Glassfish JAX-WS side by side SSL / insecure EJB webservice

Asked 26/5, 2010 at 10:5 Answered 10/10, 2013 at 13:0

web-services glassfish ejb-3.0 jax-ws java-metro-framework

Is it possible to run a single @WebService bean as both secure and insecure at the same time, preferably using the same URL except for the http/https protocol difference?

I am able to run the service either secure or insecure using:

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

<transport-guarantee>NONE</transport-guarantee>

inside sun-ejb-jar.xml

IE.

<ejb>
  <ejb-name>MyEJB</ejb-name>
  <webservice-endpoint>
    <port-component-name>MyWebService</port-component-name>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </webservice-endpoint>
</ejb>

Suggestions?

Burlingame answered 26/5, 2010 at 10:5 Comment(4)

I am not clear on the details... so I won't submit this as an answer... You may want to dig into the topic of Grizzly port unification. It seems like that will allow you to do what you want. – Idem 27/5, 2010 at 17:31

Thanks vkraemer I will have a look at that. – Burlingame 28/5, 2010 at 7:44

What happens with <transport-guarantee>NONE</transport-guarantee> and a http SSL enabled listener? NONE doesn't preclude SSL from also working. The other option if you can install apache, httpd w/mod_ssl + mod_jk/ajp would probably work. – Sulfa 14/7, 2012 at 4:2

@Sulfa unfortunately with NONE it will only route from the unsecure listener. mod_ssl is definitely the way to go in any production scenario. – Burlingame 15/7, 2012 at 6:36

Why you just not proxy app server with Apache HTTP server or similar? I usually do this way and leave SSL handshaking/open text connection to HTTP in front of it.

Freeforall answered 23/1, 2013 at 19:43 Comment(0)

just remove the <transport-guarantee>CONFIDENTIAL</transport-guarantee>, your beans will be available on http and https also. <transport-guarantee>CONFIDENTIAL</transport-guarantee> means strict security, any http request coming is redirected to https(ssl).

removing this <transport-guarantee>CONFIDENTIAL</transport-guarantee> you will get great flexibility.

Linneman answered 24/1, 2013 at 11:13 Comment(0)

I'm aware that this is a pretty old question. However, I feel like providing this answer since I recently ran into the exact same issue.

According to Oracle documentation:

Specify CONFIDENTIAL when the application requires that data be transmitted so as to prevent other entities from observing the contents of the transmission.

Specify NONE to indicate that the container must accept the constrained requests on any connection, including an unprotected one.

Since this is merely a transport-guarantee, a NONE value should provide you the feature you want, namely an EJB Web Service responding both to http and https requests.

The problem here is a bug in Glassfish that apparently restricts you to either accept http OR https requests to your EJB Web Service:

Bug in Glassfish 2.x: https://java.net/jira/browse/GLASSFISH-5621
Bug in Glassfish 3.x: https://java.net/jira/browse/GLASSFISH-19293

According to the last jira task the issue should be fixed and working from Glassfish 4.0_b75.

Manolete answered 10/10, 2013 at 13:0 Comment(0)

Recommended topics

Hot tags