I assume your https requests arrive to a servlets, otherwise what you're saying doesn't make any sense. And your servlet receives the set of descriptors and makes one ejb call for each descriptor (not necessarily the same method). I also assume your ejb business methods are configured in "required" CMT mode. (required means that when you call the specified method, if a transaction is already associated with the thread running your call it will be used, otherwise a new transaction will be started and associated with your thread).
This is what you should do:
1) write a facade ejb method either in a new session bean or in an existing one. Whatever suits you better. Configure this method in required mode.
2) this method should take a single parameter, namely the transaction descriptors set. put inside the same code you now have in your servelet, the one that iterates over the set and calls the business methods.
3) from your servlet, call the facade.
This is what will happen: when you call the facade, the EJB container will start a new transaction (if isn't already associated to your thread). Then, when you call your old business method, the same transaction will be reused. Which means that is one method fails, the entire transaction will be rolled back.
If you want to really do it prooperly, when you realize that a transaction will fail, call the setRollbackOnly method on the ejb context. at the begining of every business method, chech the rollback only status. if it's true, just return, no need to do any processing, the transaction will be rolled back any ways.
Hope it helps.
La multi ani si la mai mare,