I have written a simple ejb thin client to look up the bean deployed in IBM WebSphere 8.5.
When SSL was not enabled on the server I was successfully able to lookup the bean , but as soon as I enabled the SSL , I started getting the below mentioned exception.
This is how I enabled the security thru admin console :
Exception:
javax.naming.NamingException: Error getting WsnNameService properties [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 completed: No]
at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1552)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(WsnInitCtxFactory.java:1042)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCtxFactory.java:962)
at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(WsnInitCtxFactory.java:614)
at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128)
at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:765)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
at javax.naming.InitialContext.lookup(InitialContext.java:436)
at nh.indi.test.S2SCommTest.lookupServiceEJB(S2SCommTest.java:55)
at nh.indi.test.S2SCommTest.main(S2SCommTest.java:22)
Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 completed: No
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1276)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1342)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1164)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1308)
at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1886)
at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1264)
at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458)
at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServiceStub.java:38)
at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1549)
... 10 more
Code :
public static void main(String args[]) throws NamingException {
Properties ejbProps = new Properties();
ejbProps.put("org.omg.CORBA.ORBClass", "com.ibm.CORBA.iiop.ORB");
ejbProps.put(Context.INITIAL_CONTEXT_FACTORY,
"com.ibm.websphere.naming.WsnInitialContextFactory");
ejbProps.put(Context.PROVIDER_URL, "corbaloc:iiop:160.XX.XX.XX:2809");
InitialContext ffmContext = new InitialContext(ejbProps);
Object remoteObject = ffmContext
.lookup("ejb/MyAppEar-CLUSTER/MyAppEJB.jar/BatchIdTrackingBean#indi.nh.business.framework.bos.di.BatchIdTrackingBeanRemote");
BatchIdTrackingBeanRemote serviceTester = (BatchIdTrackingBeanRemote) PortableRemoteObject
.narrow(remoteObject, BatchIdTrackingBeanRemote.class);
System.out.println(serviceTester);
}
While running the program I am also passing the sas.client.props file location present in my local file system as mentioned here. 1
-Dcom.ibm.CORBA.ConfigURL=file:///C:/Temp/docs/S2S_Docs/sas.client.props
1 : How to connect to a websphere Application Server 8.5 Message Queue while Administrative Security is enabled
Can anybody please help me how to test it successfully with SSL enabled on the websphere app server or what i am missing in my client side or server side configuration.
You also need to add this property to java command: -Dcom.ibm.CORBA.ConfigURL=file:///home/user1/sas.client.props
You can copy the ssl.client.props file (in addition to sas.client.props) from the WebSphere Application Server installation. You need to at least update the location of the key files in the ssl.client.props file to the match where you created or copied the key files. For example,
-Dcom.ibm.ssl.keyStore=/home/user1/etc/key.p12 -Dcom.ibm.ssl.trustStore=/home/user1/etc/trust.p12
When you run the client again, it should prompt you to add signer to the trust store if it is not there.
More details at: https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/tcli_ejbthinclient.html