Monday Jan 31, 2011

Secure Communication between Web-app and EJB3.x in GlassFish

This post describes how one could make secure calls to an EJB (3.x) from a web application using SSL or MUTUAL_SSL, even when the web-app and the EJB are running on GlassFish instances in different host machines.

Wth the following <ior-security-config> in the EJB (glassfish-ejb-jar.xml), SSL is forced by the EJB.

  <ior-security-config>
                <transport-config>
<integrity>
                        required
                    </integrity>
                    <confidentiality>
                        required
                    </confidentiality>

                    <establish-trust-in-target>SUPPORTED</establish-trust-in-target>
                    <establish-trust-in-client>REQUIRED</establish-trust-in-client>

               </transport-config>
                <sas-context>
          <caller-propagation>supported</caller-propagation>
        </sas-context>
       </ior-security-config>


With the following annotation in the servlet:

    @EJB(name="secureejbref")
   private SecureEjbRemote secureRemote;

and the following element in glassfish-web.xml, the client (servlet) is forced to contact the Ejb securely (using the MUTUAL_SSL ORB port 3820)

  <ejb-ref>
    <ejb-ref-name>secureejbref</ejb-ref-name>
 <jndi-name>corbaname:iiop:<host in which EJB is deployed>:3820#SecureEjbBean</jndi-name>
  </ejb-ref>


With the following jvm-option added to the domain.xml of the host in which the web-app is deployed,

  <jvm-options>-Dcom.sun.CSIV2.ssl.standalone.client.required=true</jvm-options>

secure communication happens between the servlet and the EJB for the name service lookup (before the EJB create call)


About

nitkal

Search

Categories
Archives
« January 2011
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
26
28
29
30
     
Today
Bookmarks