users@glassfish.java.net

Call Remote EJB over SSL from WebClient

From: <glassfish_at_javadesktop.org>
Date: Sun, 18 Jul 2010 04:15:46 PDT

Hi Folks,

I have two different Glassfish Server instances running, one of v2 the other is v3.
On the v2 server runs an EJB offering a Remote interface. This EJB is secured via SSL, i. e. the deployment descriptor sun-ejb-jar contains the following lines:

<ejb>
      <ejb-name>CtrBean</ejb-name>
      <jndi-name>ejb/CtrRemote</jndi-name>
      <ior-security-config>
        <transport-config>
          <integrity>required</integrity>
          <confidentiality>required</confidentiality>
          <establish-trust-in-target>supported</establish-trust-in-target>
          <establish-trust-in-client>required</establish-trust-in-client>
        </transport-config>
        <sas-context>
          <caller-propagation>supported</caller-propagation>
        </sas-context>
      </ior-security-config>
    </ejb>

On the v2 server the standard IIOP listeners are active, i. e. the unsecured listener on port 3700, the SSL listener on port 3820 and the mutual authentication SSL listener on port 3920.

My aim is to call the Remote EJB using mutual authentication over SSL from a web applicaton (war) running on the v3 server. If I call the EJB over the unsecured port 3700 (without the above-mentioned deployment descriptor lines) everything works fine.
But when I try to call the EJB over the port 3920 it doesn't work. The web client uses the following annotation:
@EJB(mappedName="corbaname:iiop:localhost:3920#ejb/CtrRemote")
I get the following error message:

com.sun.faces.mgbean.ManagedBeanCreationException: Bei der Ressourcen-Einspeisung auf dem verwalteten Bean SessionBeanGeneral ist ein Fehler aufgetreten.
        at com.sun.faces.mgbean.BeanBuilder.injectResources(BeanBuilder.java:211)
        at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:103)
        at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:405)
        at com.sun.faces.mgbean.BeanManager.create(BeanManager.java:267)
        at com.sun.faces.el.ManagedBeanELResolver.getValue(ManagedBeanELResolver.java:86)
        at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:175)
        at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
        at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:99)
        at com.sun.el.parser.AstValue.getValue(AstValue.java:158)
        at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
        at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:71)
        at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:102)
        at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:190)
        at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:178)
        at javax.faces.component.UIOutput.getValue(UIOutput.java:168)
        at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:205)
        at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:338)
        at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:164)
        at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:878)
        at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1620)
        at javax.faces.render.Renderer.encodeChildren(Renderer.java:168)
        at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:848)
        at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1613)
        at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1616)
        at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1616)
        at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:380)
        at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:126)
        at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:273)
        at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:127)
        at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
        at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:313)
        at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
        at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
        at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
        at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:325)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:226)
        at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
        at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
        at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
        at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
        at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
        at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
        at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
        at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
        at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
        at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
        at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
        at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
        at java.lang.Thread.run(Thread.java:619)
Caused by: com.sun.faces.spi.InjectionProviderException: com.sun.enterprise.container.common.spi.util.InjectionException: Exception attempting to inject Remote ejb-ref name=psiCtrBeanEjb,Remote 3.x interface =ems.ebs.control.PsiCtrRemote,ejb-link=null,lookup=null,mappedName=,jndi-name=corbaname:iiop:localhost:3920#ems.ebs.control.PsiCtrRemote,refType=Session into class psigui.control.SessionBeanGeneral
        at org.glassfish.faces.integration.GlassFishInjectionProvider.inject(GlassFishInjectionProvider.java:98)
        at com.sun.faces.mgbean.BeanBuilder.injectResources(BeanBuilder.java:205)
        ... 55 more
Caused by: com.sun.enterprise.container.common.spi.util.InjectionException: Exception attempting to inject Remote ejb-ref name=psiCtrBeanEjb,Remote 3.x interface =ems.ebs.control.PsiCtrRemote,ejb-link=null,lookup=null,mappedName=,jndi-name=corbaname:iiop:localhost:3920#ems.ebs.control.PsiCtrRemote,refType=Session into class psigui.control.SessionBeanGeneral
        at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl._inject(InjectionManagerImpl.java:614)
        at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.inject(InjectionManagerImpl.java:384)
        at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.injectInstance(InjectionManagerImpl.java:168)
        at org.glassfish.faces.integration.GlassFishInjectionProvider.inject(GlassFishInjectionProvider.java:94)
        ... 56 more
Caused by: javax.naming.NamingException: Lookup failed for 'java:comp/env/psiCtrBeanEjb' in SerialContext [Root exception is javax.naming.NamingException: Exception resolving Ejb for 'Remote ejb-ref name=psiCtrBeanEjb,Remote 3.x interface =ems.ebs.control.PsiCtrRemote,ejb-link=null,lookup=null,mappedName=,jndi-name=corbaname:iiop:localhost:3920#ems.ebs.control.PsiCtrRemote,refType=Session' . Actual (possibly internal) Remote JNDI name used for lookup is 'corbaname:iiop:localhost:3920#ems.ebs.control.PsiCtrRemote__3_x_Internal_RemoteBusinessHome__' [Root exception is org.omg.CORBA.BAD_PARAM: vmcid: OMG minor code: 9 completed: No]]
        at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:442)
        at javax.naming.InitialContext.lookup(InitialContext.java:392)
        at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl._inject(InjectionManagerImpl.java:513)
        ... 59 more
Caused by: javax.naming.NamingException: Exception resolving Ejb for 'Remote ejb-ref name=psiCtrBeanEjb,Remote 3.x interface =ems.ebs.control.PsiCtrRemote,ejb-link=null,lookup=null,mappedName=,jndi-name=corbaname:iiop:localhost:3920#ems.ebs.control.PsiCtrRemote,refType=Session' . Actual (possibly internal) Remote JNDI name used for lookup is 'corbaname:iiop:localhost:3920#ems.ebs.control.PsiCtrRemote__3_x_Internal_RemoteBusinessHome__' [Root exception is org.omg.CORBA.BAD_PARAM: vmcid: OMG minor code: 9 completed: No]
        at com.sun.ejb.EjbNamingReferenceManagerImpl.resolveEjbReference(EjbNamingReferenceManagerImpl.java:174)
        at com.sun.enterprise.container.common.impl.ComponentEnvManagerImpl$EjbReferenceProxy.create(ComponentEnvManagerImpl.java:1040)
        at com.sun.enterprise.naming.impl.GlassfishNamingManagerImpl.lookup(GlassfishNamingManagerImpl.java:688)
        at com.sun.enterprise.naming.impl.GlassfishNamingManagerImpl.lookup(GlassfishNamingManagerImpl.java:657)
        at com.sun.enterprise.naming.impl.JavaURLContext.lookup(JavaURLContext.java:148)
        at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:428)



I adde the s1as key of the v2 server to the truststore of the v3 server and vice versa, so the key setup should be correctly in place.

How can I tell the v3 server or the web app to use SSL when calling the EJB?
There are a lot of tutorials out there dealing with access from a application client or standalone client to a SSL secured EJB, but I didn't found anything in respect of web clients.

Please help, I try to solve this problem for over a week now and don't get any step further...

Thanks in advance,
Martin
[Message sent by forum member 'martyj']

http://forums.java.net/jive/thread.jspa?messageID=477890