Hi,
Maybe you can take MagicGball as a reference. You can
get it from:
https://svn.apache.org/repos/asf/geronimo/sandbox/magicGball
MagicGball demonstrates the application client
accesses the EJBs via non-security CORBA and security
CORBA.
Hope it helpful.
Thanks
YunFeng Ma
On 2007-06-25 01:05:28, David Jencks
<[EMAIL PROTECTED]> wrote:
>
>On Jun 24, 2007, at 12:13 PM, Tero Mäntyvaara wrote:
>
>> David Jencks wrote:
>>> Please send to only one list at a time, this is
more appropriate for
>>> the user list.
>> I am really sorry, I will not do that again. :-/
>>>
>>> On Jun 21, 2007, at 7:45 AM, Tero Mäntyvaara
wrote:
>>>
>>>> Does latest G support secured (read encrypted)
connection between
>>>> server
>>>> and client?
>>>
>>> That depends on the protocol you want to use and
possibly on the
>>> version of geronimo you want to use. I'll assume
you are using
>>> geronimo 2.0 (trunk)
>> I was thinking the latest, so it will be then 2.0.
>>>
>>> web/https -- yes
>>> jaxrpc/jaxws/soap -- yes
>>> ejb using corba -- yes
>>> ejb using openejb proprietary protocol -- not
turned on by default,
>>> and I'm not sure if you can turn it on without
extra programming.
>> I was planning to use encrypted connection between
remote EJB-
>> component
>> and Java-application. So my alternatives are CORBA
and openEJB. I
>> would
>> like to use this J2EE compliant CORBA-connection.
How has this
>> en-/decryption been accomplished then?
>
>It's not clear to me if your java-application is the
client or server
>here, nor if it is running in a javaee container.
I'm going to
>assume that it is the client and is either a javaee
client
>application running in geronimo app client container
or another
>javaee application. It's possible to use corba from
a non-javaee
>application but you have to set up quite a bit of
configuration in code.
>
>I would start by looking at the examples in <geronimo
server trunk>/
>testsuite/corba-testsuite. These are all set up to
use no security,
>but you can see which objects you need to configure.
On the server
>side you need a TSSBeanGBean that specifies the
required and allowed
>security properties to use the server ejb, and on the
client side
>there's a corresponding CSSBeanGBean that specifies
what the client
>is willing to supply.
>
>There are a lot of choices. There are 3 layers
involved.
>- transport layer. You can specify unprotected, ssl,
or ssl with
>client certificate. IIRC the client certificate can
be used identify
>the client.
>- AS layer (Application Security??? I can't remember
what it stands
>for) At this layer you can specify that the client
will identify
>itself using username/password. (GSSUP)
>- SAS layer. (Security Attribute Service) If the
client is working
>on behalf of a user other than the user who is
running the client
>itself (for instance if it is a server), you can
propagate the actual
>user identity using an identity token. However the
user will not be
>reauthenticated on the server: the server will trust
that the client
>has already performed proper authentication. Note
that this is
>reasonable if e.g. you have authenticated the client
via a trusted
>client certificate and are using ssl transport.
>
>There are some schemas for the css and tss bean
configurations, corba-
>css-config-2.1.xsd and corba-tss-config-2.1.xsd. If
you have trouble
>figuring out what to specify, tell us what options
you want and we'll
>try to help come up with an appropriate
configuration.
>
>thanks
>david jencks
>
>>>
>>>
>>> thanks
>>> david jencks
>>>
>>>>
>>>>
>>>> Tero Mäntyvaara
>> Tero Mäntyvaara
>
>
>
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play
Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
