• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

EJB Client over SSL

 
Xi Hang
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm stuck in a scenario to use EJB Client over SSL.
Usually, EJB Client is within LAN and RMI is the protocol to communication to EJB container.
For some reason, EJB client is required outside of the firewall and the firewall is configured to allow such communication. How should EJB container and EJB client configured so that EJB client communicates with EJB container over SSL?
Could someone give some comment on this scenario?(or some links to this topic)
Thanks
 
Tim Holloway
Saloon Keeper
Posts: 18304
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's a good one! I've never seen that issue before, since in the world at large, EJBs in Internet clients are impractical - they get blocked by firewalls - if not on the server side, then on the client side.
It's going to be some work, I know that much - both the client and server machines would require components for RMI tunnelling through SSL, including their own TCP/IP port.
SSL isn't the only, or maybe even the best way to secure your traffic. You might also checkout TLS. Also, as I understand it, IPv6 is may provide generally secure transmissions in a transparent manner - if the world ever switches over!
 
Siddharth Malani
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,
You will need to configure the firewalls to allow access. For https its 443, but as far as this is concerned it will be AS specific.
Do visit this link for RMI over SSL and you may not have to do more than this.
http://java.sun.com/products/jdk/1.2/docs/guide/rmi/rmisocketfactory.doc.html
Regards
Sid
 
Xi Hang
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim, Siddharth: Thanks for your comment.
I'd like to add something I just find:
In J2EE Blue Print(http://java.sun.com/blueprints/guidelines/designing_enterprise_applications/security/protecting_messages/index.html), regarding Integrity Mechanisms, it says :

Quote
In the J2EE architecture,....A Deployer must configure the containers involved in a call to implement integrity mechanisms. .... When integrity mechanisms are configured by the Deployer, the calling container must compute and attach a message signature to the call request, and verify the correspondence between the call response and the message signature attached to the call response. The called container must verify the correspondence between the call request and the attached message signature, and compute and attach a message signature to the call response.
Unquote
So, EJB container should be configurable to accept EJC client calls over SSL(RMI over SSL).
I could easily find codes sample from a client side that initiates JDNI lookup from a secured socket. But how is the EJB container side configured to accept incoming calls over SSL?
WebLogic has a IIOP Listener/Handler which can be configured to accept IIOP over SSL.
(http://edocs.bea.com/wle/wle50/security/concepts.htm#1039095).
Oracle 9i has something similar
(http://download-west.oracle.com/otndoc/oracle9i/901_doc/java.901/a90188/secure.htm#1011903)
Does this mean EJB container can be configured to accept client calls over SSL?
Please clarify it!
Thanks
 
Xi Hang
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One other possible solution is HTTPS tunneling.
But, how much does it slows down the response time?
Thanks
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With WebSphere all you have to do is turn on Security and all IIOP traffic is automatically done over SSL. You have to flip a configuration switch to turn it off, in fact...
Kyle
 
Thomas Paul
mister krabs
Ranch Hand
Posts: 13974
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
WebLogic also can make all traffic secure. But performance absolutely stinks.
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Really, by how much? We've seen about a 10-15% overall performance degradation when you turn SSL on in WebSphere...
Kyle
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic