Skip to end of metadata
Go to start of metadata

The purpose of this chapter is to demonstrate how to lookup and invoke on EJBs deployed on an WildFly server instance from another WildFly server instance. This is different from invoking the EJBs from a remote standalone client

Let's call the server, from which the invocation happens to the EJB, as "Client Server" and the server on which the bean is deployed as the "Destination Server".

Note that this chapter deals with the case where the bean is deployed on the "Destination Server" but not on the "Client Server".

Application packaging

In this example, we'll consider a EJB which is packaged in a myejb.jar which is within a myapp.ear. Here's how it would look like:

Note that packaging itself isn't really important in the context of this article. You can deploy the EJBs in any standard way (.ear, .war or .jar).


In our example, we'll consider a simple stateless session bean which is as follows:


WildFly 8 is secure by default. What this means is that no communication can happen with an WildFly instance from a remote client (irrespective of whether it is a standalone client or another server instance) without passing the appropriate credentials. Remember that in this example, our "client server" will be communicating with the "destination server". So in order to allow this communication to happen successfully, we'll have to configure user credentials which we will be using during this communication. So let's start with the necessary configurations for this.

Configuring a user on the "Destination Server"

As a first step we'll configure a user on the destination server who will be allowed to access the destination server. We create the user using the add-user script that's available in the JBOSS_HOME/bin folder. In this example, we'll be configuring a Application User named ejb and with a password test in the ApplicationRealm. Running the add-user script is an interactive process and you will see questions/output as follows:


As you can see in the output above we have now configured a user on the destination server who'll be allowed to access this server. We'll use this user credentials later on in the client server for communicating with this server. The important bits to remember are the user we have created in this example is ejb and the password  is test.

Note that you can use any username and password combination you want to.
You do not require the server to be started to add a user using the add-user script.

Start the "Destination Server"

As a next step towards running this example, we'll start the "Destination Server". In this example, we'll use the standalone server and use the standalone-full.xml configuration. The startup command will look like:

Ensure that the server has started without any errors.

It's very important to note that if you are starting both the server instances on the same machine, then each of those server instances must have a unique system property. You can do that by passing an appropriate value for system property to the startup script:

Deploying the application

The application (myapp.ear in our case) will be deployed to "Destination Server". The process of deploying the application is out of scope of this chapter. You can either use the Command Line Interface or the Admin console or any IDE or manually copy it to JBOSS_HOME/standalone/deployments folder (for standalone server). Just ensure that the application has been deployed successfully.

So far, we have built a EJB application and deployed it on the "Destination Server". Now let's move to the "Client Server" which acts as the client for the deployed EJBs on the "Destination Server".

Configuring the "Client Server" to point to the EJB remoting connector on the "Destination Server"

As a first step on the "Client Server", we need to let the server know about the "Destination Server"'s EJB remoting connector, over which it can communicate during the EJB invocations. To do that, we'll have to add a "remote-outbound-connection" to the remoting subsystem on the "Client Server". The "remote-outbound-connection" configuration indicates that a outbound connection will be created to a remote server instance from that server. The "remote-outbound-connection" will be backed by a "outbound-socket-binding" which will point to a remote host and a remote port (of the "Destination Server"). So let's see how we create these configurations.

Start the "Client Server"

In this example, we'll start the "Client Server" on the same machine as the "Destination Server". We have copied the entire server installation to a different folder and while starting the "Client Server" we'll use a port-offset (of 100 in this example) to avoid port conflicts:

Create a security realm on the client server

Remember that we need to communicate with a secure destination server. In order to do that the client server has to pass the user credentials to the destination server. Earlier we created a user on the destination server who'll be allowed to communicate with that server. Now on the "client server" we'll create a security-realm which will be used to pass the user information.

In this example we'll use a security realm which stores a Base64 encoded password and then passes on that credentials when asked for. Earlier we created a user named ejb and password test. So our first task here would be to create the base64 encoded version of the password test. You can use any utility which generates you a base64 version for a string. I used this online site which generates the base64 encoded string. So for the test password, the base64 encoded version is dGVzdA==

While generating the base64 encoded string make sure that you don't have any trailing or leading spaces for the original password. That can lead to incorrect encoded versions being generated.
With new versions the add-user script will show the base64 password if you type 'y' if you've been ask

Now that we have generated that base64 encoded password, let's use in the in the security realm that we are going to configure on the "client server". I'll first shutdown the client server and edit the standlaone-full.xml file to add the following in the <management> section

Now let's create a "security-realm" for the base64 encoded password.

