SSL Inside a BPEL?
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
SSL Inside a BPEL?
by jsexton0
::
Rate this Message:
Today I've been experimenting with SSL/HTTPS in Glassfish. I'm working with a BPEL that includes an invocation of an EJB. The BPEL and the EJB are deployed in the same SA. I changed the EJB to use HTTPS, which seemed to work. The invocation of the BPEL is through a normal HTTP SOAP request. When the BPEL comes to the invoke element to the now secure EJB WSDL, I get an exception:
javax.xml.ws.soap.SOAPFaultException: Security Requirements not met - No Security header in message Is this normal? The BPEL can not invoke an EJB through HTTPS even internally, and even though the EJB is in the same SA? Thanks |
|
|
Re: SSL Inside a BPEL?
by Jason Baragry-2
::
Rate this Message:
First, I think you will get more answers on the users@openesb mailing list.
OpenESB is a JBI compliant infrastructure. That means there is a difference between Service Engines that provide functionality (like the BPEL engine) and Binding Components that provide connectivity (like the SOAP/HTTP BC). In this infrastructure, the BPEL engine does not talk directly to the EJB, the communication goes via a SOAP/HTTP Binding Component. So if you want to use SSL transport between BPEL and an EJB then you need to configure SSL in the SOAP/HTTP BC that BPEL uses to communicate over the wire to the EJB. See: http://wiki.open-esb.java.net/Wiki.jsp?page=CommonUserScenariosForHTTPBindingComponent However, there is another issue you need to consider. If the BPEL component and the EJB are included in the same service assembly (composite application) then the infrastructure routes the communication within the JVM - i.e., it doesn't go over the wire. In this case its not possible to use SSL because there is no over-the-wire transport involved. This is partially described here: http://blogs.sun.com/jason/entry/removing_the_default_soap_binding hth Jason jsexton0 wrote: > Today I've been experimenting with SSL/HTTPS in Glassfish. I'm working with > a BPEL that includes an invocation of an EJB. The BPEL and the EJB are > deployed in the same SA. I changed the EJB to use HTTPS, which seemed to > work. The invocation of the BPEL is through a normal HTTP SOAP request. > When the BPEL comes to the invoke element to the now secure EJB WSDL, I get > an exception: > > javax.xml.ws.soap.SOAPFaultException: Security Requirements not met - No > Security header in message > > Is this normal? The BPEL can not invoke an EJB through HTTPS even > internally, and even though the EJB is in the same SA? > > Thanks > -- <http://www.java.com> * Jason Baragry * Senior Solution Architect Software Practice *Sun Microsystems, Inc.* Central & Northern Europe Phone x43697/+47-23-369 697 Mobile +47 4899 4603 Email Jason.Baragry@... <http://www.java.com> |
|
|
Re: SSL Inside a BPEL?
by OpenXGroup Inc.
::
Rate this Message:
I appreciate this post (blog) as well.....
However, if you include the Asynchronous Service in the same Service Assembly (aka Composite Application) as the BPEL process, then the process fails to continue executing. In fact, the entire process waits endlessly. To understand why this occurs you need to look a bit deeper at what is happening under the covers in the JBI infrastructure. Thanks Jason! On Thu, May 21, 2009 at 4:43 PM, jsexton0 <jsexton0@...> wrote:
|
|
|
Re: SSL Inside a BPEL?
by jsexton0
::
Rate this Message:
I have seen those posts, and they are helpful, thanks. But that is what lead me to ask the question. I get the exception even though the EJB is in the same service assemble as the BPEL that call it. I did not expect that.
Thanks
|
|
|
Re: SSL Inside a BPEL?
by Jason Baragry-2
::
Rate this Message:
AFAIK, the EJB should not be enforcing a transport level security option if the communication is happening over the NMR. However, as detailed in the 2nd link I sent, the JavaEE Service Engine isn't like other engines. Its really a bridge between the JBI container and the Web/EJB containers in Glassfish. That bridge makes use of HTTP pieces in Glassfish to implement the JAX-WS pieces necessary to provide and consume webservice interfaces. It may be that those pieces are enforcing some SSL implementation that it shouldn't be in your scenario. This is going beyond my knowledge of how the JavaEE SE is implemented. I suggest you ask on users@openesb so that one of the engineers can comment. rgds Jason jsexton0 wrote: > I have seen those posts, and they are helpful, thanks. But that is what lead > me to ask the question. I get the exception even though the EJB is in the > same service assemble as the BPEL that call it. I did not expect that. > > Thanks > > > Jason Baragry-2 wrote: > >> First, I think you will get more answers on the users@openesb mailing >> list. >> >> OpenESB is a JBI compliant infrastructure. That means there is a >> difference between Service Engines that provide functionality (like the >> BPEL engine) and Binding Components that provide connectivity (like the >> SOAP/HTTP BC). >> >> In this infrastructure, the BPEL engine does not talk directly to the >> EJB, the communication goes via a SOAP/HTTP Binding Component. So if you >> want to use SSL transport between BPEL and an EJB then you need to >> configure SSL in the SOAP/HTTP BC that BPEL uses to communicate over the >> wire to the EJB. >> >> See: >> http://wiki.open-esb.java.net/Wiki.jsp?page=CommonUserScenariosForHTTPBindingComponent >> >> However, there is another issue you need to consider. If the BPEL >> component and the EJB are included in the same service assembly >> (composite application) then the infrastructure routes the communication >> within the JVM - i.e., it doesn't go over the wire. In this case its not >> possible to use SSL because there is no over-the-wire transport involved. >> >> This is partially described here: >> http://blogs.sun.com/jason/entry/removing_the_default_soap_binding >> >> hth >> Jason >> >> jsexton0 wrote: >> >>> Today I've been experimenting with SSL/HTTPS in Glassfish. I'm working >>> with >>> a BPEL that includes an invocation of an EJB. The BPEL and the EJB are >>> deployed in the same SA. I changed the EJB to use HTTPS, which seemed to >>> work. The invocation of the BPEL is through a normal HTTP SOAP request. >>> When the BPEL comes to the invoke element to the now secure EJB WSDL, I >>> get >>> an exception: >>> >>> javax.xml.ws.soap.SOAPFaultException: Security Requirements not met - No >>> Security header in message >>> >>> Is this normal? The BPEL can not invoke an EJB through HTTPS even >>> internally, and even though the EJB is in the same SA? >>> >>> Thanks >>> >>> >> -- >> <http://www.java.com> * Jason Baragry * >> Senior Solution Architect >> Software Practice >> *Sun Microsystems, Inc.* >> Central & Northern Europe >> Phone x43697/+47-23-369 697 >> Mobile +47 4899 4603 >> Email Jason.Baragry@... >> <http://www.java.com> >> >> >> >> > > -- <http://www.java.com> * Jason Baragry * Senior Solution Architect Software Practice *Sun Microsystems, Inc.* Central & Northern Europe Phone x43697/+47-23-369 697 Mobile +47 4899 4603 Email Jason.Baragry@... <http://www.java.com> |
|
|
Re: SSL Inside a BPEL?
by jsexton0
::
Rate this Message:
I looked at the casa editor for this assembly and found that the BPEL was not directly connected to the EJB. It looks like it was in fact using, or trying to use, https even though the units were altogether. It also did not like me trying to change those connections. It complained that the types were not correct.
I'm going to just recreate the WSDL and EJB in question, and I suspect it will behave. All I was looking for right now is confirmation that the EJB invocation is not subject to the transport security when invoked through the NMR, and you've answered that question. Thanks!
|
| Free embeddable forum powered by Nabble | Forum Help |
