« Return to Thread: SSL Inside a BPEL?
Re: SSL Inside a BPEL?
by Jason Baragry-2
::
Rate this Message:
AFAIK, the EJB should not be enforcing a transport level security option
if the communication is happening over the NMR.
However, as detailed in the 2nd link I sent, the JavaEE Service Engine
isn't like other engines. Its really a bridge between the JBI container
and the Web/EJB containers in Glassfish. That bridge makes use of HTTP
pieces in Glassfish to implement the JAX-WS pieces necessary to provide
and consume webservice interfaces. It may be that those pieces are
enforcing some SSL implementation that it shouldn't be in your scenario.
This is going beyond my knowledge of how the JavaEE SE is implemented. I
suggest you ask on users@openesb so that one of the engineers can comment.
rgds
Jason
jsexton0 wrote:
> I have seen those posts, and they are helpful, thanks. But that is what lead
> me to ask the question. I get the exception even though the EJB is in the
> same service assemble as the BPEL that call it. I did not expect that.
>
> Thanks
>
>
> Jason Baragry-2 wrote:
>
>> First, I think you will get more answers on the users@openesb mailing
>> list.
>>
>> OpenESB is a JBI compliant infrastructure. That means there is a
>> difference between Service Engines that provide functionality (like the
>> BPEL engine) and Binding Components that provide connectivity (like the
>> SOAP/HTTP BC).
>>
>> In this infrastructure, the BPEL engine does not talk directly to the
>> EJB, the communication goes via a SOAP/HTTP Binding Component. So if you
>> want to use SSL transport between BPEL and an EJB then you need to
>> configure SSL in the SOAP/HTTP BC that BPEL uses to communicate over the
>> wire to the EJB.
>>
>> See:
>> http://wiki.open-esb.java.net/Wiki.jsp?page=CommonUserScenariosForHTTPBindingComponent
>>
>> However, there is another issue you need to consider. If the BPEL
>> component and the EJB are included in the same service assembly
>> (composite application) then the infrastructure routes the communication
>> within the JVM - i.e., it doesn't go over the wire. In this case its not
>> possible to use SSL because there is no over-the-wire transport involved.
>>
>> This is partially described here:
>> http://blogs.sun.com/jason/entry/removing_the_default_soap_binding
>>
>> hth
>> Jason
>>
>> jsexton0 wrote:
>>
>>> Today I've been experimenting with SSL/HTTPS in Glassfish. I'm working
>>> with
>>> a BPEL that includes an invocation of an EJB. The BPEL and the EJB are
>>> deployed in the same SA. I changed the EJB to use HTTPS, which seemed to
>>> work. The invocation of the BPEL is through a normal HTTP SOAP request.
>>> When the BPEL comes to the invoke element to the now secure EJB WSDL, I
>>> get
>>> an exception:
>>>
>>> javax.xml.ws.soap.SOAPFaultException: Security Requirements not met - No
>>> Security header in message
>>>
>>> Is this normal? The BPEL can not invoke an EJB through HTTPS even
>>> internally, and even though the EJB is in the same SA?
>>>
>>> Thanks
>>>
>>>
>> --
>> <http://www.java.com> * Jason Baragry *
>> Senior Solution Architect
>> Software Practice
>> *Sun Microsystems, Inc.*
>> Central & Northern Europe
>> Phone x43697/+47-23-369 697
>> Mobile +47 4899 4603
>> Email Jason.Baragry@...
>> <http://www.java.com>
>>
>>
>>
>>
>
>
--
<http://www.java.com> * Jason Baragry *
Senior Solution Architect
Software Practice
*Sun Microsystems, Inc.*
Central & Northern Europe
Phone x43697/+47-23-369 697
Mobile +47 4899 4603
Email Jason.Baragry@...
<http://www.java.com>
« Return to Thread: SSL Inside a BPEL?
| Free embeddable forum powered by Nabble | Forum Help |
