Red Hat Training

A Red Hat training course is available for JBoss Enterprise SOA Platform

18.3. Enable Serialization on the Client

Prerequisites

  • Server serialization must already be enabled.

Procedure 18.2. Task

  1. Create a public key certificate from the private keystore. (You can access the keytool by running keytool -genkey -alias droolsKey -keyalg RSA -keystore.):
    keytool -export -alias droolsKey -file droolsKey.crt -keystore
    
        
    MyDroolsPrivateKeyStore.keystore 
    Enter keystore password:  
    Certificate stored in file <droolsKey.crtU>
    
  2. Import the public key certificate into a public keystore. (This is where it will be used by your client applications):
    keytool -import -alias droolsKey -file droolsKey.crt -keystore
    
    MyPublicDroolsKeyStore.keystore
    Enter keystore password:  
    Re-enter new password: 
    Owner: CN=Test User, OU=Dev, O=XYZ Corporation, L=Brisbane, ST=QLD, C=AU
    Issuer: CN=Test User, OU=Dev, O=XYZ Corporation, L=Brisbane, ST=QLD, C=AU
    Serial number: 4ca0021b
    Valid from: Sun Sep 26 22:31:55 EDT 2010 until: Sat Dec 25 21:31:55 EST 2010
    Certificate fingerprints:
         MD5:  31:1D:1B:98:59:CC:0E:3C:3F:57:01:C2:FE:F2:6D:C9
         SHA1: 4C:26:52:CA:0A:92:CC:7A:86:04:50:53:80:94:2A:4F:82:6F:53:AD
         Signature algorithm name: SHA1withRSA
         Version: 3
    Trust this certificate? [no]:  yes
    Certificate was added to keystore
    
  3. Open the server configuration file: vi grep drools jboss-as/server/default/deploy/properties-service.xml
  4. Replace keystoredir and MyPublicDroolsKeyStore.keystore with your keystore directory, and the name of the public keystore you created previously:
    # Drools Client Properties for Security Serialization
    drools.serialization.public.keyStoreURL=file://$keystoredir/MyPublicDroolsKeyStore.keystore
    drools.serialization.public.keyStorePwd=drools
    
  5. Save the file and exit.
  6. Restart the JBoss Enterprise SOA Platform server.
  7. For Java client applications, set the system properties in your code like this:
    // Set the client properties to deserialize the signed packages
    URL clientKeyStoreURL = getClass().getResource( "MyPublicDroolsKeyStore.keystore" );
    System.setProperty( KeyStoreHelper.PROP_SIGN,
                                "true" );
    System.setProperty( KeyStoreHelper.PROP_PUB_KS_URL,
                                clientKeyStoreURL.toExternalForm() );
    System.setProperty( KeyStoreHelper.PROP_PUB_KS_PWD,
                                "drools" );
    ...
    
    Alternatively, open the run.sh shell script (vi SOA_ROOT/jboss-as/bin/run.sh) script and edit the JAVA_OPTS section:
    # Serialization Security Settings
    JAVA_OPTS="-Ddrools.serialization.sign=true $JAVA_OPTS"
    JAVA_OPTS="-Ddrools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsKeyStore.keystore $JAVA_OPTS"
    JAVA_OPTS="-Ddrools.serialization.private.keyStorePwd=drools $JAVA_OPTS"
    JAVA_OPTS="-Ddrools.serialization.private.keyAlias=droolsKey $JAVA_OPTS"
    JAVA_OPTS="-Ddrools.serialization.private.keyPwd=drools $JAVA_OPTS"
    JAVA_OPTS="-Ddrools.serialization.public.keyStoreURL=file://$keystoredir/MyPublicDroolsKeyStore.keystore $JAVA_OPTS"
    JAVA_OPTS="-Ddrools.serialization.public.keyStorePwd=drools $JAVA_OPTS"
    
    Replace the values shown above with ones specific to your environment, and then restart the server instance.