Specifying Security When Using IIOP

Use this procedure to specify the security mechanisms that will be applied when you use an enterprise bean through IIOP. These mechanisms are used according to Conformance Level 0 defined in the OMG's Common Secure Interoperability V2 Specification. These settings are stored in ejb-j2ee-engine.xml.

1. Open the ejb-j2ee-engine.xml.
2. From the right-hand pane, choose the Enterprise Beans tab.
3. Open the corresponding tree structure depending on the type of your enterprise bean.
4. From your bean tree sub-structure, select iiop-security.
5. Choose add.

   A iiop security entry sub-node appears in the tree structure.

6. In the right-hand pane, specify the following data for the iiop security entry:
   1. Choose the Configure transport layer option to define the transport protocol and its configuration.

      Specify the values of the following properties:

      Property	Description
      Integrity	Specifies how the target processes integrity-protected messages, that is, whether the J2EE Engine uses SSL during the course of message process. Choose between: required - the J2EE Engine uses SSL during the course of message process supported - the J2EE Engine can use SSL during the course of message process none - the J2EE Engine does not use SSL during the course of message process
      Confidentiality	Specifies whether the privacy protected messages will be encrypted. Choose between: required - the J2EE Engine encrypts the messages supported - the J2EE Engine provides options for encrypting the messages none - the J2EE Engine does not encrypt the messages
      Establish trust in target	Specifies whether the J2EE Engine authenticates to the client. Choose between: supported - the J2EE Engine provides options for authentication to the client none - the J2EE Engine does not support authentication to the client
      Establish trust in client	Specifies whether the J2EE Engine authenticates the client. Choose between: required - the J2EE Engine accepts connections only from clients who successfully authenticate in the handshake supported - the J2EE Engine provides options for client authentication none - the J2EE Engine does not support client authentication Choose the Configure authentication layer option to describe the authentication context. Specify the values of the following properties: Property Description Authentication method Specifies whether an authentication context will be used. Choose between: username_password - the client must specify a username and password when logging on none - the authentication context will not be used; authentication using transport level(s) or identity assertion will be used instead Realm The name of the realm to which the specified username and password apply if the authentication mechanism is used. Choose between: default - the username and password apply to the whole realm none - the username and password do not apply to the current realm Required Use this option to specify whether this authentication method is required or optional. Choose the Configure security attribute layer option to specify whether the security mechanism supports identity assertion or authorization attributes delivered in service context. Specify the value of the following property: Property Description Caller propagation Choose between: Required - the J2EE Engine accepts delegation tokens that indicate who has been endorsed to assert an identity, and requires a delegation token that endorses the J2EE Engine as the proxy for the client Supported - the J2EE Engine accepts delegation tokens that indicate who has been endorsed to assert an identity None - the J2EE Engine does not support identity assertion; the client identity will be obtained from the authentication layer(s)

These security settings are stored in the <ior-security-config> element in the deployment descriptor.