Java Reference
In-Depth Information
Now your web browser will recognize your new certificate as being signed by a CA,
so it won't complain about not being able to validate the certificate.
Securing EJB communication
EJB clients interact with the Enterprise EJB tier using the RMI-IIOP protocol. The
RMI-IIOP protocol has been developed by Sun to combine the RMI programming
model with the IIOP underlying transport.
Securing the EJB transport is required for applications having strict secure policies,
which cannot be carried out using clear-text transmission. In order to do that, we
need to complete the following steps:
1. First generate the SSL certificates and then store the client's public key in
the server's
keystore
object and the server's public key on the client's
truststore
.
2. Next, we need to create an SSL-aware security realm that will be used by
the
remoting
transport.
3. Finally, we need to apply some changes to our EJB application so that is
actually uses the SSL secure channel.
Generating the server and client certificates
Start by generating a public/private key pair for the entity whose unique name has
the common name
Francesco Marchioni
, organization
PacktPub
, and two-let-
ter country code
GB
.
keytool -genkey -v -alias as7alias -keyalg RSA
-keysize 1024 -keystore jboss.keystore
-validity 180 -keypass mypassword -storepass
mypassword -dname "cn=Francesco
Marchioni,o=PacktPub,c=GB"
Next, export the server's public key into a certificate named
sslPublicKey.cer
that is using the password
mypassword
.
