3 Replies Latest reply on May 5, 2005 2:13 PM by Kabir Khan

    Enabling SSL

    Florian Fray Newbie

      Hi folks!

      Does anybody know whether an ejb3 application can be configured
      so that an invoker can use SSL?
      In normal EJB projects this can be achieved by defining alternate
      invoker-bindings.
      Is that possible in ejb3, too?
      How can this be solved?

      Kind regards

      FF

        • 1. Re: Enabling SSL
          Kabir Khan Master

          SSL is not supported yet in the underlying JBoss Remoting framework that takes care of handling the transport aspects.

          It should be available in the next preview release. To give you an idea of how it will work take a look at:
          http://docs.jboss.org/ejb3/tutorial/jndibinding/jndi.html

          The RemoteBinding annotation type contains a clientBindUrl attribute. I believe that once SSL is supported it will simply be a case of configuring a new Connector in ejb3.deployer/META-INF/jboss-service.xml, and annotating your bean with RemoteBinding with the correct clientBindUrl.

          • 2. Re: Enabling SSL
            Florian Fray Newbie

            Thanks for the info, Kabir!

            Do you know whether how many connectors can
            be specified for a bean?
            I am thinking of a configuration presenting
            beans over SSL and over normal sockets
            on another port for being used securely over
            the internet and from the internal network and/or
            VPN.
            Will such a config be possible?

            FF

            PS I already knew the RemoteBinding annotation,
            but the docs are slightly incomplete.
            So the use of some annotations is a bit unclear to
            me. I think the fog will clear when we get closer
            to a release version of ejb3 ;-)

            • 3. Re: Enabling SSL
              Kabir Khan Master

              Connectors are specified per server, and you can specify as many as you like.

              You can use @RemoteBindings as follows:

              @RemoteBindings({
               @RemoteBinding(jndiName="secureMyBean", clientBindUrl="sslsocket:0.0.0.0:1234"),
               @RemoteBinding(jndiName="notsecureMyBean", clientBindUrl="socket:0.0.0.0:1235")})
              public class MyBean implements MyRemote
              {
              }
              

              So you can have as many @RemoteBinding's set up as you like, and if you use clientBindUrl it must match the InvokerLocator of one of the Connector entries.

              The remoting lead reckons he should have support for SSL over the next few days, so if you are happy to work from cvs head you should be able to have a play next week.

              I guess we have just documented what works already ;-)