1 Reply Latest reply on Jan 17, 2005 4:18 PM by Francisco Reverbel

    rmi-iiop/security support

    chris bono Newbie

      I know that 3.2.x doesn't support CSIv2. But I believe that 4.0.x does - correct? We are stuck on 3.2.3 for now. I am using IIOP.NET to connect a C# client to our secured ejbs (and there lies the problem). I need to somehow get security working. I know I can write an EJB interceptor that extracts the user/pass out of some "piggy-backed" data (such as for WebSservices we stuff in soap header). Where can I write extra "header" data on each call so that I can extract it and manually authenticate?

      Thanks,
      Chris

        • 1. Re: rmi-iiop/security support
          Francisco Reverbel Novice

          Yes, 4.0.x implements CSIv2.

          The way to piggy-back contextual data into IIOP requests is via CORBA portable interceptors. You need a "matched pair" of request interceptors (one at the client side, the other at the server side).

          Look at what has been done in 4.0.x. The CSIv2 code is in iiop/src/main/org/jboss/iiop/csiv2. It should not be hard to backport it to 3.2.x.

          I have no idea about what you can do at the client side. I don't know if IIOP.NET has something like portable interceptors or not.

          Regards,

          Francisco