[jboss-jira] [JBoss JIRA] Closed: (JBAS-8169) Make default values of org.jboss.metadata.IorSecurityConfigMetaData configurable
Stefan Guilhen (JIRA)
jira-events at lists.jboss.org
Wed Sep 22 10:21:28 EDT 2010
[ https://jira.jboss.org/browse/JBAS-8169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Guilhen closed JBAS-8169.
--------------------------------
Resolution: Done
Default IOR security settings can now be set in CorbaORBService directly. This is how it is done in EAP4 and EAP5:
<mbean code="org.jboss.iiop.CorbaORBService"
name="jboss:service=CorbaORB">
<attribute name="ORBClass">org.jacorb.orb.ORB</attribute>
....
<attribute name="DefaultIORSecurityConfig">
<ior-security-config>
<transport-config>
<integrity>supported</integrity>
<confidentiality>supported</confidentiality>
<establish-trust-in-target>supported</establish-trust-in-target>
<establish-trust-in-client>supported</establish-trust-in-client>
</transport-config>
<as-context>
<auth-method>username_password</auth-method>
<realm>default_realm</realm>
<required>true</required>
</as-context>
<sas-context>
<caller-propagation>none</caller-propagation>
</sas-context>
</ior-security-config>
</attribute>
</mbean>
As we can see, there is a new attribute, DefaultIORSecurityConfig, that can be used to specify the default IOR settings. The sintax is the same used in the jboss.xml to specify the IOR settings for EJBs.
The specified settings will be applied to all IORs created by JBoss AS (all EJBs that have IIOP-enabled stubs as well as other container services that expose an IOR) and can be overridden by the IOR settings specified in jboss.xml.
The syntax in JBoss AS 6.x is a little bit different, since the IIOP mbeans have been converted to MC beans. This is how it is done on AS 6 (the configuration file is called now iiop-jboss-beans.xml and replaces the old iiop-service.xml):
<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<!-- ======================================================================= -->
<!-- CORBA ORB service -->
<!-- The ORB is pluggable. This configuration uses JacORB. -->
<!-- ======================================================================= -->
<bean name="CorbaORBService" class="org.jboss.iiop.CorbaORBService">
<annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss:service=CorbaORB", exposedInterface=org.jboss.iiop.CorbaORBServiceMBean)</annotation>
....
<property name="defaultIORSecurityConfig"><inject bean="DefaultIORSecurityConfig"/></property>
....
</bean>
....
<!-- ======================================================================= -->
<!-- Default IOR security settings. This can be used to specify the security -->
<!-- settings that must inserted in the IORs of all beans and services that -->
<!-- expose an IIOP view. To use this feature, uncomment this bean, set the -->
<!-- appropriate values, and uncomment the defaultIORSecurityConfig property -->
<!-- in CorbaORBService. -->
<!-- NOTE: beans that specify IOR settings in jboss.xml will override the -->
<!-- default security values defined here. -->
<!-- ====================================================================== -->
<bean name="DefaultIORSecurityConfig" class="org.jboss.metadata.IorSecurityConfigMetaData">
<property name="transportConfig">
<bean name="DefaultTransportConfig"
class="org.jboss.metadata.IorSecurityConfigMetaData$TransportConfig">
<constructor>
<parameter><null/></parameter>
<parameter name="integrity">supported</parameter>
<parameter name="confidentiality">supported</parameter>
<parameter name="establishTrustInTarget">none</parameter>
<parameter name="establishTrustInClient">none</parameter>
<parameter name="detectMisordering">none</parameter>
<parameter name="detectReplay">none</parameter>
</constructor>
</bean>
</property>
<property name="asContext">
<bean name="DefaultAsContextConfig"
class="org.jboss.metadata.IorSecurityConfigMetaData$AsContext">
<constructor>
<parameter><null/></parameter>
<parameter name="authMethod">username_password</parameter>
<parameter name="realm">default</parameter>
<parameter name="required">true</parameter>
</constructor>
</bean>
</property>
<property name="sasContext">
<bean name="DefaultSasContextConfig"
class="org.jboss.metadata.IorSecurityConfigMetaData$SasContext">
<constructor>
<parameter><null/></parameter>
<parameter name="callerPropagation" class="java.lang.String">none</parameter>
</constructor>
</bean>
</property>
</bean>
</deployment>
As we can see, the security settings are specified as a separate bean and injected into CorbaORBService.
> Make default values of org.jboss.metadata.IorSecurityConfigMetaData configurable
> --------------------------------------------------------------------------------
>
> Key: JBAS-8169
> URL: https://jira.jboss.org/browse/JBAS-8169
> Project: JBoss Application Server
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: IIOP service
> Affects Versions: JBossAS-4.2.2.GA, JBossAS-5.1.0.GA, 6.0.0.M3
> Reporter: Dimitris Andreadis
> Assignee: Stefan Guilhen
>
> User wants to allow the configuration of all IOR default parameters that are hard coded in org.jboss.metadata.IorSecurityConfigMetaData ([SasContext : callerPropagation] and [AsContext : authMethod, realm, required] and [TransportConfig : integrity, confidentiality, detectMisordering, detectReplay, establishTrustInTarget, establishTrustInClient]).
> Mostly they want to be able to configure [AsContext : realm] and [SasContext : callerPropagation]
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list