Thread: do XA connections support SSL?

Hi,

in short: is SSL supported in combination with XA?

Some background:
I'm using the PosgreSQL jdbc driver (postgresql-8.1-404.jdbc3.jar) to
connect to PostgreSQL 8.1.3 in JBoss 4.0.3SP1. I'm using the XA
functionality (2PC in fact) to perform distributed transactions over 3
DBs. So I'm using XA Datasources in JBoss.

I would like the connections to be encrypted with SSL. I know this is
works for non-XA connections when the JDBC driver is used:
org.postgresql.Driver. In my XA Datasource descriptor I need to use
org.postgresql.xa.PGXADataSource This class, nor its subclass contain
any ssl property to set.

If SSL is not supported, I will need to use stunnel to encrypt the
connections. Can anybody confirm?

Thanks & best regards,
Stefan

On Wed, 5 Apr 2006, Stefan Verkoyen wrote:

> in short: is SSL supported in combination with XA?
>

Our current datasource implementations don't offer all of the options that
can be supplied via URL parameters.  There's no reason for this other
than programmer laziness, so while at the moment ssl is not supported
there is no fundamental reason it can't be.

Kris Jurka

Kris,

thanks for your comments. I decided to try to patch the XA datasource
code. Luckily the datasource relies heavily on the pgjdbc driver which
already supports SSL. I'm no pgjdbc expert so I might have done
something wrong. In any case, the patch below works for me.  I post it
here for anyone looking for XA with SSL support.

In the XA datasource descriptor you'll have to add:
<xa-datasource-property name="Ssl">true</xa-datasource-property>

Best regards,
Stefan

--- BaseDataSource.java    Thu Apr 06 09:54:43 2006
+++ BaseDataSource.patched.java    Thu Apr 06 09:51:39 2006
@@ -47,6 +47,7 @@
     private String databaseName;
     private String user;
     private String password;
+    private boolean ssl = false;
     private int portNumber;
     private int prepareThreshold;
     private int loginTimeout; // in seconds
@@ -262,13 +263,28 @@
     }

     /**
+     * Is SSL enabled?
+     */
+    public String isSsl() {
+        return ""+ssl;
+    }
+
+    /**
+     * Enable or disable SSL.
+     * @param ssl enable or disable SSL.
+     */
+    public void setSsl(String ssl) {
+        this.ssl = Boolean.valueOf(ssl).booleanValue();
+    }
+
+    /**
      * Generates a DriverManager URL from the other properties supplied.
      */
     private String getUrl()
     {
         return
             "jdbc:postgresql://" + serverName + (portNumber == 0 ? "" :
":" + portNumber) + "/" + databaseName +
-            "?loginTimeout=" + loginTimeout + "&prepareThreshold=" +
prepareThreshold;
+            "?loginTimeout=" + loginTimeout + "&prepareThreshold=" +
prepareThreshold + (ssl?"&ssl=true":"");
     }

     /**
@@ -301,6 +317,7 @@

         ref.add(new StringRefAddr("prepareThreshold",
Integer.toString(prepareThreshold)));
         ref.add(new StringRefAddr("loginTimeout",
Integer.toString(loginTimeout)));
+        ref.add(new StringRefAddr("ssl", Boolean.toString(ssl)));
         return ref;
     }

@@ -313,6 +330,7 @@
         out.writeInt(portNumber);
         out.writeInt(prepareThreshold);
         out.writeInt(loginTimeout);
+        out.writeBoolean(ssl);
     }

     protected void readBaseObject(ObjectInputStream in) throws
IOException, ClassNotFoundException
@@ -324,6 +342,7 @@
         portNumber = in.readInt();
         prepareThreshold = in.readInt();
         loginTimeout = in.readInt();
+        ssl = in.readBoolean();
     }

 }