>开始时COM+的体系结构中没有完全考虑安全性 IS NOT SAME AS >几乎是建立在Window内部的安全机制上的
You can say CORBA 没有完全考虑安全性 for its add on security service API but this statement is definitely not correct for COM+, even for COM.
We have discussed DCOM cannot penetrate firewall, but the MOST important thing here is even it will support this feature, distributed enterprise application still won't or should not use DCOM over internet.
How many money you will pay for integrating with existing enterprise information system, such as CICS, or more morden CORBA system. can you afford the performance hit for CORBA/COM bridge or COM/Java bridge, how many money your clients would pay for having a COM runtime instead of a web browser, doesn't that severely restrict your client segments?
SOAP defines how to use XML to encoing method invocation, and pass by HTTP, so it doesn't matter if the object invoked is COM object or COM+ object or even other kind of code, java or anything else.
SOAP is coauthored by Microsoft, IBM, Develop mentor's Don Box, who has written a good article of SOAP, it can be found in MSDN Library.
<<A Young Person's Guide to The Simple Object Access Protocol: SOAP Increases Interoperability Across Platforms and Languages>> Don Box
and here, http://www.develop.com/soap/
basically you need create service description file to let client understand how to use your server components, and you have to configure a helper component to listening soap on webserver, then all the remaining task is send soap packet from client side.
So the issue is avoid opening port other than 80, this is just what a typical distributed application that target internet will do, use HTTP for client/server communication, no matter you use COM+ or not.
Even port 135 is opened for contacting DCOM service, the communication on it is still encrypted. The problem is not the packet but is that often the company IT department don't feel at ease for open any port but HTTP (80), let alone dynamic port.
The firewall issue plagues COM and its competitor (they are both designed for Local Network), does CORBA handle this gracefuly? no.
At least for classic COM, there is CIS to workaround this problem.
The most important thing here is I don't think application built on internet will use even DCOM or CORBA or RMI between browser client and web server. The established standard is HTTP. When you get familiar with three tier application, you will get more understanding about COM+, which is really a middle-tier server architecture.