Bordet, Simone
2002-02-08 10:31:09 UTC
Hi (Carlos especially),
I'm implementing RMI over SSL adaptor, and I wanted to share some idea, since SSL is also used for HTTP adaptor.
I like very much the idea of having a SSL server socket factory (SSF) as MBean, given the huge amount of parameters required to setup a SSL SSF.
Furthermore it will be easy to improve it to support client authentication also, not only server authentication.
Given so, every time I need a HTTP adaptor over SSL, I register a SSL SSF and then register the HTTP adaptor, passing it the object name of the SSL SSF in String form.
Now it is not like this (no big deal) but instead the SSL SSF is passed as Java object as attribute. This of course implies that it is not possible to stop the HTTP adaptor, change the file from where key information is read for SSL (in the SSL SSF MBean), and restart the HTTP adaptor from a management application (such as the HTTP adaptor itself, for example :).
I would like to do the same for the RMI adaptor or, to be precise, the JRMP adaptor (IIOP still does not support SSL from Java API).
So basically I register a SSL SSF with its own parameters, then register the JRMP adaptor, I will pass it the object name of the SSL SSF MBean, and start it.
Any comment on the above schema ?
I find it cleaner than having a RMI adaptor MBean with a *lot* of parameters specifying the port for RMI, the key file and so on; we specify SSL parameters to SSL MBean and RMI parameters to RMI MBean, and a pointer to the SSL MBean if we want to have RMI over SSL. Same for HTTP adaptor.
It will also be very good when server applications are specified in MLet files, since constructors will take fewer parameters.
If the above is good, then I propose:
1) to move the AdaptorSocketFactory from openjmx.adaptor.http to openjmx.adaptor.
2) to change its name to AdaptorServerSocketFactory.
3) to remove setParameters
4) to change createServerSocket() in createServerSocket(int port, int backlog, String hostName);
5) to move SSLFactory from openjmx.adaptor.http.ssl to openjmx.adaptor.ssl
6) to change its name to SSLAdaptorServerSocketFactory
7) to change its implementation following 3) and 4)
8) to change accordingly the management interface (now SSLFactoryMBean)
9) to move DefaultSocketFactory from openjmx.adaptor.http to openjmx.adaptor
10) to rename it Plain(Default)AdaptorServerSocketFactory
11) to change its implementation following 3) and 4)
About 3 and 4, I find easier to have only one method, and it is the schema used in all the other socket factories present in libraries such as jdk and jsse.
About 10 I prefer Plain, since it is used also in jdk (implementation class for Socket is PlainSocketImpl).
I am deeply on it, so I can do all the changes above and commit by the beginning of next week.
Comments are welcome.
Cheers,
Simon
I'm implementing RMI over SSL adaptor, and I wanted to share some idea, since SSL is also used for HTTP adaptor.
I like very much the idea of having a SSL server socket factory (SSF) as MBean, given the huge amount of parameters required to setup a SSL SSF.
Furthermore it will be easy to improve it to support client authentication also, not only server authentication.
Given so, every time I need a HTTP adaptor over SSL, I register a SSL SSF and then register the HTTP adaptor, passing it the object name of the SSL SSF in String form.
Now it is not like this (no big deal) but instead the SSL SSF is passed as Java object as attribute. This of course implies that it is not possible to stop the HTTP adaptor, change the file from where key information is read for SSL (in the SSL SSF MBean), and restart the HTTP adaptor from a management application (such as the HTTP adaptor itself, for example :).
I would like to do the same for the RMI adaptor or, to be precise, the JRMP adaptor (IIOP still does not support SSL from Java API).
So basically I register a SSL SSF with its own parameters, then register the JRMP adaptor, I will pass it the object name of the SSL SSF MBean, and start it.
Any comment on the above schema ?
I find it cleaner than having a RMI adaptor MBean with a *lot* of parameters specifying the port for RMI, the key file and so on; we specify SSL parameters to SSL MBean and RMI parameters to RMI MBean, and a pointer to the SSL MBean if we want to have RMI over SSL. Same for HTTP adaptor.
It will also be very good when server applications are specified in MLet files, since constructors will take fewer parameters.
If the above is good, then I propose:
1) to move the AdaptorSocketFactory from openjmx.adaptor.http to openjmx.adaptor.
2) to change its name to AdaptorServerSocketFactory.
3) to remove setParameters
4) to change createServerSocket() in createServerSocket(int port, int backlog, String hostName);
5) to move SSLFactory from openjmx.adaptor.http.ssl to openjmx.adaptor.ssl
6) to change its name to SSLAdaptorServerSocketFactory
7) to change its implementation following 3) and 4)
8) to change accordingly the management interface (now SSLFactoryMBean)
9) to move DefaultSocketFactory from openjmx.adaptor.http to openjmx.adaptor
10) to rename it Plain(Default)AdaptorServerSocketFactory
11) to change its implementation following 3) and 4)
About 3 and 4, I find easier to have only one method, and it is the schema used in all the other socket factories present in libraries such as jdk and jsse.
About 10 I prefer Plain, since it is used also in jdk (implementation class for Socket is PlainSocketImpl).
I am deeply on it, so I can do all the changes above and commit by the beginning of next week.
Comments are welcome.
Cheers,
Simon