9:21 a.m.
[
https://jira.jboss.org/browse/JBAS-8169?page=com.atlassian.jira.plugin.sy...
]
Stefan Guilhen closed JBAS-8169.
--------------------------------
Resolution: Done
Default IOR security settings can now be set in CorbaORBService directly. This is how it
is done in EAP4 and EAP5:
<mbean code="org.jboss.iiop.CorbaORBService"
name="jboss:service=CorbaORB">
<attribute name="ORBClass">org.jacorb.orb.ORB</attribute>
....
<attribute name="DefaultIORSecurityConfig">
<ior-security-config>
<transport-config>
<integrity>supported</integrity>
<confidentiality>supported</confidentiality>
<establish-trust-in-target>supported</establish-trust-in-target>
<establish-trust-in-client>supported</establish-trust-in-client>
</transport-config>
<as-context>
<auth-method>username_password</auth-method>
<realm>default_realm</realm>
<required>true</required>
</as-context>
<sas-context>
<caller-propagation>none</caller-propagation>
</sas-context>
</ior-security-config>
</attribute>
</mbean>
As we can see, there is a new attribute, DefaultIORSecurityConfig, that can be used to
specify the default IOR settings. The sintax is the same used in the jboss.xml to specify
the IOR settings for EJBs.
The specified settings will be applied to all IORs created by JBoss AS (all EJBs that have
IIOP-enabled stubs as well as other container services that expose an IOR) and can be
overridden by the IOR settings specified in jboss.xml.
The syntax in JBoss AS 6.x is a little bit different, since the IIOP mbeans have been
converted to MC beans. This is how it is done on AS 6 (the configuration file is called
now iiop-jboss-beans.xml and replaces the old iiop-service.xml):
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<!-- ======================================================================= -->
<!-- CORBA ORB service
-->
<!-- The ORB is pluggable. This configuration uses JacORB.
-->
<!-- ======================================================================= -->
<bean name="CorbaORBService"
class="org.jboss.iiop.CorbaORBService">
<annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss:service=CorbaORB",
exposedInterface=org.jboss.iiop.CorbaORBServiceMBean)</annotation>
....
<property name="defaultIORSecurityConfig"><inject
bean="DefaultIORSecurityConfig"/></property>
....
</bean>
....
<!-- ======================================================================= -->
<!-- Default IOR security settings. This can be used to specify the security
-->
<!-- settings that must inserted in the IORs of all beans and services that
-->
<!-- expose an IIOP view. To use this feature, uncomment this bean, set the
-->
<!-- appropriate values, and uncomment the defaultIORSecurityConfig property
-->
<!-- in CorbaORBService.
-->
<!-- NOTE: beans that specify IOR settings in jboss.xml will override the
-->
<!-- default security values defined here.
-->
<!-- ====================================================================== -->
<bean name="DefaultIORSecurityConfig"
class="org.jboss.metadata.IorSecurityConfigMetaData">
<property name="transportConfig">
<bean name="DefaultTransportConfig"
class="org.jboss.metadata.IorSecurityConfigMetaData$TransportConfig">
<constructor>
<parameter><null/></parameter>
<parameter name="integrity">supported</parameter>
<parameter
name="confidentiality">supported</parameter>
<parameter
name="establishTrustInTarget">none</parameter>
<parameter
name="establishTrustInClient">none</parameter>
<parameter name="detectMisordering">none</parameter>
<parameter name="detectReplay">none</parameter>
</constructor>
</bean>
</property>
<property name="asContext">
<bean name="DefaultAsContextConfig"
class="org.jboss.metadata.IorSecurityConfigMetaData$AsContext">
<constructor>
<parameter><null/></parameter>
<parameter
name="authMethod">username_password</parameter>
<parameter name="realm">default</parameter>
<parameter name="required">true</parameter>
</constructor>
</bean>
</property>
<property name="sasContext">
<bean name="DefaultSasContextConfig"
class="org.jboss.metadata.IorSecurityConfigMetaData$SasContext">
<constructor>
<parameter><null/></parameter>
<parameter name="callerPropagation"
class="java.lang.String">none</parameter>
</constructor>
</bean>
</property>
</bean>
</deployment>
As we can see, the security settings are specified as a separate bean and injected into
CorbaORBService.
Make default values of org.jboss.metadata.IorSecurityConfigMetaData
configurable
--------------------------------------------------------------------------------
Key: JBAS-8169
URL: https://jira.jboss.org/browse/JBAS-8169
Project: JBoss Application Server
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: IIOP service
Affects Versions: JBossAS-4.2.2.GA, JBossAS-5.1.0.GA, 6.0.0.M3
Reporter: Dimitris Andreadis
Assignee: Stefan Guilhen
User wants to allow the configuration of all IOR default parameters that are hard coded
in org.jboss.metadata.IorSecurityConfigMetaData ([SasContext : callerPropagation] and
[AsContext : authMethod, realm, required] and [TransportConfig : integrity,
confidentiality, detectMisordering, detectReplay, establishTrustInTarget,
establishTrustInClient]).
Mostly they want to be able to configure [AsContext : realm] and [SasContext :
callerPropagation]
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira