tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <david.blev...@visi.com>
Subject Re: OpenEJB Client with secure socket / SSL
Date Thu, 06 Mar 2008 01:09:54 GMT

On Mar 5, 2008, at 3:45 PM, Dain Sundstrom wrote:

> If weilu switched to the ejbd over http, can't he secure the  
> communication using the web container's https implementation?

That might work, but it'd take some hacking.

You'd need to add a servlet like this:

   import org.apache.openejb.loader.SystemInstance;
   import org.apache.openejb.server.ServiceException;
   import org.apache.openejb.server.ejbd.EjbServer;

   import javax.servlet.ServletConfig;
   import javax.servlet.ServletException;
   import javax.servlet.ServletInputStream;
   import javax.servlet.ServletOutputStream;
   import javax.servlet.http.HttpServlet;
   import javax.servlet.http.HttpServletRequest;
   import javax.servlet.http.HttpServletResponse;
   import java.io.IOException;

   public class ServerServlet extends HttpServlet {
       private EjbServer ejbServer;

       public void init(ServletConfig config) {
           ejbServer =  
SystemInstance.get().getComponent(EjbServer.class);
       }

       protected void service(HttpServletRequest request,  
HttpServletResponse response) throws ServletException, IOException {
           ServletInputStream in = request.getInputStream();
           ServletOutputStream out = response.getOutputStream();
           try {
               ejbServer.service(in, out);
           } catch (ServiceException e) {
               throw new ServletException("ServerService error: " +  
ejbServer.getClass().getName() + " -- " + e.getMessage(), e);
           }
       }
   }


Then set the servlet up to run over https.  Don't try and restrict the  
servlet to a specific user as the ejb login happens inside the  
ejbServer.service(..) call.

Finally, in your client code do this to get your InitialContext

   // we can detect urls of "http:" but it seems we don't yet check  
for "https:" so
   // installing this factory explicitly will get around that.
   org.apache.openejb.client.ConnectionManager.setFactory(new  
org.apache.openejb.client.HttpConnectionFactory());

   Properties p = new Properties();
   p.put("java.naming.factory.initial",  
"org.openejb.client.RemoteInitialContextFactory");
   p.put("java.naming.provider.url", "https://youhost:port/pathToTheServerServlet 
");
   // can add security related properties too

   InitialContext ctx = new InitialContext(p);


Not pretty, but it would work.  If it works out, we'll try and make  
the setup easier for the next release.  I've already updated trunk so  
you won't need the ConnectionManager.setFactory call.

-David


Mime
View raw message