Is there any update on when CSIv2 will be supported in JBoss ? It seems that JacORB 2.1 already supports it. Thanks Eugene Ivanov --------------ORIGINAL THREAD ----------------
On Fri, 29 Aug 2003, Francisco Reverbel wrote: Interoperable security for EJB invocations is not implemented yet. JBoss has security, of course, but not in an interoperable (CORBA-compliant) way. The CORBA compliant way of securing EJB invocations is based on CSIv2 (Common Secure Interoperability version 2), an OMG specification that our IIOP engine (JacORB) will support very soon. This will make it easy for us to secure EJB invocations over IIOP. As Bill said, we are planing to do this for J2EE certification. Note, however, that you will need CSIv2 support also at the client-side. Not all C++ ORBs support CSIv2. (I know MICO does it, other C++ ORBs might support CSIv2 as well.) Cheers, Francisco On Fri, 29 Aug 2003, Bill Burke wrote: > We don"t have this interoperability with CORBA and security at this > time. It is one of the things we are planning to implement once Sun > grants us the lice! nse to certification (we"re waiting patiently). > > You would have to build a bridge until then. Or you could fund > Francisco Reverbel to implement it through a JBG support contract. > > I"ll let Francisco chime in with more details. > > Bill > > Alexander Titov wrote: > > > Hello. > > > > In the section 8 (page 412-413) of the JBoss Administration and > > Development Third Edition (3.2.x Series) book it is written, that > > "Every secured EJB method invocation,... requires the authentication > > and authorization of the caller because security information is > > handled as a stateless attribute of the request that must be presented > > and validated on each request". Each client-server "invocation > > includes the method arguments passed by the client along with the user > > identity and credentials! from the client-side JAAS login performed..." > > earlier. > > > > Does it mean that JBoss RMI implementation is proprietary? Where it is > > possible to read about this implementation details? > > > > My problem is the following - I have CORBA client, which should make > > EJB calls to JBoss container. Definitely I have to secure these > > invocations. How should I pack the security information? Is there any > > samples of such interoperability? > > > > -- > ================ > Bill Burke > Chief Architect > JBoss Group LLC. > ================ > > View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3835873#3835873 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3835873 ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
