JBoss Instance Configuration to Support Deployed EJB Client Contexts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Relevance

  • EAP 7.0.4

Overview

This article describes the server-side configuration required to support deployed EJB client contexts, as declared in jboss-ejb-client.xml deployment descriptors. Assuming that jboss-ejb-client.xml content is the one listed below, the following configuration changes are necessary:

<jboss-ejb-client xmlns:xsi="urn:jboss:ejb-client:1.2" xsi:noNamespaceSchemaLocation="jboss-ejb-client_1_2.xsd">
    <client-context>
        <ejb-receivers>
            <remoting-ejb-receiver outbound-connection-ref="remote-ejb-container-1"/>
            <remoting-ejb-receiver outbound-connection-ref="remote-ejb-container-2"/>
        </ejb-receivers>
    </client-context>
</jboss-ejb-client>

Procedure

Remoting Subsystem Configuration

Declare remoting outbound connections corresponding to the "outbound-connection-ref" declared in the deployment descriptor:

<subsystem xmlns="urn:jboss:domain:remoting:3.0">
    ...
    <outbound-connections>
        <remote-outbound-connection name="remote-ejb-container-1" 
                                    outbound-socket-binding-ref="remote-ejb-container-socket-1" 
                                    username="ejb" 
                                    security-realm="ejb-security-realm" 
                                    protocol="http-remoting">
            <properties>
                <property name="SASL_POLICY_NOANONYMOUS" value="false"/>
                <property name="SSL_ENABLED" value="false"/>
            </properties>
        </remote-outbound-connection>
        ...
    </outbound-connections>
    ...    
</subsystem>

An "ejb" ApplicationRealm user will have to be created on each of the remote JBoss nodes we intend to invoke into. When asked if "is this new user going to be used for one AS process to connect to another AS process?", answer yes. The utility will provide the base-64 encoded credentials needed at the next step. The complete procedure is described here:

Adding a User to the Application Realm

We also need to declare a local "ejb-security-realm". The rationale and the procedure is describe here Declare a Local EJB Security Realm.

Declare a Local EJB Security Realm

The local "ejb-security-realm" referred from remote-outbound-connections provides the credentials required to authenticate against the remote JBoss nodes.

<management>
    <security-realms>
        ...
        <security-realm name="ejb-security-realm">
            <server-identities>
                <secret value="cGFzc3dvcmQxMjM0"/>
            </server-identities>
        </security-realm>
    </security-realms>
</management>

Declare the Corresponding Socket Bindings

For each remote outbound connection, declare the corresponding outbound socket binding:

<socket-binding-group ...>
    <outbound-socket-binding name="remote-ejb-container-socket-1">
        <remote-destination host="1.2.3.4" port="8080"/>
    </outbound-socket-binding>
    <outbound-socket-binding name="remote-ejb-container-socket-2">
        <remote-destination host="1.2.3.5" port="8080"/>
    </outbound-socket-binding>
   ...
</socket-binding-group>

where remote-outbound-connection's "name" attribute should match the remoting-ejb-receiver's outbound-connection-ref declared in jboss-ejb-client.xml. For more details about EJB client contexts, see EJB client context. For more details about jboss-ejb-client.xml, the deployment descriptor that configures the EJB client context, and which requires the above configuration changes, see jboss-ejb-client.xml.