18.2. Enable Serialization on the Server
Procedure 18.1. Task
- Navigate to the SOA_ROOT directory:
- Run the
keytoolcommand and follow the prompts on screen:
keytool -genkey -alias droolsKey -keyalg RSA -keystore MyDroolsPrivateKeyStore.keystore Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Test User What is the name of your organizational unit? [Unknown]: HR What is the name of your organization? [Unknown]: Test Org What is the name of your City or Locality? [Unknown]: Brisbane What is the name of your State or Province? [Unknown]: QLD What is the two-letter country code for this unit? [Unknown]: AU Is CN=Test User, OU=HR, O=Test Org, L=Brisbane, ST=QLD, C=AU correct? [no]: yes Enter key password for droolsKey (RETURN if same as keystore password): Re-enter new password:After answering all of the questions, a password-protected file named
MyDroolsPrivateKeyStore.keystoreis created. This keystore file has a private key called droolsKey with the password "drools". Store this file in a safe location in your environment, which will hereafter be referred to as the
ImportantThe passwords above are examples only and should not be used in production.
- Open the configuration file:
- Configure the JBoss Enterprise SOA Platform to use the JBoss Rules serialization feature by adding this snippet to
<mbean code="org.jboss.varia.property.SystemPropertiesService" name="jboss:type=Service,name=SystemProperties"> <attribute name="Properties"> # Drools Security Serialization specific properties drools.serialization.sign=true drools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsPrivateKeyStore.keystore drools.serialization.private.keyStorePwd=drools drools.serialization.private.keyAlias=droolsKey drools.serialization.private.keyPwd=drools </attribute> </mbean>
- Set the drools.serialization.sign property to "true":
- drools.serialization.private.keyStoreURL=<RL> is the URL of the private keystore location.
- In the example above, replace
MyDroolsKeyStore.keystorewith your keystore directory and the name of the keystore you created with the keytool
- drools.serialization.private.keyStorePwd=<password> is the password to access the private keystore.
- drools.serialization.private.keyAlias=<key> is the key alias (identifier) of the private key.
- drools.serialization.private.keyPwd=<password> is the private key password.
- Save the file and exit.
- Restart the server instance.
WarningIf the system properties were not configured properly, you will see this error when you try to build a rules package:
An error occurred building the package. Error signing object store: Key store with private key not configured. Please configure it properly before using signed serialization