->
             <parameter>sslsocket</parameter>
          </constructor>
          <!-- some other stuff, kept as the default config -->
       </bean>

       <!-- Some stuff removed to simplify the explanation -->

       <!-- Added for SSL security -->
       <bean name="SSLServerSocketFactoryEJB2" class="org.jboss.security.ssl.DomainServerSocketFactory">
         <constructor>
           <parameter><inject bean="EJB2SSLDomain"/></parameter>
         </constructor>
       </bean>

       <!-- Added for SSL security -->
       <bean name="EJB2SSLDomain" class="org.jboss.security.plugins.JaasSecurityDomain">
         <constructor>
           <parameter>EJB2SSLDomain</parameter>
         </constructor>
         <property name="keyStoreURL">C:\MyData\Security\ssl.keystore</property>
         <property name="keyStorePass">MyPassword</property>
         <property name="keyStoreAlias">MyAlias</property>
         <property name="trustStorePass">MyPassword</property>
       </bean>

    </deployment>

server/myThing/deploy/properties-service.xml

<server>

  <!-- some stuff removed -->

  <mbean code="org.jboss.varia.property.SystemPropertiesService" 
     name="jboss:type=Service,name=SystemProperties">

    <attribute name="Properties">
      com.healthmarketscience.rmiio.exporter.port=11099
    </attribute>

  </mbean>
</server>

Answer 1

我已经有一段时间没研究 RMI 和 SSL 了。但是，RMIIO 有一个特定的接口(interface)，允许您自定义底层的“远程处理”实现，RemoteStreamExporter .如果您查看 DefaultRemoteStreamExporter实现，您可以看到默认情况下如何导出 RMI 对象。我的猜测是您想使用调用 4 parameter export method 的类似实现使用适当的 RMI SSL 套接字工厂。