[jboss-user] [JBoss Web Services] - http still works when transportGuarantee is CONFIDENTIAL

[Emil Nilimaa]

Emil Nilimaa [http://community.jboss.org/people/Eminil] created the discussion

"http still works when transportGuarantee is CONFIDENTIAL"

To view the discussion, visit: http://community.jboss.org/message/581509#581509

--------------------------------------------------------------
We have an EJB3 deployed as following:


@Stateless
@WebService(endpointInterface = "mystuff.ejb.system.SystemEJBRemote")
@Remote(SystemEJBRemote.class)

@WebContext
(
  contextRoot="/jboss-app-server",
  transportGuarantee="CONFIDENTIAL",
  secureWSDLAccess=false
)
@RemoteBinding(clientBindUrl="sslsocket://0.0.0.0:3843", jndiBinding="SystemEJB")







In our deploy/jbossweb.sar/server.xml we have:




      <!-- Add this option to the connector to avoid problems with 
          .NET clients that don't implement HTTP/1.1 correctly 
         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
      -->





Now if we do not use the connector for port 80 above only https will work. But if we turn on the port 80 connector to allow other webpages to use http, the deployed EJB also seems to work with http over jbossws... Why is this? Is it not meant to REQUIRE confidential (ssl) to connect to it when we have specified the transportGuarantee as CONFIDENTIAL?

How can we fix this? We want the EJB to only be available with https (ssl) but let other pages
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/581509#581509]

Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110118/3d3ac376/attachment.html