Use this procedure to specify the security mechanisms that will be applied when you use an enterprise bean through IIOP. These mechanisms are used according to Conformance Level 0 defined in the OMG’s Common Secure Interoperability V2 Specification. These settings are stored in ejb-j2ee-engine.xml.
...
1. Open the ejb-j2ee-engine.xml.
2. From the right-hand pane, choose the Enterprise Beans tab.
3. Open the corresponding tree structure depending on the type of your enterprise bean.
4. From your bean tree sub-structure, select iiop-security.
5. Choose add.
A iiop security entry sub-node appears in the tree structure.
6. In the right-hand pane, specify the following data for the iiop security entry:
a. Choose the Configure transport layer option to define the transport protocol and its configuration.
Specify the values of the following properties:
Property |
Description |
Integrity |
Specifies how the target processes integrity-protected messages, that is, whether the J2EE Engine uses SSL during the course of message process. Choose between: · required – the J2EE Engine uses SSL during the course of message process · supported – the J2EE Engine can use SSL during the course of message process · none – the J2EE Engine does not use SSL during the course of message process |
Confidentiality |
Specifies whether the privacy protected messages will be encrypted. Choose between: · required – the J2EE Engine encrypts the messages · supported – the J2EE Engine provides options for encrypting the messages · none – the J2EE Engine does not encrypt the messages |
Establish trust in target |
Specifies whether the J2EE Engine authenticates to the client. Choose between: · supported – the J2EE Engine provides options for authentication to the client · none – the J2EE Engine does not support authentication to the client |
Establish trust in client |
Specifies whether the J2EE Engine authenticates the client. Choose between: · required – the J2EE Engine accepts connections only from clients who successfully authenticate in the handshake · supported – the J2EE Engine provides options for client authentication · none – the J2EE Engine does not support client authentication |
b. Choose the Configure authentication layer option to describe the authentication context.
Specify the values of the following properties:
Property |
Description |
Authentication method |
Specifies whether an authentication context will be used. Choose between: · username_password – the client must specify a username and password when logging on · none – the authentication context will not be used; authentication using transport level(s) or identity assertion will be used instead |
Realm |
The name of the realm to which the specified username and password apply if the authentication mechanism is used. Choose between: · default – the username and password apply to the whole realm · none – the username and password do not apply to the current realm |
Required |
Use this option to specify whether this authentication method is required or optional. |
c. Choose the Configure security attribute layer option to specify whether the security mechanism supports identity assertion or authorization attributes delivered in service context.
Specify the value of the following property:
Property |
Description |
Caller propagation |
Choose between: · Required – the J2EE Engine accepts delegation tokens that indicate who has been endorsed to assert an identity, and requires a delegation token that endorses the J2EE Engine as the proxy for the client · Supported – the J2EE Engine accepts delegation tokens that indicate who has been endorsed to assert an identity · None – the J2EE Engine does not support identity assertion; the client identity will be obtained from the authentication layer(s) |
These security settings are stored in the <ior-security-config> element in the deployment descriptor.