Monthly Archives: July 2010

The EJB 3.1: IIOP/SSL

The Glassfish Application Server Configuration

I would like to give you an overview about my Glassfish Application Server setting for the EJB as the IIOP port is 3700, the IIOP port with SSL is 3820 and the IIOP port with mutual authentication is 3920. Please note it is a default configuration which is created when the Glassfish was installed. They can be changed via the web administration console. The default URL is http://localhost:4848

Create The EJB Application

It is just simple by implementing the HelloWorld EJB stateless session been by following the formal JavaEE Tutorial document. In our case, there are 3 HelloWorld EJB with the same coding, but different configured as following: –

1. The HelloWorld

2. The HelloWorldSSL

3. The HelloWorldSSLMutual

They are for the non-SSL, SSL and SSL with mutual authentication respectively.

To configure the SSL, the vendor specific ejb-jar.xml is required, in our case the sun-ejb-jar.xml is required since it is a Glassfish Application Server.

Configure The EJB for SSL

SSL

<enterprise-beans>

<ejb>

<ejb-name>HelloWorldSSL</ejb-name>

<ior-security-config>

<transport-config>

<integrity>required</integrity>

<confidentiality>required</confidentiality>

<establish-trust-in-target>supported</establish-trust-in-target>

<establish-trust-in-client>supported</establish-trust-in-client>

</transport-config>

<sas-context>

<caller-propagation>supported</caller-propagation>

</sas-context>

</ior-security-config>

</ejb>

</enterprise-beans>

SSL with Mutual Authentication

<enterprise-beans>

<ejb>

<ejb-name>HelloWorldSSLMutual</ejb-name>

<ior-security-config>

<transport-config>

<integrity>required</integrity>

<confidentiality>required</confidentiality>

<establish-trust-in-target>supported</establish-trust-in-target>

<establish-trust-in-client>required</establish-trust-in-client>

</transport-config>

<sas-context>

<caller-propagation>supported</caller-propagation>

</sas-context>

</ior-security-config>

</ejb>

</enterprise-beans>

Create The Standalone Client, POJO Project

Next we will create a standalone client, POJO project for looking up the EJB stateless session bean remotely by using the Context. Firstly this project should be set all minimum required jar files as following.

The Required jar files

If the Glassfish version 2.x is preferred

1. [gf_home]/lib/appserv-rt.jar

2. [gf_home]/lib/javaee.jar

3. The EJB module jar file

If the Glassfish version 3.x is preferred

1. [gf_home]/glassfish/modules/gf-client.jar

Please note, this jar file is like a proxy jar file which mentions other required jar file via the MANIFEST.MF. If you would like to run this project out of the Netbeans, you should put all mentioned required jar file into your class path. Trust me, please should run inside the Netbeans environment.

2. The EJB module jar file

The reason for putting the EJB module jar file is for ensuring the looked up EJB can be cast to the standalone client environment. If not you may face the ClassNotFoundException  or ClassCastException or. For overview the looked up object will be serialized and transferred from remote to the client via the RMI/IIOP and then it will be deserialized to the original object/interface.

The Example coding for looking up

System.setProperty(“javax.net.ssl.keyStore”, [keyStoreFileName]);

System.setProperty(“javax.net.ssl.keyStorePassword”,[keyStorePassword]);

System.setProperty(“javax.net.ssl.trustStore”,[trustStoreFileName]);

System.setProperty(“javax.net.ssl.trustStorePassword”,[trustStorePassword]);

Properties prop = new Properties();

prop.setProperty(“org.omg.CORBA.ORBInitialPort”,[IIOP_Port]);

prop.setProperty(“org.omg.CORBA.ORBInitialHost”,[Host_Name]);

Context ctx  = new InitialContext(prop);

Object obj = ctx.lookup([EJB_JNDI_NAME]);

System.out.println(“The looked up is: ” + obj.getClass().getName());

The Variable Explanation and Description

The SSL configuration

1. keyStoreFileName: The JKS keystore file name

2. keyStorePassword: The keystore password

3. trustStoreFileName: The JKS truststore file name

4. trustStorePassword: The truststore password

These will be required when the EJB has been configured to use the SSL or SSL with mutual authentication.

The IIOP Configuration

1.  IIOP_Port: The IIOP port, by default is 3700.

2.   Host_Name: The remote host name or IP address, by default is localhost

The Looking Up JNDI

1.  EJB_JNDI_NAME: The deployed and looked up EJB JNDI Name

Please take a very very big note, the IIOP_PORT is only the default IIOP port without any SSL. The system will automatically redirect the client application to the suitable port, SSL or SSL with mutual authentication.

Advertisements

The EJB 3.1: Singleton SessionBean

I was trying to find the standard way for initiating the global configuration for the EJB project as same it is done by using Servlet load-on-startup for the Web project. I finally found the following

The Class Annotation

@Singleton annotation which ensure the only on instance

@Startup annotation which ensure the loading will be done automatically when the container is being started.

The method annotation

@PostConstruct annotation which ensure it will be executed automatically after the instance has been initiated.

@PreDestroy annotation which ensure it will be executed automatically before the instance has been destroyed.

Please note, It is a session bean with no interface view and can be easily looked up via the JNDI or @EJB annotation as well. This approach is nice for me to load/unload my global configuration and hope it may be nice for you, too.

%d bloggers like this: