The EJB 3.1: IIOP/SSL

The Glassfish Application Server Configuration

I would like to give you an overview about my Glassfish Application Server setting for the EJB as the IIOP port is 3700, the IIOP port with SSL is 3820 and the IIOP port with mutual authentication is 3920. Please note it is a default configuration which is created when the Glassfish was installed. They can be changed via the web administration console. The default URL is http://localhost:4848

Create The EJB Application

It is just simple by implementing the HelloWorld EJB stateless session been by following the formal JavaEE Tutorial document. In our case, there are 3 HelloWorld EJB with the same coding, but different configured as following: –

1. The HelloWorld

2. The HelloWorldSSL

3. The HelloWorldSSLMutual

They are for the non-SSL, SSL and SSL with mutual authentication respectively.

To configure the SSL, the vendor specific ejb-jar.xml is required, in our case the sun-ejb-jar.xml is required since it is a Glassfish Application Server.

Configure The EJB for SSL

SSL

<enterprise-beans>

<ejb>

<ejb-name>HelloWorldSSL</ejb-name>

<ior-security-config>

<transport-config>

<integrity>required</integrity>

<confidentiality>required</confidentiality>

<establish-trust-in-target>supported</establish-trust-in-target>

<establish-trust-in-client>supported</establish-trust-in-client>

</transport-config>

<sas-context>

<caller-propagation>supported</caller-propagation>

</sas-context>

</ior-security-config>

</ejb>

</enterprise-beans>

SSL with Mutual Authentication

<enterprise-beans>

<ejb>

<ejb-name>HelloWorldSSLMutual</ejb-name>

<ior-security-config>

<transport-config>

<integrity>required</integrity>

<confidentiality>required</confidentiality>

<establish-trust-in-target>supported</establish-trust-in-target>

<establish-trust-in-client>required</establish-trust-in-client>

</transport-config>

<sas-context>

<caller-propagation>supported</caller-propagation>

</sas-context>

</ior-security-config>

</ejb>

</enterprise-beans>

Create The Standalone Client, POJO Project

Next we will create a standalone client, POJO project for looking up the EJB stateless session bean remotely by using the Context. Firstly this project should be set all minimum required jar files as following.

The Required jar files

If the Glassfish version 2.x is preferred

1. [gf_home]/lib/appserv-rt.jar

2. [gf_home]/lib/javaee.jar

3. The EJB module jar file

If the Glassfish version 3.x is preferred

1. [gf_home]/glassfish/modules/gf-client.jar

Please note, this jar file is like a proxy jar file which mentions other required jar file via the MANIFEST.MF. If you would like to run this project out of the Netbeans, you should put all mentioned required jar file into your class path. Trust me, please should run inside the Netbeans environment.

2. The EJB module jar file

The reason for putting the EJB module jar file is for ensuring the looked up EJB can be cast to the standalone client environment. If not you may face the ClassNotFoundException  or ClassCastException or. For overview the looked up object will be serialized and transferred from remote to the client via the RMI/IIOP and then it will be deserialized to the original object/interface.

The Example coding for looking up

System.setProperty(“javax.net.ssl.keyStore”, [keyStoreFileName]);

System.setProperty(“javax.net.ssl.keyStorePassword”,[keyStorePassword]);

System.setProperty(“javax.net.ssl.trustStore”,[trustStoreFileName]);

System.setProperty(“javax.net.ssl.trustStorePassword”,[trustStorePassword]);

Properties prop = new Properties();

prop.setProperty(“org.omg.CORBA.ORBInitialPort”,[IIOP_Port]);

prop.setProperty(“org.omg.CORBA.ORBInitialHost”,[Host_Name]);

Context ctx  = new InitialContext(prop);

Object obj = ctx.lookup([EJB_JNDI_NAME]);

System.out.println(“The looked up is: ” + obj.getClass().getName());

The Variable Explanation and Description

The SSL configuration

1. keyStoreFileName: The JKS keystore file name

2. keyStorePassword: The keystore password

3. trustStoreFileName: The JKS truststore file name

4. trustStorePassword: The truststore password

These will be required when the EJB has been configured to use the SSL or SSL with mutual authentication.

The IIOP Configuration

1.  IIOP_Port: The IIOP port, by default is 3700.

2.   Host_Name: The remote host name or IP address, by default is localhost

The Looking Up JNDI

1.  EJB_JNDI_NAME: The deployed and looked up EJB JNDI Name

Please take a very very big note, the IIOP_PORT is only the default IIOP port without any SSL. The system will automatically redirect the client application to the suitable port, SSL or SSL with mutual authentication.

About Charlee Chitsuk

I've been working as a software developer since 1998. At the moment I focus on system integration including with SOA and Enterprise Security Solution.

Posted on July 27, 2010, in EJB, SSL and tagged , . Bookmark the permalink. 5 Comments.

  1. Excellent post, but I can not get it to work. May be I need to do some other things
    Can you upload an netbeans example ear project?

  2. Hi Manuel,

    Sorry to said that I don’t have it on hand anymore.

    Anyhow, could you please post the trouble which you’ve faced? I will try my best.

  3. I found the problem… The problem was with the keystore and truststore files.
    Thank you !

  4. Hello, Charlee Chitsuk. I apply to as as expert in glassfish SSL. Could you take a look at this question (I don’t write it here as not dublicate): http://stackoverflow.com/questions/23918201/glassfish-4-ssl-client-connection-failure-sockettype-ssl-hostname-127-0

  1. Pingback: 2010 in review « Charlee Ch. Blog

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: