18.2. Enable Serialization on the Server

Procedure 18.1. Task

  1. Navigate to the SOA_ROOT directory: cd SOA_ROOT.
  2. Run the keytool command and follow the prompts on screen:
    keytool -genkey -alias droolsKey -keyalg RSA -keystore MyDroolsPrivateKeyStore.keystore
    Enter keystore password:  
    Re-enter new password: 
    What is your first and last name?
      [Unknown]:  Test User
    What is the name of your organizational unit?
      [Unknown]:  HR
    What is the name of your organization?
      [Unknown]:  Test Org
    What is the name of your City or Locality?
      [Unknown]:  Brisbane
    What is the name of your State or Province?
      [Unknown]:  QLD
    What is the two-letter country code for this unit?
      [Unknown]:  AU
    Is CN=Test User, OU=HR, O=Test Org, L=Brisbane, ST=QLD, C=AU correct?
      [no]:  yes
    Enter key password for droolsKey
         (RETURN if same as keystore password):  
    Re-enter new password:
    
    After answering all of the questions, a password-protected file named MyDroolsPrivateKeyStore.keystore is created. This keystore file has a private key called droolsKey with the password "drools". Store this file in a safe location in your environment, which will hereafter be referred to as the keystoredir.

    Important

    The passwords above are examples only and should not be used in production.
  3. Open the configuration file: vi jboss-as/server/default/deploy/properties-service.xml
  4. Configure the JBoss Enterprise SOA Platform to use the JBoss Rules serialization feature by adding this snippet to properties-service.xml:
    <mbean code="org.jboss.varia.property.SystemPropertiesService"  name="jboss:type=Service,name=SystemProperties">
        <attribute name="Properties">
          # Drools Security Serialization specific properties
          drools.serialization.sign=true
          drools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsPrivateKeyStore.keystore
          drools.serialization.private.keyStorePwd=drools
          drools.serialization.private.keyAlias=droolsKey
          drools.serialization.private.keyPwd=drools
        </attribute>
    </mbean>
    
  5. Set the drools.serialization.sign property to "true":
    drools.serialization.sign=true
    
    • drools.serialization.private.keyStoreURL=<RL> is the URL of the private keystore location.
    • In the example above, replace keystoredir and MyDroolsKeyStore.keystore with your keystore directory and the name of the keystore you created with the keytool
    • drools.serialization.private.keyStorePwd=<password> is the password to access the private keystore.
    • drools.serialization.private.keyAlias=<key> is the key alias (identifier) of the private key.
    • drools.serialization.private.keyPwd=<password> is the private key password.
  6. Save the file and exit.
  7. Restart the server instance.

    Warning

    If the system properties were not configured properly, you will see this error when you try to build a rules package:
    An error occurred building the package.
    
    Error
    signing object store: Key store with private key not configured. Please
    configure it properly before using signed serialization