Show TOC Start of Content Area

Procedure documentation Specifying Security When Using IIOP  Locate the document in its SAP Library structure

Use

Use this procedure to specify the security mechanisms that will be applied when you use an enterprise bean through IIOP. These mechanisms are used according to Conformance Level 0 defined in the OMG’s Common Secure Interoperability V2 Specification. These settings are stored in ejb-j2ee-engine.xml.

Procedure

...

       1.      Open the ejb-j2ee-engine.xml.

       2.      From the right-hand pane, choose the Enterprise Beans tab.

       3.      Open the corresponding tree structure depending on the type of your enterprise bean.

       4.      From your bean tree sub-structure, select iiop-security.

       5.      Choose add.

A iiop security entry sub-node appears in the tree structure.

       6.      In the right-hand pane, specify the following data for the iiop security entry:

                            a.      Choose the Configure transport layer option to define the transport protocol and its configuration.

Specify the values of the following properties:

Property

Description

Integrity

Specifies how the target processes integrity-protected messages, that is, whether the J2EE Engine uses SSL during the course of message process.

Choose between:

·        required – the J2EE Engine uses SSL during the course of message process

·        supported – the J2EE Engine can use SSL during the course of message process

·        none – the J2EE Engine does not use SSL during the course of message process

Confidentiality

Specifies whether the privacy protected messages will be encrypted.

Choose between:

·        required – the J2EE Engine encrypts the messages

·        supported – the J2EE Engine provides options for encrypting the messages

·        none – the J2EE Engine does not encrypt the messages

Establish trust in target

Specifies whether the J2EE Engine authenticates to the client.

Choose between:

·        supported – the J2EE Engine provides options for authentication to the client

·        none – the J2EE Engine does not support authentication to the client

Establish trust in client

Specifies whether the J2EE Engine authenticates the client.

Choose between:

·        required – the J2EE Engine accepts connections only from clients who successfully authenticate in the handshake

·        supported – the J2EE Engine provides options for client authentication

·        none – the J2EE Engine does not support client authentication

 

                            b.      Choose the Configure authentication layer option to describe the authentication context.

Specify the values of the following properties:

Property

Description

Authentication method

Specifies whether an authentication context will be used.

Choose between:

·        username_password – the client must specify a username and password when logging on

·        none – the authentication context will not be used; authentication using transport level(s) or identity assertion will be used instead

Realm

The name of the realm to which the specified username and password apply if the authentication mechanism is used.

Choose between:

·        default – the username and password apply to the whole realm

·        none – the username and password do not apply to the current realm

Required

Use this option to specify whether this authentication method is required or optional.

 

                            c.      Choose the Configure security attribute layer option to specify whether the security mechanism supports identity assertion or authorization attributes delivered in service context.

Specify the value of the following property:

Property

Description

Caller propagation

Choose between:

·        Required – the J2EE Engine accepts delegation tokens that indicate who has been endorsed to assert an identity, and requires a delegation token that endorses the J2EE Engine as the proxy for the client

·        Supported – the J2EE Engine accepts delegation tokens that indicate who has been endorsed to assert an identity

·        None – the J2EE Engine does not support identity assertion; the client identity will be obtained from the authentication layer(s)

 

Result

These security settings are stored in the <ior-security-config> element in the deployment descriptor.

 

 

End of Content Area