Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/gaol/ejb-over-https

Demo shows how to call remote EJB over HTTPS
https://github.com/gaol/ejb-over-https
Last synced: 19 days ago
JSON representation
Demo shows how to call remote EJB over HTTPS
Host: GitHub
URL: https://github.com/gaol/ejb-over-https
Owner: gaol
Created: 2021-07-27T09:51:05.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-07-28T04:23:35.000Z (over 3 years ago)
Last Synced: 2024-11-01T04:11:38.618Z (2 months ago)
Language: Java
Size: 17.6 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.adoc
Awesome Lists containing this project

README

        = ejb-over-https: Remote EJB Client Over HTTPS

:author: Lin Gao

:level: Intermediate

:technologies: EJB, JNDI, HTTPS

[abstract]

The `ejb-over-https` quickstart demonstrates how to invoke an EJB over HTTPS from a remote Java client application

== What is it?

The `ejb-over-https` quickstart demonstrates how to invoke an EJB over HTTPS from a remote Java client application. It demonstrates how to set up SSL/TLS in both server side and client side and how to invoke remote EJB via HTTPS transport.

There are two components to this example:

. A server side component:

+

The server component has a stateless EJB to just echo back the message sent to it. It provides both an EJB JAR that is deployed to the server and a JAR file containing the remote business interfaces required by the remote client application.

. A remote client application that accesses the server component.

+

The remote client application depends on the remote business interfaces from the server component. This application looks up the `EchoService` via JNDI/HTTP(S) and invokes `echo()` method with single `Hello Wolrd` and a large message.

== How to play it

There are some configurations you need to set up to play this quickstart, we are going to go through this quickstart first by plain HTTP, then set up SSL/TLS with HTTPS invocation, please follow the steps below.

=== Set up application user

Because invoking EJB via HTTP transport does not support transparent authentication, you need to add an application user to be able to call remotely.

. Add an application user

+

[source, options="nowrap"]

----

$ ${JBOSS_HOME}/bin/add-user.sh -a -u 'quickstartUser' -p 'quickstartPwd1!'

----

. After adding the application user, you can start the jboss server.

+

[source, options="nowrap"]

----

$ ${JBOSS_HOME}/bin/standalone.sh

----

=== Build the project and deploy the server side component

. In the root directory of the quickstart, run the following command:

+

[source,options="nowrap"]

----

$ mvn clean install

----

. Then navigate to the server-side subdirectory, run the following command:

+

[source,options="nowrap"]

----

$ cd server-side

$ mvn wildfly:deploy

----

Now you have deployed your EJB component(`EchoService`) into your JBoss server, let's see how to invoke it from remote client.

=== Invoke remote EJB over plain HTTP

Let's take a glance on the client code on how to invoke the remote EJB over HTTP(S):

[source,options="nowrap",java]

----

    private static final String HTTP_ENDPOINT = "http://localhost:8080/wildfly-services";

    private static final String HTTPS_ENDPOINT = "https://localhost:8443/wildfly-services";

    public static void main(String[] args) throws Exception {

        final String endpointURL = Boolean.getBoolean("ssl") ? HTTPS_ENDPOINT : HTTP_ENDPOINT;

        final EchoService echoService = lookupEchoService(endpointURL);

        String messageSent = "Hello World!";

        String message = echoService.echo(messageSent);

        if (!message.equals(messageSent)) {

            throw new RuntimeException("Message echo back is not equal.");

        }

    }    

    private static EchoService lookupEchoService(String endpointURL) throws NamingException {

        final Hashtable jndiProperties = new Hashtable<>();

        jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");

        jndiProperties.put(Context.PROVIDER_URL, endpointURL);

        final Context context = new InitialContext(jndiProperties);

        return (EchoService) context.lookup("ejb:/ejb-over-https-server-side/EchoServiceBean!"

            + EchoService.class.getName());

    }

----

The client code supports invoking remote EJB over both HTTP and HTTPS, you only need to use `-Dssl=false|true` to switch.

There are nothing more to set up in the server side to be able to call remote EJB over plain HTTP, the following `wildfly-config.xml` is used in client side to invoke the remote EJB:

[source,options="nowrap",xml]

----

    

        

                    

        

        

            

                

                

                    

                 

                

                    

                

                

                

                

                    

                

             

        

    

----

There is a branch `plain_http` in this quickstart which has the configuration already, you can switch to that branch and run the following command:

[source, options="nowrap"]

----

$ git checkout plain_http

$ cd ../client

$ mvn -Dssl=false clean install exec:exec

----

> NOTE: you need to use `-Dssl=false` to force to use plain HTTP invocation in this quickstart.

You will see some console output like:

[source, options="nowrap"]

----

Executing 10 times....

EndPoint URL: http://localhost:8080/wildfly-services

Clear Session Id...

Set up Strong Affinity to the remote endpoint.

Large message count: 120000

[INFO] ------------------------------------------------------------------------

[INFO] BUILD SUCCESS

[INFO] ------------------------------------------------------------------------

----

=== Set up SSL/TLS

Now you have been able to invoke remote EJB via plain HTTP, as we all know, it is not secure, username and password are transferred in plain text, so let's set up SSL/TLS to have a secure transport.

==== Set up SSL/TLS in server side

There are 2 ways to setup SSL in server side, we use the default one predefined already in the JBoss server.

By default, JBoss server generates a predefined keystore file wich is used for SSL communication on first access to HTTPS interface:

[source,options="nowrap"]

----

$ curl -k https://localhost:8443/

----

==== Set up SSL/TLS in client side

After that, an `application.keystore` file is generated in `${JBOSS_HOME}/standalone/configuration/` directory, we can use that file as trustsore in client set up, or we can export the SSL certificate and import to a separate truststore for client use, in this example, we use it directly for simplicity, here is the `wildfly-config.xml` used for SSL communication:

[source,options="nowrap",xml]

----

    

        

                    

        

        

            

        

        

            

                

                

                    

                 

                

                    

                

                

                

                

                    

                

             

        

        

            

               

               

            

        

        

            

                

            

        

    

----

You can find this set up in `main` branch in this quickstart, then you can run the following commands to run the client application:

[source, options="nowrap"]

----

$ git checkout main

$ cd ../client

$ export JBOSS_HOME=

$ mvn -Dssl=true clean install exec:exec

----

Have Fun!