New in Payara Server 5.191: Remote EJB via HTTP

Photo of Arjan Tijms by Arjan Tijms

Payara and GlassFish have supported classic remote EJB since its inception. Classic remote EJB uses RMI-IIOP (Remote Method Invocation over Internet Inter-ORB Protocol ) for transport and CSIv2 (Common Secure Interoperability Protocol Version 2) for security.


While feature rich, these protocols were not designed with firewalls, NAT, (private) clouds, Docker - and generally the Internet itself - in mind. For these environments, the requirements of the protocol, such as establishing independent connections back from the server to the client, are too troublesome. Practically speaking in these environments only one protocol really works, and that’s HTTP(S).


Additionally, RMI-IIOP/CSIv2 also requires heavyweight client libs.


In the case of Payara, that client lib is almost as big as the entire server as it’s essentially a special form of the ACC (Application Client Container). For HTTP(S) much smaller clients can be used, or even widely available HTTP agents such as wget or curl.


Payara Server 5.191 EJB Remoting Technology


For these reasons, Payara Server 5.191 features an additional EJB remoting technology based on HTTP and using a thin client. This technology is built from the ground up, and is not using the existing CORBA and IIOP stacks.


In reimagining remote EJB, we started out with the basic JAX-RS REST client and a thin factory on top of that. In true EJB style, it works via traditional JNDI. Given a JNDI name the underlying code will first request the corresponding remote interface definition from the remote Payara Server, and will then create a local proxy based on that. 


The following sequence diagram shows the lookup process:




Next, calls on the proxy will be serialised using JSON-B into JSON and sent over to the remote server. Once there, the server will lookup the EJB bean again, deserialise the JSON payload and invoke the bean locally (albeit via its remote interface), and then serialise the return value (if any) in JSON again.


This is shown in the diagram below:





In the initial version that has been released in Payara Server 5.191, not all remote EJB functionality has been implemented, as we're building the protocol from the ground up and have started with the basics.


The Future of EJB in Payara Server


Things that we're looking into adding for future releases include:

  • Support for Stateful EJB session beans
  • Support for returning other remote EJBs
  • Security propagation
  • TX propagation

Note that "Security propagation" refers to the security context propagating from one bean to another bean, with having to explicitly authenticate using credentials. The latter is supported, so secured remote EJB beans are supported in this initial cut.


The following extra features are being considered as well:

  • Custom JSON serialisers for remote HTPP EJB
  • GET requests for trivial EJBs to remote HTTP EJB
  • Easily securing the ejb-invoker endpoint
  • Client load balancing for the HTTP EJB Invoker
  • Lookup for JMS destinations (and perhaps other resources)

Documentation about this new feature can be found at:


A fully working example application can be found at: (read the documentation on how to activate the required endpoint, it's deactivated by default).


 Payara Server & Payara Micro  Download Here