How can I configure JBoss EAP 7.1 so that EJB connections use 1-way SSL with PicketBox legacy security?

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat JBoss Enterprise Application Platform
- 7.1

Issue

How can I configure JBoss EAP 7.1 so that EJB connections use 1-way SSL?

Resolution

Server side configuration

See Resolution section of the 2-way SSL solution and generate the keystores and truststores as explained in step 1. of the Server side configuration.

Add the keystore.server to the ApplicationRealm, for example using the CLI on a standalone server like:

    [standalone@localhost:9990 /] /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:remove()

    [standalone@localhost:9990 /] /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=server.keystore, keystore-password=123456, keystore-relative-to=jboss.server.config.dir)

Configure the remoting http-connector to use https using the CLI on a standalone server like:

[standalone@host.example.com:9990 /] /subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=connector-ref, value=https)

XML:

<subsystem xmlns="urn:jboss:domain:remoting:4.0">
    <endpoint/>
    <http-connector name="http-remoting-connector" connector-ref="https" security-realm="ApplicationRealm"/>
</subsystem>

Client side configuration

If you're implementing the client part as explained in How configure an EJB client in EAP 7.1 ¹, you need to change the PROVIDER_URL to use remote+https and the port configuration should be changed to the jboss.https.port which is 8443 by default, see:

    import org.jboss.ejb.client.EJBClient;

    public void callRemoteEjb() {
       HelloRemote remote = getInitialContext(host, port, user, pass).lookup("ejb:helloWorld/helloWorld-ejb/HelloWorldSLSB!org.jboss.examples.ejb.HelloRemote");
          remote.helloWorld();
    }
    public static Context getInitialContext(String host, Integer port, String username, String password) {
       Properties props = new Properties();
       props.put(Context.INITIAL_CONTEXT_FACTORY,  "org.wildfly.naming.client.WildFlyInitialContextFactory");
       props.put(Context.PROVIDER_URL, String.format("%s://%s:%d", "remote+https", host, port));
       if(username != null && password != null) {
          props.put(Context.SECURITY_PRINCIPAL, username);
          props.put(Context.SECURITY_CREDENTIALS, password);
       }
       return new InitialContext(props);
    }

When running the standalone Java application the following system properties must be set (either directly in the code or as show below, as command line parameters):
```
-Djavax.net.ssl.trustStore=${path.to}/client.truststore
-Djavax.net.ssl.trustStorePassword=123456
```

How configure an EJB client in EAP 7.1

SBR

JBoss Security

Product(s)

Red Hat JBoss Enterprise Application Platform

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.