JBoss 1-way and 2-way SSL symultaneously
Question
I have a JBoss application with multiple endpoints. All these endpoints should be available to any user over one way SSL (HTTPS), except for a specific endpoint (let's call it /app/sensitive) which should only be accessed by a specific machine (ie. 2-way SSL). Is there a way to configure JBoss for 1/2-way SSL at the same time, differentiated by what endpoint has been requested?
1 answers
solution1
0 2017-02-22 00:47:40
I'm not sure, because did not test it, but it seems like you can have one-way SSL on one port and two-way SSL on another port.
from standalone.xml (or domain.xml):
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
...
<connector name="one-way-https" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" socket-binding="one-way-https" enable-lookups="false" secure="true">
</connector>
<connector name="two-way-https" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" socket-binding="two-way-https" enable-lookups="false" secure="true">
<ssl name="two-way-ssl" key-alias="my-identity" password="${VAULT::Jboss_config::store_password::1}" certificate-key-file="../standalone/configuration/cert/JBoss_Identity.jks"/>
</connector>
...
</subsystem>
<socket-binding-group name="standard-sockets" ...>
...
<socket-binding name="one-way-https" port="8443"/>
<socket-binding name="two-way-https" port="8453"/>
...
</socket-binding-group>
If you will test it, please let me know is it solution or not, because in near future I have to do the same, just do not have a time right now to check it... Thanks.
BTW in <ssl> element you can define other than default Trust store and Key Store to use on that port. I hope it will work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.