01: /*
02: * Copyright (C) The MX4J Contributors.
03: * All rights reserved.
04: *
05: * This software is distributed under the terms of the MX4J License version 1.0.
06: * See the terms of the MX4J License in the documentation provided with this software.
07: */
08:
09: package mx4j.examples.remote.rmi.ssl;
10:
11: import javax.management.MBeanServerConnection;
12: import javax.management.MBeanServerDelegateMBean;
13: import javax.management.MBeanServerInvocationHandler;
14: import javax.management.ObjectName;
15: import javax.management.remote.JMXConnector;
16: import javax.management.remote.JMXConnectorFactory;
17: import javax.management.remote.JMXServiceURL;
18:
19: /**
20: * This example shows how to connect to a JSR 160 RMIConnectorServer over SSL. <br />
21: * An RMI client that has been setup to use SSL must know the X509 certificate
22: * corrispondent to the private key used by the server to encrypt the communication.
23: * This X509 certificate is usually distributed by the server to the clients, that should
24: * import it into a 'trust store'.
25: * This trust store can be the JDK's one ($JRE_HOME/lib/security/cacerts) or a custom one.
26: * In both cases the import operation can be achieved by using JDK's keytool utility.
27: * Here is the command to create a custom trust store containing the X509 certificate
28: * from a certificate file 'myserver.cer' distributed by the server:
29: * <pre>
30: * keytool -import -v -file myserver.cer -storepass storepwd -keystore trust.store -noprompt
31: * </pre>
32: * When using a custom trust store, the system property <b><code>javax.net.ssl.trustStore<code></b>
33: * must point to the file path of the trust store. <br />
34: * If instead the X509 certificate has been imported into the JDK's default trust store,
35: * then it is not necessary to specify the <b><code>javax.net.ssl.trustStore<code></b> system
36: * property. <br /> <br />
37: * This example is meant to show the usage of the JSR 160 API: it is not an example of how to
38: * setup a secure environment. <br />
39: * Please refer to the JDK documentation about usage of keytool, to the JCE and JSSE documentation
40: * and to a good book on Java security before porting these examples to a real environment that
41: * must be secured.
42: * You know what I mean :-)
43: *
44: * @version $Revision: 1.1 $
45: */
46: public class Client {
47: public static void main(String[] args) throws Exception {
48: // The RMI server's host: this is actually ignored by JSR 160
49: // since this information is stored in the RMI stub.
50: String serverHost = "localhost";
51:
52: // The host where the rmiregistry runs.
53: String namingHost = "localhost";
54:
55: String jndiPath = "/ssljmxconnector";
56: JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://"
57: + serverHost + "/jndi/rmi://" + namingHost + jndiPath);
58: JMXConnector connector = JMXConnectorFactory.connect(url);
59: MBeanServerConnection connection = connector
60: .getMBeanServerConnection();
61:
62: // Call the server side
63: ObjectName delegateName = ObjectName
64: .getInstance("JMImplementation:type=MBeanServerDelegate");
65: Object proxy = MBeanServerInvocationHandler.newProxyInstance(
66: connection, delegateName,
67: MBeanServerDelegateMBean.class, true);
68: MBeanServerDelegateMBean delegate = (MBeanServerDelegateMBean) proxy;
69:
70: System.out.println(delegate.getImplementationVendor()
71: + " is cool !");
72: }
73: }
|