aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes EJB Client over SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "EJB Client over SSL" Watch "EJB Client over SSL" New topic
Author

EJB Client over SSL

Xi Hang
Greenhorn

Joined: Dec 02, 2001
Posts: 5
I'm stuck in a scenario to use EJB Client over SSL.
Usually, EJB Client is within LAN and RMI is the protocol to communication to EJB container.
For some reason, EJB client is required outside of the firewall and the firewall is configured to allow such communication. How should EJB container and EJB client configured so that EJB client communicates with EJB container over SSL?
Could someone give some comment on this scenario?(or some links to this topic)
Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16308
    
  22

That's a good one! I've never seen that issue before, since in the world at large, EJBs in Internet clients are impractical - they get blocked by firewalls - if not on the server side, then on the client side.
It's going to be some work, I know that much - both the client and server machines would require components for RMI tunnelling through SSL, including their own TCP/IP port.
SSL isn't the only, or maybe even the best way to secure your traffic. You might also checkout TLS. Also, as I understand it, IPv6 is may provide generally secure transmissions in a transparent manner - if the world ever switches over!


Customer surveys are for companies who didn't pay proper attention to begin with.
Siddharth Malani
Greenhorn

Joined: Feb 01, 2002
Posts: 2
Hi there,
You will need to configure the firewalls to allow access. For https its 443, but as far as this is concerned it will be AS specific.
Do visit this link for RMI over SSL and you may not have to do more than this.
http://java.sun.com/products/jdk/1.2/docs/guide/rmi/rmisocketfactory.doc.html
Regards
Sid
Xi Hang
Greenhorn

Joined: Dec 02, 2001
Posts: 5
Tim, Siddharth: Thanks for your comment.
I'd like to add something I just find:
In J2EE Blue Print(http://java.sun.com/blueprints/guidelines/designing_enterprise_applications/security/protecting_messages/index.html), regarding Integrity Mechanisms, it says :

Quote
In the J2EE architecture,....A Deployer must configure the containers involved in a call to implement integrity mechanisms. .... When integrity mechanisms are configured by the Deployer, the calling container must compute and attach a message signature to the call request, and verify the correspondence between the call response and the message signature attached to the call response. The called container must verify the correspondence between the call request and the attached message signature, and compute and attach a message signature to the call response.
Unquote
So, EJB container should be configurable to accept EJC client calls over SSL(RMI over SSL).
I could easily find codes sample from a client side that initiates JDNI lookup from a secured socket. But how is the EJB container side configured to accept incoming calls over SSL?
WebLogic has a IIOP Listener/Handler which can be configured to accept IIOP over SSL.
(http://edocs.bea.com/wle/wle50/security/concepts.htm#1039095).
Oracle 9i has something similar
(http://download-west.oracle.com/otndoc/oracle9i/901_doc/java.901/a90188/secure.htm#1011903)
Does this mean EJB container can be configured to accept client calls over SSL?
Please clarify it!
Thanks
Xi Hang
Greenhorn

Joined: Dec 02, 2001
Posts: 5
One other possible solution is HTTPS tunneling.
But, how much does it slows down the response time?
Thanks
Kyle Brown
author
Ranch Hand

Joined: Aug 10, 2001
Posts: 3892
    
    5
With WebSphere all you have to do is turn on Security and all IIOP traffic is automatically done over SSL. You have to flip a configuration switch to turn it off, in fact...
Kyle


Kyle Brown, Author of Persistence in the Enterprise and Enterprise Java Programming with IBM Websphere, 2nd Edition
See my homepage at http://www.kyle-brown.com/ for other WebSphere information.
Thomas Paul
mister krabs
Ranch Hand

Joined: May 05, 2000
Posts: 13974
WebLogic also can make all traffic secure. But performance absolutely stinks.


Associate Instructor - Hofstra University
Amazon Top 750 reviewer - Blog - Unresolved References - Book Review Blog
Kyle Brown
author
Ranch Hand

Joined: Aug 10, 2001
Posts: 3892
    
    5
Really, by how much? We've seen about a 10-15% overall performance degradation when you turn SSL on in WebSphere...
Kyle
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: EJB Client over SSL