0 Replies Latest reply on Jan 18, 2011 5:24 AM by Emil Nilimaa

    http still works when transportGuarantee is CONFIDENTIAL

    Emil Nilimaa Newbie

      We have an EJB3 deployed as following:

       

      {code}

      @Stateless

      @WebService(endpointInterface = "mystuff.ejb.system.SystemEJBRemote")

      @Remote(SystemEJBRemote.class)

       

      @WebContext

      (

        contextRoot="/jboss-app-server",

        transportGuarantee="CONFIDENTIAL",

        secureWSDLAccess=false

      )

      @RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="SystemEJB")

      {code}

       

       


      In our deploy/jbossweb.sar/server.xml we have:

      {code:xml}

      <!-- A HTTP/1.1 Connector on port 8080 -->

            <Connector protocol="HTTP/1.1" port="80" address="${jboss.bind.address}"

                     connectionTimeout="20000" redirectPort="${web.ssl.port}" />

       

       

            <!-- Add this option to the connector to avoid problems with

                .NET clients that don't implement HTTP/1.1 correctly

               restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"

            -->

       

            <!-- A AJP 1.3 Connector on port 8009 -->

            <Connector protocol="AJP/1.3" port="${ajp.connector.port}" address="${jboss.bind.address}"

               redirectPort="${web.ssl.port}" packetSize="20000" />

       

       

            <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->

            <Connector protocol="HTTP/1.1" SSLEnabled="true"

                 port="${web.ssl.port}" address="${jboss.bind.address}"

                 scheme="https" secure="true" clientAuth="false"

                 keystoreFile="${jboss.server.home.dir}/conf/mykey.keystore"

                 keystorePass="${javax.net.ssl.keyStorePassword}" sslProtocol = "TLS"

                   />

      {code}

       

      Now if we do not use the connector for port 80 above only https will work. But if we turn on the port 80 connector to allow other webpages to use http, the deployed EJB also seems to work with http over jbossws... Why is this? Is it not meant to REQUIRE confidential (ssl) to connect to it when we have specified the transportGuarantee as CONFIDENTIAL?

       

      How can we fix this? We want the EJB to only be available with https (ssl) but let other pages