Communication Security for the EJB
Container
For this communication channel, communication occurs between RMI-P4, RMI-IIOP, or CORBA application servers acting as clients calling server-side remote objects such as Enterprise Java Beans (EJBs) or remote objects implementing RMI-P4 or RMI-IIOP.
Application Server to Application Server Communication Flow
By contrast to accessing the AS Java using Web applications, in this case, security management is carried out by the corresponding client or server side EJB container. The table below presents an overview of the security relevant information for each of the communication paths.
Communication Path |
Protocols Used |
Type of Data Transferred |
Available Security Protection |
Client side RMI-P4 object accessing server-side EJB or remote object |
P4 |
· Authentication information · All application data |
Secure Socket Layer (SSL)
|
Client side RMI-IIOP object accessing server-side EJB or remote object |
IIOP |
· Authentication information · All application data |
Secure Socket Layer (SSL)
|
Client side CORBA object accessing server-side EJB or remote object |
IIOP |
· Authentication information · All application data |
Secure Socket Layer (SSL)
|
EJB to persistence layer |
JDBC LDAP RFC
|
· All application data · Authentication data when accessing persistence layers or remote servers |
Driver-dependent encryption for JDBC SSL for LDAP SNC for RFC |