Notice that the CLI show the message "process-state" => "reload-required", so you have to restart the server before you can use this change.

upon successful invocation of this command, the following configuration will be created in the management section:


As you can see I have created a security realm named "ejb-security-realm" (you can name it anything) with the base64 encoded password. So that completes the security realm configuration for the client server. Now let's move on to the next step.

Create a outbound-socket-binding on the "Client Server"

Let's first create a outbound-socket-binding which points the "Destination Server"'s host and port. We'll use the CLI to create this configuration:

The above command will create a outbound-socket-binding named "remote-ejb" (we can name it anything) which points to "localhost" as the host and port 8080 as the destination port. Note that the host information should match the host/IP of the "Destination Server" (in this example we are running on the same machine so we use "localhost") and  the port information should match the http-remoting connector port used by the EJB subsystem (by default it's 8080). When this command is run successfully, we'll see that the standalone-full.xml (the file which we used to start the server) was updated with the following outbound-socket-binding in the socket-binding-group:

Create a "remote-outbound-connection" which uses this newly created "outbound-socket-binding"

Now let's create a "remote-outbound-connection" which will use the newly created outbound-socket-binding (pointing to the EJB remoting connector of the "Destination Server"). We'll continue to use the CLI to create this configuration:

The above command creates a remote-outbound-connection, named "remote-ejb-connection" (we can name it anything), in the remoting subsystem and uses the previously created "remote-ejb" outbound-socket-binding (notice the outbound-socket-binding-ref in that command) with the http-remoting protocol. Furthermore, we also set the security-realm attribute to point to the security-realm that we created in the previous step. Also notice that we have set the username attribute to use the user name who is allowed to communicate with the destination server.

What this step does is, it creates a outbound connection, on the client server, to the remote destination server and sets up the username to the user who allowed to communicate with that destination server and also sets up the security-realm to a pre-configured security-realm capable of passing along the user credentials (in this case the password). This way when a connection has to be established from the client server to the destination server, the connection creation logic will have the necessary security credentials to pass along and setup a successful secured connection.

Now let's run the following two operations to set some default connection creation options for the outbound connection:

Ultimately, upon successful invocation of this command, the following configuration will be created in the remoting subsystem:

From a server configuration point of view, that's all we need on the "Client Server". Our next step is to deploy an application on the "Client Server" which will invoke on the bean deployed on the "Destination Server".

Packaging the client application on the "Client Server"

Like on the "Destination Server", we'll use .ear packaging for the client application too. But like previously mentioned, that's not mandatory. You can even use a .war or .jar deployments. Here's how our client application packaging will look like:

In the client application we'll use a servlet which invokes on the bean deployed on the "Destination Server". We can even invoke the bean on the "Destination Server" from a EJB on the "Client Server". The code remains the same (JNDI lookup, followed by invocation on the proxy). The important part to notice in this client application is the file jboss-ejb-client.xml which is packaged in the META-INF folder of a top level deployment (in this case our client-app.ear). This jboss-ejb-client.xml contains the EJB client configurations which will be used during the EJB invocations for finding the appropriate destinations (also known as, EJB receivers). The contents of the jboss-ejb-client.xml are explained next.

If your application is deployed as a top level .war deployment, then the jboss-ejb-client.xml is expected to be placed in .war/WEB-INF/ folder (i.e. the same location where you place any web.xml file).

Contents on jboss-ejb-client.xml

The jboss-ejb-client.xml will look like:

You'll notice that we have configured the EJB client context (for this application) to use a remoting-ejb-receiver which points to our earlier created "remote-outbound-connection" named "remote-ejb-connection". This links the EJB client context to use the "remote-ejb-connection" which ultimately points to the EJB remoting connector on the "Destination Server".

Deploy the client application

Let's deploy the client application on the "Client Server". The process of deploying the application is out of scope, of this chapter. You can use either the CLI or the admin console or a IDE or deploy manually to JBOSS_HOME/standalone/deployments folder. Just ensure that the application is deployed successfully.

