background image

CSIv2 authentication service

<< Configuring IOR Security | Deploying Secure Enterprise Beans >>
<< Configuring IOR Security | Deploying Secure Enterprise Beans >>

CSIv2 authentication service

This is the element that describes the authentication mechanism (CSIv2 authentication
service) that will be used to authenticate the client. If specified, it will be the
username-password mechanism.
In the Duke's Bank example, the as-context setting is used to require client authentication
(with user name and password) when access to protected methods in the
AccountControllerBean
and CustomerControllerBean components is attempted.
The as-context element contains the following elements:
required
: This element specifies whether the authentication method specified is
required to be used for client authentication. Setting this field to true indicates that the
authentication method specified is required. Setting this field to false indicates that the
method authentication is not required. The element value is either true or false.
auth-method
: This element specifies the authentication method. The only supported
value is USERNAME_PASSWORD.
realm
: This element specifies the realm in which the user is authenticated. Must be a
valid realm that is registered in a server configuration.
sas-context
This element is related to the CSIv2 security attribute service. It describes the sas-context
fields.
In the Duke's Bank example, the sas-context setting is set to Supported for the
AccountBean
, CustomerBean, and TxBean components, indicating that these target
components will accept propagated caller identities.
The sas-context element contains the caller-propagation subelement. This element
indicates if the target will accept propagated caller identities. The values are NONE or
SUPPORTED
.
The following is an example that defines security for an IOR:
<sun-ejb-jar>
<enterprise-beans>
<unique-id>1</unique-id>
<ejb>
<ejb-name>HelloWorld</ejb-name>
<jndi-name>HelloWorld</jndi-name>
<ior-security-config>
<transport-config>
<integrity>NONE</integrity>
<confidentiality>NONE</confidentiality>
<establish-trust-in-target>
NONE
</establish-trust-in-target>
<establish-trust-in-client>
NONE
</establish-trust-in-client>
Securing Enterprise Beans
The Java EE 5 Tutorial · September 2007
818