Red Hat Training
A Red Hat training course is available for JBoss Enterprise SOA Platform
18.3. Enable Serialization on the Client
Prerequisites
- Server serialization must already be enabled.
Procedure 18.2. Task
- Create a public key certificate from the private keystore. (You can access the keytool by running
keytool -genkey -alias droolsKey -keyalg RSA -keystore
.):keytool -export -alias droolsKey -file droolsKey.crt -keystore
MyDroolsPrivateKeyStore.keystore Enter keystore password: Certificate stored in file <droolsKey.crtU>
- Import the public key certificate into a public keystore. (This is where it will be used by your client applications):
keytool -import -alias droolsKey -file droolsKey.crt -keystore
MyPublicDroolsKeyStore.keystore Enter keystore password: Re-enter new password: Owner: CN=Test User, OU=Dev, O=XYZ Corporation, L=Brisbane, ST=QLD, C=AU Issuer: CN=Test User, OU=Dev, O=XYZ Corporation, L=Brisbane, ST=QLD, C=AU Serial number: 4ca0021b Valid from: Sun Sep 26 22:31:55 EDT 2010 until: Sat Dec 25 21:31:55 EST 2010 Certificate fingerprints: MD5: 31:1D:1B:98:59:CC:0E:3C:3F:57:01:C2:FE:F2:6D:C9 SHA1: 4C:26:52:CA:0A:92:CC:7A:86:04:50:53:80:94:2A:4F:82:6F:53:AD Signature algorithm name: SHA1withRSA Version: 3 Trust this certificate? [no]: yes Certificate was added to keystore
- Open the server configuration file:
vi grep drools jboss-as/server/default/deploy/properties-service.xml
- Replace keystoredir and MyPublicDroolsKeyStore.keystore with your keystore directory, and the name of the public keystore you created previously:
# Drools Client Properties for Security Serialization drools.serialization.public.keyStoreURL=file://$keystoredir/MyPublicDroolsKeyStore.keystore drools.serialization.public.keyStorePwd=drools
- Save the file and exit.
- Restart the JBoss Enterprise SOA Platform server.
- For Java client applications, set the system properties in your code like this:
// Set the client properties to deserialize the signed packages URL clientKeyStoreURL = getClass().getResource( "MyPublicDroolsKeyStore.keystore" ); System.setProperty( KeyStoreHelper.PROP_SIGN, "true" ); System.setProperty( KeyStoreHelper.PROP_PUB_KS_URL, clientKeyStoreURL.toExternalForm() ); System.setProperty( KeyStoreHelper.PROP_PUB_KS_PWD, "drools" ); ...
Alternatively, open therun.sh
shell script (vi SOA_ROOT/jboss-as/bin/run.sh
) script and edit the JAVA_OPTS section:# Serialization Security Settings JAVA_OPTS="-Ddrools.serialization.sign=true $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsKeyStore.keystore $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyStorePwd=drools $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyAlias=droolsKey $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyPwd=drools $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.public.keyStoreURL=file://$keystoredir/MyPublicDroolsKeyStore.keystore $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.public.keyStorePwd=drools $JAVA_OPTS"
Replace the values shown above with ones specific to your environment, and then restart the server instance.