rmi-iiop/security support

bonoc Jan 17, 2005 2:21 PM

I know that 3.2.x doesn't support CSIv2. But I believe that 4.0.x does - correct? We are stuck on 3.2.3 for now. I am using IIOP.NET to connect a C# client to our secured ejbs (and there lies the problem). I need to somehow get security working. I know I can write an EJB interceptor that extracts the user/pass out of some "piggy-backed" data (such as for WebSservices we stuff in soap header). Where can I write extra "header" data on each call so that I can extract it and manually authenticate?

Thanks,
Chris

1. Re: rmi-iiop/security support

reverbel Jan 17, 2005 4:18 PM (in response to bonoc)

Yes, 4.0.x implements CSIv2.

The way to piggy-back contextual data into IIOP requests is via CORBA portable interceptors. You need a "matched pair" of request interceptors (one at the client side, the other at the server side).

Look at what has been done in 4.0.x. The CSIv2 code is in iiop/src/main/org/jboss/iiop/csiv2. It should not be hard to backport it to 3.2.x.

I have no idea about what you can do at the client side. I don't know if IIOP.NET has something like portable interceptors or not.

Regards,

Francisco
Actions