List of usage examples for javax.rmi.ssl SslRMIServerSocketFactory SslRMIServerSocketFactory
public SslRMIServerSocketFactory(String[] enabledCipherSuites, String[] enabledProtocols, boolean needClientAuth) throws IllegalArgumentException
Creates a new SslRMIServerSocketFactory with the specified SSL socket configuration.
From source file:com.continuent.tungsten.common.jmx.JmxManager.java
/** * Starts the JMX connector for the server. *//*from w ww. j av a 2 s . c om*/ protected void startJmxConnector() { String serviceAddress = null; try { MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); serviceAddress = generateServiceAddress(host, beanPort, registryPort, serviceName); JMXServiceURL address = new JMXServiceURL(serviceAddress); // --- Define security attributes --- HashMap<String, Object> env = new HashMap<String, Object>(); // --- Authentication based on password and access files--- if (authenticationInfo != null && authenticationInfo.isAuthenticationNeeded()) { if (authenticationInfo.isUseTungstenAuthenticationRealm()) env.put(JMXConnectorServer.AUTHENTICATOR, new RealmJMXAuthenticator(authenticationInfo)); else env.put("jmx.remote.x.password.file", authenticationInfo.getPasswordFileLocation()); env.put("jmx.remote.x.access.file", authenticationInfo.getAccessFileLocation()); } // --- SSL encryption --- if (authenticationInfo != null && authenticationInfo.isEncryptionNeeded()) { // Keystore System.setProperty("javax.net.ssl.keyStore", authenticationInfo.getKeystoreLocation()); System.setProperty("javax.net.ssl.keyStorePassword", authenticationInfo.getKeystorePassword()); /** * Configure SSL. Protocols and ciphers are set in * securityHelper.setSecurityProperties and used by * SslRMIClientSocketFactory */ try { String[] protocolArray = authenticationInfo.getEnabledProtocols().toArray(new String[0]); String[] allowedCipherSuites = authenticationInfo.getEnabledCipherSuites() .toArray(new String[0]); String[] cipherArray; if (protocolArray.length == 0) protocolArray = null; if (allowedCipherSuites.length == 0) cipherArray = null; else { // Ensure we choose an allowed cipher suite. cipherArray = authenticationInfo.getJvmEnabledCipherSuites().toArray(new String[0]); if (cipherArray.length == 0) { // We don't have any cipher suites in common. This // is not good! String message = "Unable to find approved ciphers in the supported cipher suites on this JVM"; StringBuffer sb = new StringBuffer(message).append("\n"); sb.append(String.format("JVM supported cipher suites: %s\n", StringUtils.join(SecurityHelper.getJvmSupportedCiphers()))); sb.append(String.format("Approved cipher suites from security.properties: %s\n", StringUtils.join(allowedCipherSuites))); logger.error(sb.toString()); throw new RuntimeException(message); } } logger.info("Setting allowed JMX server protocols: " + StringUtils.join(protocolArray, ",")); logger.info("Setting allowed JMX server ciphers: " + StringUtils.join(cipherArray, ",")); SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory(); SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(cipherArray, protocolArray, false); env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf); env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf); } catch (IllegalArgumentException ie) { logger.warn("Some of the protocols or ciphers are not supported. " + ie.getMessage()); throw new RuntimeException(ie.getLocalizedMessage(), ie); } } env.put(RMIConnectorServer.JNDI_REBIND_ATTRIBUTE, "true"); JMXConnectorServer connector = JMXConnectorServerFactory.newJMXConnectorServer(address, env, mbs); connector.start(); logger.info(MessageFormat.format("JMXConnector: security.properties={0}", (authenticationInfo != null) ? authenticationInfo.getParentPropertiesFileLocation() : "No security.properties file found !...")); if (authenticationInfo != null) logger.info(authenticationInfo.toString()); logger.info(String.format("JMXConnector started at address %s", serviceAddress)); jmxConnectorServer = connector; } catch (Throwable e) { throw new ServerRuntimeException( MessageFormat.format("Unable to create RMI listener: {0} -> {1}", getServiceProps(), e), e); } }
From source file:org.apache.cassandra.utils.JMXServerUtils.java
private static Map<String, Object> configureJmxSocketFactories(InetAddress serverAddress, boolean localOnly) { Map<String, Object> env = new HashMap<>(); if (Boolean.getBoolean("com.sun.management.jmxremote.ssl")) { boolean requireClientAuth = Boolean.getBoolean("com.sun.management.jmxremote.ssl.need.client.auth"); String[] protocols = null; String protocolList = System.getProperty("com.sun.management.jmxremote.ssl.enabled.protocols"); if (protocolList != null) { System.setProperty("javax.rmi.ssl.client.enabledProtocols", protocolList); protocols = StringUtils.split(protocolList, ','); }//from w w w . jav a 2 s. c om String[] ciphers = null; String cipherList = System.getProperty("com.sun.management.jmxremote.ssl.enabled.cipher.suites"); if (cipherList != null) { System.setProperty("javax.rmi.ssl.client.enabledCipherSuites", cipherList); ciphers = StringUtils.split(cipherList, ','); } SslRMIClientSocketFactory clientFactory = new SslRMIClientSocketFactory(); SslRMIServerSocketFactory serverFactory = new SslRMIServerSocketFactory(ciphers, protocols, requireClientAuth); env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, serverFactory); env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, clientFactory); env.put("com.sun.jndi.rmi.factory.socket", clientFactory); logJmxSslConfig(serverFactory); } else if (localOnly) { env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, new RMIServerSocketFactoryImpl(serverAddress)); } return env; }
From source file:org.ut.biolab.medsavant.server.MedSavantServerEngine.java
public static RMIServerSocketFactory getDefaultServerSocketFactory() { return isTLSRequired() ? new SslRMIServerSocketFactory(null, null, require_client_auth) : RMISocketFactory.getSocketFactory(); }