Client code invoking the bean

We mentioned that we'll be using a servlet to invoke on the bean, but the code to invoke the bean isn't servlet specific and can be used in other components (like EJB) too. So let's see how it looks like:

That's it! The above code will invoke on the bean deployed on the "Destination Server" and return the result.

ejb ejb Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
  1. Jun 13, 2012

    Hi Jaikiran,

    I have tried the steps mentioned above, but, still I am not able to connect to my remote EJB. My EJB (server) is packed in a EAR, and the client is packaged as a WAR. I have placed the "jboss-ejb-client.xml" in the classes folder under WEB-INF directory.

    Have performed all the changes on the client side as well as server side, but when i try to invoke any method on my EJB, i get the following error:

    java.lang.IllegalStateException: No EJB receiver available for handling [appName:MyEar,modulename:MyBeans,distinctname:] combination for invocation context.

    The JNDI name of the EJB is correct, since if i try to invoke a local instance, then the EJB lookup succeeds and the method invocation is successful. I am using JBoss AS 7.1.1.Final

    Could you please help me on this, as I am unaware of how to resolve this.



    1. Jun 18, 2012

      I think you may try to place your "jboss-ejb-client.xml" under WEB-INF/classes directory of your client war.

    2. Sep 01, 2016

      There are three situation under which the EJBCLIENT000025 is thrown
      1] Connection broken
      2] user/pass invalid
      3] connected, but ejb is not there
      I had the same error until I figured that I wrongly typed the name of my ejb. 

      From the RedHat knowledgebase :

      There are three situation under which the EJBCLIENT000025 is thrown

      1] Connection broken

      2] user/pass invalid

      3] connected, but ejb is not there

  2. Jun 20, 2012

    I followed the example, but am getting this Warning on deployment:

    16:55:21,748 INFO  [org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver] (MSC service thread 1-3) Successful version handshake completed for receiver context EJBReceiverContext

    Unknown macro: {clientContext=org.jboss.ejb.client.EJBClientContext@1976d490, receiver=Remoting connection EJB receiver [connection=Remoting connection <1acedc74>,channel=jboss.ejb,nodename=dest]}

    on channel Channel ID a9f6f5d2 (outbound) of Remoting connection 4aeee916 to localhost.localdomain/
    16:55:21,749 WARN  [org.jboss.ejb.client.remoting.ChannelAssociation] (Remoting "client" task-4) Unsupported message received with header 0xffffffff
    16:55:21,785 INFO  [org.jboss.web] (MSC service thread 1-1) JBAS018210: Registering web context: /client-app-war
    16:55:21,789 INFO  [] (DeploymentScanner-threads - 1) JBAS018565: Replaced deployment "client-app.ear" with deployment "client-app.ear"

    Then this error when trying to invoke?

    16:55:27,254 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/client-app-war].[TestRemoteEjb]] (http-localhost.localdomain- Servlet.service() for servlet TestRemoteEjb threw exception: java.lang.ClassNotFoundException: org.myapp.ejb.Greeter from [Module "deployment.client-app.ear.client-app-war.war:main" from Service Module Loader]

    any thoughts as to what may be wrong?


    1. Jun 21, 2012

      Got around this by bundling the myejb.jar as a library reference.  I was thinking you only had to use it as a reference for building it


  3. Jun 25, 2012

    Is this instruction a joke? Why there is no org.jboss.naming.ExternalContext or equivalent? If I have sufficiently complicated app that calls 50 ejbs over 2 or more app servers, administration overhead is just insane to get it just to work. Just WTF :/

  4. Jun 28, 2012

    This example assumes there is only single EJB receiver being defined. What if I will have to put more than one EJB receiver and be able to programatically look up the targeted EJB receiver ? any pointers to the relevant documentation is very much appreciated. Thanks

  5. Mar 18, 2014

    Agree with fan kam thong but i dont see an answer for 2 years ago.

    i need to lookup a targeted ejb receiver, how can i do that?

    i will appreciate your help.

    1. Mar 18, 2014

      You should ask such questions here

      Also you might have a look to the ejb-multi-server quickstart where we show some examples